# `cdk-secret-manager-wrapper-layer`
that Lambda layer uses a wrapper script to fetch information from Secrets Manager and create environmental variables.
> idea from [source](https://github.com/aws-samples/aws-lambda-environmental-variables-from-aws-secrets-manager)
## Updates
**2025-03-02: v2.1.0**
* Added architecture parameter support for Lambda Layer
* Updated Python runtime from 3.9 to 3.13
* Fixed handler name in example code
* Improved layer initialization and referencing patterns
* Enhanced compatibility with AWS Lambda ARM64 architecture
## Example
```python
import { App, Stack, CfnOutput, Duration } from 'aws-cdk-lib';
import { Effect, PolicyStatement } from 'aws-cdk-lib/aws-iam';
import { Function, Runtime, Code, FunctionUrlAuthType, Architecture } from 'aws-cdk-lib/aws-lambda';
import { CfnSecret } from 'aws-cdk-lib/aws-secretsmanager';
import { SecretManagerWrapperLayer } from 'cdk-secret-manager-wrapper-layer';
const env = {
region: process.env.CDK_DEFAULT_REGION,
account: process.env.CDK_DEFAULT_ACCOUNT,
};
const app = new App();
const stack = new Stack(app, 'testing-stack', { env });
/**
* Example create an Secret for testing.
*/
const secret = new CfnSecret(stack, 'MySecret', {
secretString: JSON.stringify({
KEY1: 'VALUE1',
KEY2: 'VALUE2',
KEY3: 'VALUE3',
}),
});
const lambdaArchitecture = Architecture.X86_64;
const layer = new SecretManagerWrapperLayer(stack, 'SecretManagerWrapperLayer', {
lambdaArchitecture,
});
const lambda = new Function(stack, 'fn', {
runtime: Runtime.PYTHON_3_13,
code: Code.fromInline(`
import os
def handler(events, contexts):
env = {}
env['KEY1'] = os.environ.get('KEY1', 'Not Found')
env['KEY2'] = os.environ.get('KEY2', 'Not Found')
env['KEY3'] = os.environ.get('KEY3', 'Not Found')
return env
`),
handler: 'index.handler',
layers: [layer.layerVersion],
timeout: Duration.minutes(1),
/**
* you need to define this 4 environment various.
*/
environment: {
AWS_LAMBDA_EXEC_WRAPPER: '/opt/get-secrets-layer',
SECRET_REGION: stack.region,
SECRET_ARN: secret.ref,
API_TIMEOUT: '5000',
},
architecture: lambdaArchitecture,
});
/**
* Add Permission for lambda get secret value from secret manager.
*/
lambda.role!.addToPrincipalPolicy(
new PolicyStatement({
effect: Effect.ALLOW,
actions: ['secretsmanager:GetSecretValue'],
// Also you can use find from context.
resources: [secret.ref],
}),
);
/**
* For Testing.
*/
const FnUrl = lambda.addFunctionUrl({
authType: FunctionUrlAuthType.NONE,
});
new CfnOutput(stack, 'FnUrl', {
value: FnUrl.url,
});
```
## Testing
```bash
# ex: curl https://sdfghjklertyuioxcvbnmghj.lambda-url.us-east-1.on.aws/
curl ${FnUrl}
{"KEY2":"VALUE2","KEY1":"VALUE1","KEY3":"VALUE3"}
```
Raw data
{
"_id": null,
"home_page": "https://github.com/neilkuan/cdk-secret-manager-wrapper-layer.git",
"name": "cdk-secret-manager-wrapper-layer",
"maintainer": null,
"docs_url": null,
"requires_python": "~=3.9",
"maintainer_email": null,
"keywords": null,
"author": "Neil Kuan<guan840912@gmail.com>",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/57/fd/2f27711bbaa3c3db76fd0c6169e43d2a09a52f9bd767e4607b1c829f200a/cdk_secret_manager_wrapper_layer-2.1.184.tar.gz",
"platform": null,
"description": "# `cdk-secret-manager-wrapper-layer`\n\nthat Lambda layer uses a wrapper script to fetch information from Secrets Manager and create environmental variables.\n\n> idea from [source](https://github.com/aws-samples/aws-lambda-environmental-variables-from-aws-secrets-manager)\n\n## Updates\n\n**2025-03-02: v2.1.0**\n\n* Added architecture parameter support for Lambda Layer\n* Updated Python runtime from 3.9 to 3.13\n* Fixed handler name in example code\n* Improved layer initialization and referencing patterns\n* Enhanced compatibility with AWS Lambda ARM64 architecture\n\n## Example\n\n```python\nimport { App, Stack, CfnOutput, Duration } from 'aws-cdk-lib';\nimport { Effect, PolicyStatement } from 'aws-cdk-lib/aws-iam';\nimport { Function, Runtime, Code, FunctionUrlAuthType, Architecture } from 'aws-cdk-lib/aws-lambda';\nimport { CfnSecret } from 'aws-cdk-lib/aws-secretsmanager';\nimport { SecretManagerWrapperLayer } from 'cdk-secret-manager-wrapper-layer';\nconst env = {\n region: process.env.CDK_DEFAULT_REGION,\n account: process.env.CDK_DEFAULT_ACCOUNT,\n};\nconst app = new App();\nconst stack = new Stack(app, 'testing-stack', { env });\n\n/**\n * Example create an Secret for testing.