aws-lambda-secretsmanager
Reference Documentation: | https://docs.aws.amazon.com/solutions/latest/constructs/ |
Language | Package |
---|---|
|
|
|
|
|
|
Overview
This AWS Solutions Construct implements the AWS Lambda function and AWS Secrets Manager secret with the least privileged permissions.
Here is a minimal deployable pattern definition:
Pattern Construct Props
Name | Type | Description |
---|---|---|
existingLambdaObj? |
Existing instance of Lambda Function object, providing both this and
|
|
lambdaFunctionProps? |
User provided props to override the default props for the Lambda function. |
|
secretProps? |
Optional user provided props to override the default props for Secrets Manager |
|
existingSecretObj? |
Existing instance of Secrets Manager Secret object, If this is set then the secretProps is ignored |
|
grantWriteAccess? |
|
Optional Access granted to the Lambda function for the secret. "Read" or ’ReadWrite”. Default is "Read" |
secretEnvironmentVariableName? |
|
Optional Name for the Lambda function environment variable set to the ARN of the secret. Default: SECRET_ARN. |
existingVpc? |
An optional, existing VPC into which this pattern should be deployed.
When deployed in a VPC, the Lambda function will use ENIs in the VPC to
access network resources and an Interface Endpoint will be created in
the VPC for AWS Secrets Manager. If an existing VPC is provided, the
|
|
vpcProps? |
Optional user-provided properties to override the default properties
for the new VPC. |
|
deployVpc? |
|
Whether to create a new VPC based on |
Pattern Properties
Name | Type | Description |
---|---|---|
lambdaFunction |
Returns an instance of lambda.Function created by the construct |
|
secret |
Returns an instance of secretsmanager.Secret created by the construct |
|
vpc? |
Returns an interface on the VPC used by the pattern (if any). This may be a VPC created by the pattern or the VPC supplied to the pattern constructor. |
Default settings
Out of the box implementation of the Construct without any override will set the following defaults:
AWS Lambda Function
-
Configure limited privilege access IAM role for Lambda function
-
Enable reusing connections with Keep-Alive for NodeJs Lambda function
-
Enable X-Ray Tracing
-
Set Environment Variables
-
(default) SECRET_ARN containing the ARN of the secret as return by CDK secretArn property.
-
AWS_NODEJS_CONNECTION_REUSE_ENABLED (for Node 10.x and higher functions)
-
Amazon SecretsManager Secret
-
Enable read-only access for the associated AWS Lambda Function
-
Creates a new Secret
-
(default) random name
-
(default) random value
-
-
Retain the Secret when deleting the CloudFormation stack
Architecture

Github
Go to the Github repo