# `cdk-secret-manager-wrapper-layer`
that Lambda layer uses a wrapper script to fetch information from Secrets Manager and create environmental variables.
> idea from [source](https://github.com/aws-samples/aws-lambda-environmental-variables-from-aws-secrets-manager)
## Updates
**2025-03-02: v2.1.0**
* Added architecture parameter support for Lambda Layer
* Updated Python runtime from 3.9 to 3.13
* Fixed handler name in example code
* Improved layer initialization and referencing patterns
* Enhanced compatibility with AWS Lambda ARM64 architecture
## Example
```python
import { App, Stack, CfnOutput, Duration } from 'aws-cdk-lib';
import { Effect, PolicyStatement } from 'aws-cdk-lib/aws-iam';
import { Function, Runtime, Code, FunctionUrlAuthType, Architecture } from 'aws-cdk-lib/aws-lambda';
import { CfnSecret } from 'aws-cdk-lib/aws-secretsmanager';
import { SecretManagerWrapperLayer } from 'cdk-secret-manager-wrapper-layer';
const env = {
region: process.env.CDK_DEFAULT_REGION,
account: process.env.CDK_DEFAULT_ACCOUNT,
};
const app = new App();
const stack = new Stack(app, 'testing-stack', { env });
/**
* Example create an Secret for testing.
*/
const secret = new CfnSecret(stack, 'MySecret', {
secretString: JSON.stringify({
KEY1: 'VALUE1',
KEY2: 'VALUE2',
KEY3: 'VALUE3',
}),
});
const lambdaArchitecture = Architecture.X86_64;
const layer = new SecretManagerWrapperLayer(stack, 'SecretManagerWrapperLayer', {
lambdaArchitecture,
});
const lambda = new Function(stack, 'fn', {
runtime: Runtime.PYTHON_3_13,
code: Code.fromInline(`
import os
def handler(events, contexts):
env = {}
env['KEY1'] = os.environ.get('KEY1', 'Not Found')
env['KEY2'] = os.environ.get('KEY2', 'Not Found')
env['KEY3'] = os.environ.get('KEY3', 'Not Found')
return env
`),
handler: 'index.handler',
layers: [layer.layerVersion],
timeout: Duration.minutes(1),
/**
* you need to define this 4 environment various.
*/
environment: {
AWS_LAMBDA_EXEC_WRAPPER: '/opt/get-secrets-layer',
SECRET_REGION: stack.region,
SECRET_ARN: secret.ref,
API_TIMEOUT: '5000',
},
architecture: lambdaArchitecture,
});
/**
* Add Permission for lambda get secret value from secret manager.
*/
lambda.role!.addToPrincipalPolicy(
new PolicyStatement({
effect: Effect.ALLOW,
actions: ['secretsmanager:GetSecretValue'],
// Also you can use find from context.
resources: [secret.ref],
}),
);
/**
* For Testing.
*/
const FnUrl = lambda.addFunctionUrl({
authType: FunctionUrlAuthType.NONE,
});
new CfnOutput(stack, 'FnUrl', {
value: FnUrl.url,
});
```
## Testing
```bash
# ex: curl https://sdfghjklertyuioxcvbnmghj.lambda-url.us-east-1.on.aws/
curl ${FnUrl}
{"KEY2":"VALUE2","KEY1":"VALUE1","KEY3":"VALUE3"}
```
Raw data
{
"_id": null,
"home_page": "https://github.com/neilkuan/cdk-secret-manager-wrapper-layer.git",
"name": "cdk-secret-manager-wrapper-layer",
"maintainer": null,
"docs_url": null,
"requires_python": "~=3.9",
"maintainer_email": null,
"keywords": null,
"author": "Neil Kuan<guan840912@gmail.com>",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/ee/38/d2703a27368a57b3f764b6c82024fbd81ebc3152c04958f5184b9293c50b/cdk_secret_manager_wrapper_layer-2.1.158.tar.gz",
"platform": null,
"description": "# `cdk-secret-manager-wrapper-layer`\n\nthat Lambda layer uses a wrapper script to fetch information from Secrets Manager and create environmental variables.\n\n> idea from [source](https://github.com/aws-samples/aws-lambda-environmental-variables-from-aws-secrets-manager)\n\n## Updates\n\n**2025-03-02: v2.1.0**\n\n* Added architecture parameter support for Lambda Layer\n* Updated Python runtime from 3.9 to 3.13\n* Fixed handler name in example code\n* Improved layer initialization and referencing patterns\n* Enhanced compatibility with AWS Lambda ARM64 architecture\n\n## Example\n\n```python\nimport { App, Stack, CfnOutput, Duration } from 'aws-cdk-lib';\nimport { Effect, PolicyStatement } from 'aws-cdk-lib/aws-iam';\nimport { Function, Runtime, Code, FunctionUrlAuthType, Architecture } from 'aws-cdk-lib/aws-lambda';\nimport { CfnSecret } from 'aws-cdk-lib/aws-secretsmanager';\nimport { SecretManagerWrapperLayer } from 'cdk-secret-manager-wrapper-layer';\nconst env = {\n region: process.env.CDK_DEFAULT_REGION,\n account: process.env.CDK_DEFAULT_ACCOUNT,\n};\nconst app = new App();\nconst stack = new Stack(app, 'testing-stack', { env });\n\n/**\n * Example create an Secret for testing.