lambda-config
v0.0.4
Published
Helps to load config data for your AWS Lambdas from string, local file or url. Uses AWS KMS to decrypt config tokens.
Downloads
40
Readme
Usage
Contents of your config file, for example config.json
:
{
"appSettings": {
"DBConfig": {
"user": { "_encryptedTextBlob_": "AQECAHhEJQBbQ8N+ .... some b64 encoded encrypted text blob" },
"password": { "_encryptedTextBlob_": "AQECAHhEJQBbQ8N+ .... some b64 encoded encrypted text blob" },
"server": "some-server",
"database": "some-database"
}
}
}
// or to minimise rountrips to KMS, better encrypt whole section
{
"appSettings": {
"DBConfig": {
"_encryptedTextBlob_": "AQECAHhEJQBbQ8N+ .... some b64 encoded encrypted text blob" }
"server": "some-server",
"database": "some-database"
}
}
}
Strings must be encrypted using AWS Key Management Service and your lambda execution role should have kms:Decrypt
permissions to use the key.
Store config.json
locally and include it in your lambda package, or upload it to a public hosting service like AWS S3.
Load config.json
as follows:
var cfg = require('lambda-config');
cfg.loadFromFile("local-path-or-url-to-config.json", function (err, config) {
if (err) {
console.log(err, err.stack); // an error occurred
}
else {
console.log(config);
}
}, "your-aws-region");
Note that if your KMS encryption key is in the same region as the lambda you don't need to pass the region since process.env['AWS_DEFAULT_REGION']
will be used.
If they are in different regions and you don't pass region parameter, key will be looked for in us-east-1 region.
You can also load configuration json from another source file. For example, you can have file rootConfig.json
with the following contents:
{
"appSettings": {
"_loadFrom_": "./config.json"
}
}
// and then use it same way as above:
var cfg = require('lambda-config');
cfg.loadFromFile("local-path-or-url-to-rootConfig.json", function (err, config) {
...
});
// in this case, config object should have the following structure
{
"appSettings": {
"DBConfig": {
"user": "some-decrypted-username",
"password": "some-decrypted-password",
"server": "some-server",
"database": "some-database"
}
}
}
You can also use the loadFromString
method with configuration json string:
var cfg = require('lambda-config');
cfg.loadFromString("some-configuration-json-string", function (err, config) {
...
});
or call loadFromObject
:
var cfgSource = { _loadFrom_: "./path-to-file" }
cfg.loadFromObject(cfgSource, function (err, config) {
...
});
If you have mixed section with _loadFrom_
or _encryptedTextBlob_
and regular fields, all will be merged together in a resulting object:
// userConfig.json
{
"user": "some-user",
"password": "some-password"
}
// rootConfig.json
{
"appSettings": {
"_loadFrom_": "./userConfig.json",
"server": "some-server"
}
}
// calling loadFromFile with "./rootConfig.json" as a parameter will return the following
{
"appSettings": {
"user": "some-user",
"password": "some-password",
"server": "some-server"
}
}
Note that you may need to flatten your dependencies folder before publishing to AWS Lambda to avoid the path character limit.