\n */\nconst secret = new CfnSecret(stack, 'MySecret', {\n secretString: JSON.stringify({\n KEY1: 'VALUE1',\n KEY2: 'VALUE2',\n KEY3: 'VALUE3',\n }),\n});\n\nconst lambdaArchitecture = Architecture.X86_64;\n\nconst layer = new SecretManagerWrapperLayer(stack, 'SecretManagerWrapperLayer', {\n lambdaArchitecture,\n});\n\nconst lambda = new Function(stack, 'fn', {\n runtime: Runtime.PYTHON_3_13,\n code: Code.fromInline(`\nimport os\ndef handler(events, contexts):\n env = {}\n env['KEY1'] = os.environ.get('KEY1', 'Not Found')\n env['KEY2'] = os.environ.get('KEY2', 'Not Found')\n env['KEY3'] = os.environ.get('KEY3', 'Not Found')\n return env\n `),\n handler: 'index.handler',\n layers: [layer.layerVersion],\n timeout: Duration.minutes(1),\n /**\n * you need to define this 4 environment various.\n */\n environment: {\n AWS_LAMBDA_EXEC_WRAPPER: '/opt/get-secrets-layer',\n SECRET_REGION: stack.region,\n SECRET_ARN: secret.ref,\n API_TIMEOUT: '5000',\n },\n architecture: lambdaArchitecture,\n});\n\n/**\n * Add Permission for lambda get secret value from secret manager.\n */\nlambda.role!.addToPrincipalPolicy(\n new PolicyStatement({\n effect: Effect.ALLOW,\n actions: ['secretsmanager:GetSecretValue'],\n // Also you can use find from context.\n resources: [secret.ref],\n }),\n);\n\n/**\n * For Testing.\n */\nconst FnUrl = lambda.addFunctionUrl({\n authType: FunctionUrlAuthType.NONE,\n});\n\nnew CfnOutput(stack, 'FnUrl', {\n value: FnUrl.url,\n});\n```\n\n## Testing\n\n```bash\n# ex: curl https://sdfghjklertyuioxcvbnmghj.lambda-url.us-east-1.on.aws/\ncurl ${FnUrl}\n{\"KEY2\":\"VALUE2\",\"KEY1\":\"VALUE1\",\"KEY3\":\"VALUE3\"}\n```\n",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "cdk-secret-manager-wrapper-layer",
"version": "2.1.184",
"project_urls": {
"Homepage": "https://github.com/neilkuan/cdk-secret-manager-wrapper-layer.git",
"Source": "https://github.com/neilkuan/cdk-secret-manager-wrapper-layer.git"
},
"split_keywords": [],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "b426089773508faaf8d918937285df8671d68d1c3b7d3642174b2d65232a6231",
"md5": "12a269e8cf31ac2f9df6c1e521866e4b",
"sha256": "950d83ac7334db705ac3793328d10d23b8543c51acf3157ac398cc586f4d66e3"
},
"downloads": -1,
"filename": "cdk_secret_manager_wrapper_layer-2.1.184-py3-none-any.whl",
"has_sig": false,
"md5_digest": "12a269e8cf31ac2f9df6c1e521866e4b",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "~=3.9",
"size": 41466,
"upload_time": "2025-10-17T00:35:18",
"upload_time_iso_8601": "2025-10-17T00:35:18.909879Z",
"url": "https://files.pythonhosted.org/packages/b4/26/089773508faaf8d918937285df8671d68d1c3b7d3642174b2d65232a6231/cdk_secret_manager_wrapper_layer-2.1.184-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "57fd2f27711bbaa3c3db76fd0c6169e43d2a09a52f9bd767e4607b1c829f200a",
"md5": "a45ca57ed5fed557715645efdd061fc4",
"sha256": "a89862a28311dad2a3a719286524950af56ef7cd295c1c7181c7f189346d59f0"
},
"downloads": -1,
"filename": "cdk_secret_manager_wrapper_layer-2.1.184.tar.gz",
"has_sig": false,
"md5_digest": "a45ca57ed5fed557715645efdd061fc4",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "~=3.9",
"size": 42351,
"upload_time": "2025-10-17T00:35:21",
"upload_time_iso_8601": "2025-10-17T00:35:21.695034Z",
"url": "https://files.pythonhosted.org/packages/57/fd/2f27711bbaa3c3db76fd0c6169e43d2a09a52f9bd767e4607b1c829f200a/cdk_secret_manager_wrapper_layer-2.1.184.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-10-17 00:35:21",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "neilkuan",
"github_project": "cdk-secret-manager-wrapper-layer",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "cdk-secret-manager-wrapper-layer"
}
JSON
