# `cdk-secret-manager-wrapper-layer`
that Lambda layer uses a wrapper script to fetch information from Secrets Manager and create environmental variables.
> idea from [source](https://github.com/aws-samples/aws-lambda-environmental-variables-from-aws-secrets-manager)
## Example
```python
import { App, Stack, CfnOutput, Duration } from 'aws-cdk-lib';
import { Effect, PolicyStatement } from 'aws-cdk-lib/aws-iam';
import { Function, Runtime, Code, FunctionUrlAuthType } from 'aws-cdk-lib/aws-lambda';
import { CfnSecret } from 'aws-cdk-lib/aws-secretsmanager';
import { SecretManagerWrapperLayer } from 'cdk-secret-manager-wrapper-layer';
const env = {
region: process.env.CDK_DEFAULT_REGION,
account: process.env.CDK_DEFAULT_ACCOUNT,
};
const app = new App();
const stack = new Stack(app, 'testing-stack', { env });
/**
* Example create an Secret for testing.
*/
const secret = new CfnSecret(stack, 'Mysecret', {
secretString: JSON.stringify({
KEY1: 'VALUE1',
KEY2: 'VALUE2',
KEY3: 'VALUE3',
}),
});
const layer = new SecretManagerWrapperLayer(stack, 'SecretManagerWrapperLayer');
const lambda = new Function(stack, 'fn', {
runtime: Runtime.PYTHON_3_9,
code: Code.fromInline(`
import os
def hander(events, contexts):
env = {}
env['KEY1'] = os.environ.get('KEY1', 'Not Found')
env['KEY2'] = os.environ.get('KEY2', 'Not Found')
env['KEY3'] = os.environ.get('KEY3', 'Not Found')
return env
`),
handler: 'index.hander',
layers: [layer],
timeout: Duration.minutes(1),
/**
* you need to define this 4 environment various.
*/
environment: {
AWS_LAMBDA_EXEC_WRAPPER: '/opt/get-secrets-layer',
SECRET_REGION: stack.region,
SECRET_ARN: secret.ref,
API_TIMEOUT: '5000',
},
});
/**
* Add Permission for lambda get secret value from secret manager.
*/
lambda.role!.addToPrincipalPolicy(
new PolicyStatement({
effect: Effect.ALLOW,
actions: ['secretsmanager:GetSecretValue'],
// Also you can use find from context.
resources: [secret.ref],
}),
);
/**
* For Testing.
*/
const FnUrl = lambda.addFunctionUrl({
authType: FunctionUrlAuthType.NONE,
});
new CfnOutput(stack, 'FnUrl', {
value: FnUrl.url,
});
```
## Testing
```bash
# ex: curl https://sdfghjklertyuioxcvbnmghj.lambda-url.us-east-1.on.aws/
curl ${FnUrl}
{"KEY2":"VALUE2","KEY1":"VALUE1","KEY3":"VALUE3"}
```
Raw data
{
"_id": null,
"home_page": "https://github.com/neilkuan/cdk-secret-manager-wrapper-layer.git",
"name": "cdk-secret-manager-wrapper-layer",
"maintainer": null,
"docs_url": null,
"requires_python": "~=3.8",
"maintainer_email": null,
"keywords": null,
"author": "Neil Kuan<guan840912@gmail.com>",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/df/ec/75ad6480641d0e182eae59ffd3348e68b7aa2c8e1c08e161841e69d36fab/cdk-secret-manager-wrapper-layer-2.0.617.tar.gz",
"platform": null,
"description": "# `cdk-secret-manager-wrapper-layer`\n\nthat Lambda layer uses a wrapper script to fetch information from Secrets Manager and create environmental variables.\n\n> idea from [source](https://github.com/aws-samples/aws-lambda-environmental-variables-from-aws-secrets-manager)\n\n## Example\n\n```python\nimport { App, Stack, CfnOutput, Duration } from 'aws-cdk-lib';\nimport { Effect, PolicyStatement } from 'aws-cdk-lib/aws-iam';\nimport { Function, Runtime, Code, FunctionUrlAuthType } from 'aws-cdk-lib/aws-lambda';\nimport { CfnSecret } from 'aws-cdk-lib/aws-secretsmanager';\nimport { SecretManagerWrapperLayer } from 'cdk-secret-manager-wrapper-layer';\nconst env = {\n region: process.env.CDK_DEFAULT_REGION,\n account: process.env.CDK_DEFAULT_ACCOUNT,\n};\nconst app = new App();\nconst stack = new Stack(app, 'testing-stack', { env });\n\n/**\n * Example create an Secret for testing.