# `cdk-secret-manager-wrapper-layer`
that Lambda layer uses a wrapper script to fetch information from Secrets Manager and create environmental variables.
> idea from [source](https://github.com/aws-samples/aws-lambda-environmental-variables-from-aws-secrets-manager)
## Updates
**2025-03-02: v2.1.0**
* Added architecture parameter support for Lambda Layer
* Updated Python runtime from 3.9 to 3.13
* Fixed handler name in example code
* Improved layer initialization and referencing patterns
* Enhanced compatibility with AWS Lambda ARM64 architecture
## Example
```python
import { App, Stack, CfnOutput, Duration } from 'aws-cdk-lib';
import { Effect, PolicyStatement } from 'aws-cdk-lib/aws-iam';
import { Function, Runtime, Code, FunctionUrlAuthType, Architecture } from 'aws-cdk-lib/aws-lambda';
import { CfnSecret } from 'aws-cdk-lib/aws-secretsmanager';
import { SecretManagerWrapperLayer } from 'cdk-secret-manager-wrapper-layer';
const env = {
region: process.env.CDK_DEFAULT_REGION,
account: process.env.CDK_DEFAULT_ACCOUNT,
};
const app = new App();
const stack = new Stack(app, 'testing-stack', { env });
/**
* Example create an Secret for testing.
*/
const secret = new CfnSecret(stack, 'MySecret', {
secretString: JSON.stringify({
KEY1: 'VALUE1',
KEY2: 'VALUE2',
KEY3: 'VALUE3',
}),
});
const lambdaArchitecture = Architecture.X86_64;
const layer = new SecretManagerWrapperLayer(stack, 'SecretManagerWrapperLayer', {
lambdaArchitecture,
});
const lambda = new Function(stack, 'fn', {
runtime: Runtime.PYTHON_3_13,
code: Code.fromInline(`
import os
def handler(events, contexts):
env = {}
env['KEY1'] = os.environ.get('KEY1', 'Not Found')
env['KEY2'] = os.environ.get('KEY2', 'Not Found')
env['KEY3'] = os.environ.get('KEY3', 'Not Found')
return env
`),
handler: 'index.handler',
layers: [layer.layerVersion],
timeout: Duration.minutes(1),
/**
* you need to define this 4 environment various.
*/
environment: {
AWS_LAMBDA_EXEC_WRAPPER: '/opt/get-secrets-layer',
SECRET_REGION: stack.region,
SECRET_ARN: secret.ref,
API_TIMEOUT: '5000',
},
architecture: lambdaArchitecture,
});
/**
* Add Permission for lambda get secret value from secret manager.
*/
lambda.role!.addToPrincipalPolicy(
new PolicyStatement({
effect: Effect.ALLOW,
actions: ['secretsmanager:GetSecretValue'],
// Also you can use find from context.
resources: [secret.ref],
}),
);
/**
* For Testing.
*/
const FnUrl = lambda.addFunctionUrl({
authType: FunctionUrlAuthType.NONE,
});
new CfnOutput(stack, 'FnUrl', {
value: FnUrl.url,
});
```
## Testing
```bash
# ex: curl https://sdfghjklertyuioxcvbnmghj.lambda-url.us-east-1.on.aws/
curl ${FnUrl}
{"KEY2":"VALUE2","KEY1":"VALUE1","KEY3":"VALUE3"}
```
Raw data
{
"_id": null,
"home_page": "https://github.com/neilkuan/cdk-secret-manager-wrapper-layer.git",
"name": "cdk-secret-manager-wrapper-layer",
"maintainer": null,
"docs_url": null,
"requires_python": "~=3.9",
"maintainer_email": null,
"keywords": null,
"author": "Neil Kuan<guan840912@gmail.com>",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/34/d9/b269e4da93fb2286a2a081bf887247df141729321d5ed550e34d6174b971/cdk_secret_manager_wrapper_layer-2.1.111.tar.gz",
"platform": null,
"description": "# `cdk-secret-manager-wrapper-layer`\n\nthat Lambda layer uses a wrapper script to fetch information from Secrets Manager and create environmental variables.\n\n> idea from [source](https://github.com/aws-samples/aws-lambda-environmental-variables-from-aws-secrets-manager)\n\n## Updates\n\n**2025-03-02: v2.1.0**\n\n* Added architecture parameter support for Lambda Layer\n* Updated Python runtime from 3.9 to 3.13\n* Fixed handler name in example code\n* Improved layer initialization and referencing patterns\n* Enhanced compatibility with AWS Lambda ARM64 architecture\n\n## Example\n\n```python\nimport { App, Stack, CfnOutput, Duration } from 'aws-cdk-lib';\nimport { Effect, PolicyStatement } from 'aws-cdk-lib/aws-iam';\nimport { Function, Runtime, Code, FunctionUrlAuthType, Architecture } from 'aws-cdk-lib/aws-lambda';\nimport { CfnSecret } from 'aws-cdk-lib/aws-secretsmanager';\nimport { SecretManagerWrapperLayer } from 'cdk-secret-manager-wrapper-layer';\nconst env = {\n region: process.env.CDK_DEFAULT_REGION,\n account: process.env.CDK_DEFAULT_ACCOUNT,\n};\nconst app = new App();\nconst stack = new Stack(app, 'testing-stack', { env });\n\n/**\n * Example create an Secret for testing.