\n */\nconst secret = new CfnSecret(stack, 'MySecret', {\n secretString: JSON.stringify({\n KEY1: 'VALUE1',\n KEY2: 'VALUE2',\n KEY3: 'VALUE3',\n }),\n});\n\nconst lambdaArchitecture = Architecture.X86_64;\n\nconst layer = new SecretManagerWrapperLayer(stack, 'SecretManagerWrapperLayer', {\n lambdaArchitecture,\n});\n\nconst lambda = new Function(stack, 'fn', {\n runtime: Runtime.PYTHON_3_13,\n code: Code.fromInline(`\nimport os\ndef handler(events, contexts):\n env = {}\n env['KEY1'] = os.environ.get('KEY1', 'Not Found')\n env['KEY2'] = os.environ.get('KEY2', 'Not Found')\n env['KEY3'] = os.environ.get('KEY3', 'Not Found')\n return env\n `),\n handler: 'index.handler',\n layers: [layer.layerVersion],\n timeout: Duration.minutes(1),\n /**\n * you need to define this 4 environment various.\n */\n environment: {\n AWS_LAMBDA_EXEC_WRAPPER: '/opt/get-secrets-layer',\n SECRET_REGION: stack.region,\n SECRET_ARN: secret.ref,\n API_TIMEOUT: '5000',\n },\n architecture: lambdaArchitecture,\n});\n\n/**\n * Add Permission for lambda get secret value from secret manager.\n */\nlambda.role!.addToPrincipalPolicy(\n new PolicyStatement({\n effect: Effect.ALLOW,\n actions: ['secretsmanager:GetSecretValue'],\n // Also you can use find from context.\n resources: [secret.ref],\n }),\n);\n\n/**\n * For Testing.\n */\nconst FnUrl = lambda.addFunctionUrl({\n authType: FunctionUrlAuthType.NONE,\n});\n\nnew CfnOutput(stack, 'FnUrl', {\n value: FnUrl.url,\n});\n```\n\n## Testing\n\n```bash\n# ex: curl https://sdfghjklertyuioxcvbnmghj.lambda-url.us-east-1.on.aws/\ncurl ${FnUrl}\n{\"KEY2\":\"VALUE2\",\"KEY1\":\"VALUE1\",\"KEY3\":\"VALUE3\"}\n```\n",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "cdk-secret-manager-wrapper-layer",
"version": "2.1.158",
"project_urls": {
"Homepage": "https://github.com/neilkuan/cdk-secret-manager-wrapper-layer.git",
"Source": "https://github.com/neilkuan/cdk-secret-manager-wrapper-layer.git"
},
"split_keywords": [],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "00746e1fbea348aa2682e508dca5152205968ab761e4074c0fa77e02c173b53f",
"md5": "d79453d2b908427493b2d91fa944c1bf",
"sha256": "08675dc6a933ce64743b32802992ca1046cc2fa9fcb7a2d4c45dbc1ba20c5657"
},
"downloads": -1,
"filename": "cdk_secret_manager_wrapper_layer-2.1.158-py3-none-any.whl",
"has_sig": false,
"md5_digest": "d79453d2b908427493b2d91fa944c1bf",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "~=3.9",
"size": 41463,
"upload_time": "2025-09-16T00:33:44",
"upload_time_iso_8601": "2025-09-16T00:33:44.196065Z",
"url": "https://files.pythonhosted.org/packages/00/74/6e1fbea348aa2682e508dca5152205968ab761e4074c0fa77e02c173b53f/cdk_secret_manager_wrapper_layer-2.1.158-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "ee38d2703a27368a57b3f764b6c82024fbd81ebc3152c04958f5184b9293c50b",
"md5": "6594b06ed94679b32c53d57783ee896c",
"sha256": "9e4f1ae34feb16509ed0d1473ce4cf15beaf5fecff9c2ce8b18b6576047e8bda"
},
"downloads": -1,
"filename": "cdk_secret_manager_wrapper_layer-2.1.158.tar.gz",
"has_sig": false,
"md5_digest": "6594b06ed94679b32c53d57783ee896c",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "~=3.9",
"size": 42352,
"upload_time": "2025-09-16T00:33:46",
"upload_time_iso_8601": "2025-09-16T00:33:46.398006Z",
"url": "https://files.pythonhosted.org/packages/ee/38/d2703a27368a57b3f764b6c82024fbd81ebc3152c04958f5184b9293c50b/cdk_secret_manager_wrapper_layer-2.1.158.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-09-16 00:33:46",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "neilkuan",
"github_project": "cdk-secret-manager-wrapper-layer",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "cdk-secret-manager-wrapper-layer"
}
JSON