\n */\nconst secret = new CfnSecret(stack, 'Mysecret', {\n secretString: JSON.stringify({\n KEY1: 'VALUE1',\n KEY2: 'VALUE2',\n KEY3: 'VALUE3',\n }),\n});\n\nconst layer = new SecretManagerWrapperLayer(stack, 'SecretManagerWrapperLayer');\n\nconst lambda = new Function(stack, 'fn', {\n runtime: Runtime.PYTHON_3_9,\n code: Code.fromInline(`\nimport os\ndef hander(events, contexts):\n env = {}\n env['KEY1'] = os.environ.get('KEY1', 'Not Found')\n env['KEY2'] = os.environ.get('KEY2', 'Not Found')\n env['KEY3'] = os.environ.get('KEY3', 'Not Found')\n return env\n `),\n handler: 'index.hander',\n layers: [layer],\n timeout: Duration.minutes(1),\n /**\n * you need to define this 4 environment various.\n */\n environment: {\n AWS_LAMBDA_EXEC_WRAPPER: '/opt/get-secrets-layer',\n SECRET_REGION: stack.region,\n SECRET_ARN: secret.ref,\n API_TIMEOUT: '5000',\n },\n});\n\n/**\n * Add Permission for lambda get secret value from secret manager.\n */\nlambda.role!.addToPrincipalPolicy(\n new PolicyStatement({\n effect: Effect.ALLOW,\n actions: ['secretsmanager:GetSecretValue'],\n // Also you can use find from context.\n resources: [secret.ref],\n }),\n);\n\n/**\n * For Testing.\n */\nconst FnUrl = lambda.addFunctionUrl({\n authType: FunctionUrlAuthType.NONE,\n});\n\nnew CfnOutput(stack, 'FnUrl', {\n value: FnUrl.url,\n});\n```\n\n## Testing\n\n```bash\n# ex: curl https://sdfghjklertyuioxcvbnmghj.lambda-url.us-east-1.on.aws/\ncurl ${FnUrl}\n{\"KEY2\":\"VALUE2\",\"KEY1\":\"VALUE1\",\"KEY3\":\"VALUE3\"}\n```\n",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "cdk-secret-manager-wrapper-layer",
"version": "2.0.617",
"project_urls": {
"Homepage": "https://github.com/neilkuan/cdk-secret-manager-wrapper-layer.git",
"Source": "https://github.com/neilkuan/cdk-secret-manager-wrapper-layer.git"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "55ec73043450b9213e93ed224288b855d94923dabcf9d21ec109d6e9edafa5d0",
"md5": "e1bb78af278e033095182711e5aaae91",
"sha256": "e317111b42c44b24f6116e4796af9d60c568648e0dddd9edb246d6418347ac92"
},
"downloads": -1,
"filename": "cdk_secret_manager_wrapper_layer-2.0.617-py3-none-any.whl",
"has_sig": false,
"md5_digest": "e1bb78af278e033095182711e5aaae91",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "~=3.8",
"size": 36185,
"upload_time": "2024-05-11T00:26:06",
"upload_time_iso_8601": "2024-05-11T00:26:06.276612Z",
"url": "https://files.pythonhosted.org/packages/55/ec/73043450b9213e93ed224288b855d94923dabcf9d21ec109d6e9edafa5d0/cdk_secret_manager_wrapper_layer-2.0.617-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "dfec75ad6480641d0e182eae59ffd3348e68b7aa2c8e1c08e161841e69d36fab",
"md5": "aa1785e3625fc4173f102881f46161ff",
"sha256": "601cc1afaaebb01073df4ed211c042e090cadb7f2a238261b2474b6376358c9e"
},
"downloads": -1,
"filename": "cdk-secret-manager-wrapper-layer-2.0.617.tar.gz",
"has_sig": false,
"md5_digest": "aa1785e3625fc4173f102881f46161ff",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "~=3.8",
"size": 37390,
"upload_time": "2024-05-11T00:26:15",
"upload_time_iso_8601": "2024-05-11T00:26:15.617697Z",
"url": "https://files.pythonhosted.org/packages/df/ec/75ad6480641d0e182eae59ffd3348e68b7aa2c8e1c08e161841e69d36fab/cdk-secret-manager-wrapper-layer-2.0.617.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-05-11 00:26:15",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "neilkuan",
"github_project": "cdk-secret-manager-wrapper-layer",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "cdk-secret-manager-wrapper-layer"
}
JSON