\n */\nconst secret = new CfnSecret(stack, 'MySecret', {\n secretString: JSON.stringify({\n KEY1: 'VALUE1',\n KEY2: 'VALUE2',\n KEY3: 'VALUE3',\n }),\n});\n\nconst lambdaArchitecture = Architecture.X86_64;\n\nconst layer = new SecretManagerWrapperLayer(stack, 'SecretManagerWrapperLayer', {\n lambdaArchitecture,\n});\n\nconst lambda = new Function(stack, 'fn', {\n runtime: Runtime.PYTHON_3_13,\n code: Code.fromInline(`\nimport os\ndef handler(events, contexts):\n env = {}\n env['KEY1'] = os.environ.get('KEY1', 'Not Found')\n env['KEY2'] = os.environ.get('KEY2', 'Not Found')\n env['KEY3'] = os.environ.get('KEY3', 'Not Found')\n return env\n `),\n handler: 'index.handler',\n layers: [layer.layerVersion],\n timeout: Duration.minutes(1),\n /**\n * you need to define this 4 environment various.\n */\n environment: {\n AWS_LAMBDA_EXEC_WRAPPER: '/opt/get-secrets-layer',\n SECRET_REGION: stack.region,\n SECRET_ARN: secret.ref,\n API_TIMEOUT: '5000',\n },\n architecture: lambdaArchitecture,\n});\n\n/**\n * Add Permission for lambda get secret value from secret manager.\n */\nlambda.role!.addToPrincipalPolicy(\n new PolicyStatement({\n effect: Effect.ALLOW,\n actions: ['secretsmanager:GetSecretValue'],\n // Also you can use find from context.\n resources: [secret.ref],\n }),\n);\n\n/**\n * For Testing.\n */\nconst FnUrl = lambda.addFunctionUrl({\n authType: FunctionUrlAuthType.NONE,\n});\n\nnew CfnOutput(stack, 'FnUrl', {\n value: FnUrl.url,\n});\n```\n\n## Testing\n\n```bash\n# ex: curl https://sdfghjklertyuioxcvbnmghj.lambda-url.us-east-1.on.aws/\ncurl ${FnUrl}\n{\"KEY2\":\"VALUE2\",\"KEY1\":\"VALUE1\",\"KEY3\":\"VALUE3\"}\n```\n",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "cdk-secret-manager-wrapper-layer",
"version": "2.1.111",
"project_urls": {
"Homepage": "https://github.com/neilkuan/cdk-secret-manager-wrapper-layer.git",
"Source": "https://github.com/neilkuan/cdk-secret-manager-wrapper-layer.git"
},
"split_keywords": [],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "a7d0857983b8d9b39befc799d441c24a6186153a5111ba56fcbf31083a5d4c47",
"md5": "a83ad97d31bf8428678b5ef0cc933d42",
"sha256": "30e672e754d6905dfb6971cc98c3413954a161deedc37b51c0fe556a5ee42047"
},
"downloads": -1,
"filename": "cdk_secret_manager_wrapper_layer-2.1.111-py3-none-any.whl",
"has_sig": false,
"md5_digest": "a83ad97d31bf8428678b5ef0cc933d42",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "~=3.9",
"size": 41456,
"upload_time": "2025-07-12T00:40:16",
"upload_time_iso_8601": "2025-07-12T00:40:16.222768Z",
"url": "https://files.pythonhosted.org/packages/a7/d0/857983b8d9b39befc799d441c24a6186153a5111ba56fcbf31083a5d4c47/cdk_secret_manager_wrapper_layer-2.1.111-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "34d9b269e4da93fb2286a2a081bf887247df141729321d5ed550e34d6174b971",
"md5": "b29507cf8753da330841985f37ef446e",
"sha256": "5a8959c3f9cef855ba0ef684547d502bf0357b47e29ad4cec527b975a09ac764"
},
"downloads": -1,
"filename": "cdk_secret_manager_wrapper_layer-2.1.111.tar.gz",
"has_sig": false,
"md5_digest": "b29507cf8753da330841985f37ef446e",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "~=3.9",
"size": 42334,
"upload_time": "2025-07-12T00:40:19",
"upload_time_iso_8601": "2025-07-12T00:40:19.038027Z",
"url": "https://files.pythonhosted.org/packages/34/d9/b269e4da93fb2286a2a081bf887247df141729321d5ed550e34d6174b971/cdk_secret_manager_wrapper_layer-2.1.111.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-07-12 00:40:19",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "neilkuan",
"github_project": "cdk-secret-manager-wrapper-layer",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "cdk-secret-manager-wrapper-layer"
}
JSON
