npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2022 – Pkg Stats / Ryan Hefner

@aws-solutions-constructs/aws-lambda-secretsmanager

v2.8.0

Published

CDK constructs for defining an interaction between an AWS Lambda function and AWS Secrets Manager.

Downloads

828

Readme

aws-lambda-secretsmanager module


Stability: Experimental

All classes are under active development and subject to non-backward compatible changes or removal in any future version. These are not subject to the Semantic Versioning model. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.


| Reference Documentation:| https://docs.aws.amazon.com/solutions/latest/constructs/| |:-------------|:-------------|

| Language | Package | |:-------------|-----------------| |Python Logo Python|aws_solutions_constructs.aws_lambda_secretsmanager| |Typescript Logo Typescript|@aws-solutions-constructs/aws-lambda-secretsmanager| |Java Logo Java|software.amazon.awsconstructs.services.lambdasecretsmanager|

This AWS Solutions Construct implements the AWS Lambda function and AWS Secrets Manager secret with the least privileged permissions.

Here is a minimal deployable pattern definition:

Typescript

import { Construct } from 'constructs';
import { Stack, StackProps } from 'aws-cdk-lib';
import { LambdaToSecretsmanagerProps, LambdaToSecretsmanager } from '@aws-solutions-constructs/aws-lambda-secretsmanager';
import * as lambda from 'aws-cdk-lib/aws-lambda';

const constructProps: LambdaToSecretsmanagerProps = {
  lambdaFunctionProps: {
    runtime: lambda.Runtime.NODEJS_14_X,
    code: lambda.Code.fromAsset(`lambda`),
    handler: 'index.handler'
  },
};

new LambdaToSecretsmanager(this, 'test-lambda-secretsmanager-stack', constructProps);

Python

from aws_solutions_constructs.aws_lambda_secretsmanager import LambdaToSecretsmanagerProps, LambdaToSecretsmanager
from aws_cdk import (
    aws_lambda as _lambda,
    Stack
)
from constructs import Construct


LambdaToSecretsmanager(
    self, 'test-lambda-secretsmanager-stack',
    lambda_function_props=_lambda.FunctionProps(
        code=_lambda.Code.from_asset('lambda'),
        runtime=_lambda.Runtime.PYTHON_3_9,
        handler='index.handler'
    )
)

Java

import software.constructs.Construct;

import software.amazon.awscdk.Stack;
import software.amazon.awscdk.StackProps;
import software.amazon.awscdk.services.lambda.*;
import software.amazon.awscdk.services.lambda.Runtime;
import software.amazon.awsconstructs.services.lambdasecretsmanager.*;

new LambdaToSecretsmanager(this, "test-lambda-secretsmanager-stack", new LambdaToSecretsmanagerProps.Builder()
        .lambdaFunctionProps(new FunctionProps.Builder()
                .runtime(Runtime.NODEJS_14_X)
                .code(Code.fromAsset("lambda"))
                .handler("index.handler")
                .build())
        .build());

Pattern Construct Props

| Name | Type | Description | |:-------------|:----------------|-----------------| |existingLambdaObj?|lambda.Function|Existing instance of Lambda Function object, providing both this and lambdaFunctionProps will cause an error.| |lambdaFunctionProps?|lambda.FunctionProps|User provided props to override the default props for the Lambda function.| |secretProps?|secretsmanager.SecretProps|Optional user provided props to override the default props for Secrets Manager| |existingSecretObj?|secretsmanager.Secret|Existing instance of Secrets Manager Secret object, If this is set then the secretProps is ignored| |grantWriteAccess?|string|Optional Access granted to the Lambda function for the secret. 'Read' or 'ReadWrite". Default is "Read" |secretEnvironmentVariableName?|string|Optional Name for the Lambda function environment variable set to the ARN of the secret. Default: SECRET_ARN. | |existingVpc?|ec2.IVpc|An optional, existing VPC into which this pattern should be deployed. When deployed in a VPC, the Lambda function will use ENIs in the VPC to access network resources and an Interface Endpoint will be created in the VPC for AWS Secrets Manager. If an existing VPC is provided, the deployVpc property cannot be true. This uses ec2.IVpc to allow clients to supply VPCs that exist outside the stack using the ec2.Vpc.fromLookup() method.| |vpcProps?|ec2.VpcProps|Optional user-provided properties to override the default properties for the new VPC. enableDnsHostnames, enableDnsSupport, natGateways and subnetConfiguration are set by the pattern, so any values for those properties supplied here will be overrriden. If deployVpc is not true then this property will be ignored.| |deployVpc?|boolean|Whether to create a new VPC based on vpcProps into which to deploy this pattern. Setting this to true will deploy the minimal, most private VPC to run the pattern: One isolated subnet in each Availability Zone used by the CDK programenableDnsHostnames and enableDnsSupport will both be set to trueIf this property is true then existingVpc cannot be specified. Defaults to false.|

Pattern Properties

| Name | Type | Description | |:-------------|:----------------|-----------------| |lambdaFunction|lambda.Function|Returns an instance of lambda.Function created by the construct| |secret|secretsmanager.Secret|Returns an instance of secretsmanager.Secret created by the construct| |vpc?|ec2.IVpc|Returns an interface on the VPC used by the pattern (if any). This may be a VPC created by the pattern or the VPC supplied to the pattern constructor.|

Default settings

Out of the box implementation of the Construct without any override will set the following defaults:

AWS Lambda Function

  • Configure limited privilege access IAM role for Lambda function
  • Enable reusing connections with Keep-Alive for NodeJs Lambda function
  • Enable X-Ray Tracing
  • Set Environment Variables
    • (default) SECRET_ARN containing the ARN of the secret as return by CDK secretArn property.
    • AWS_NODEJS_CONNECTION_REUSE_ENABLED (for Node 10.x and higher functions)

Amazon SecretsManager Secret

  • Enable read-only access for the associated AWS Lambda Function
  • Creates a new Secret
    • (default) random name
    • (default) random value
  • Retain the Secret when deleting the CloudFormation stack

Architecture

Architecture Diagram


© Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.