AWS Secrets Manager and Lambda

Thank you! I’m glad you found it helpful😄

Thank you! I hope this video will help you with your project :D

Thank you! 😄

@@EndreSynnes i struggled for 1.5 days and after that I saw your video
My reaction: Boom there is a solution 😊😊 💐

I’m glad it was helpful😄 By the way, I will make a new video about the Lambda Extensions API which which introduces a new way of communicating with AWS Parameter Store from a Lambda function. This may be something you want to look into as well😊 aws.amazon.com/blogs/compute/using-the-aws-parameter-and-secrets-lambda-extension-to-cache-parameters-and-secrets/

Thank you for the question 😄
Just to clarify, I'm no security expert, but I think that the secret_name is not sensitive information. Secrets stored in AWS Secrets Manager are not accessible unless you specifically give applications or users access to them, using IAM policies. You can of course store the secret_name in an environment variable that's accessible for your Lambda function (which you probably should anyways). That way it's not hard coded in your function code. The reason I hard coded the secret_name in the function code, was just for simplicity’s sake.
The ARN of an AWS secret on the other hand, does contain your AWS account ID, and that’s maybe something you don’t want to share with the world. Then again, it’s not like sharing the account ID would give an attacker direct access your AWS account. But as a rule of thumb maybe not share the ARN when it contains your account ID.

Hi :)
Thank you so much!
Regarding your question. I wonder why you would need to encrypt the code itself? Since only people with access to your AWS account will be able to read the code (unless you store it in a public git repository, but that's another issue). As to if it is possible, I haven't seen a way to do this so my guess is that it's not possible, but I could be wrong.
I hope this was helpful, but please let me know if I may have misunderstood! :)

Hi 😄
Yes that is possible. You can use Resource permissions in the Secret configuration to allow access to different accounts and I think even to specific IAM roles in that account. This could be a topic for a new video, but for now I hope these resources can help you! 😄
Attaching permissions Policy to secrets: docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-policies.html
Example of an permission policy: docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html

Thank you! 😄
So, if I understand correctly you need help writing a lambda function that can be used for Key rotation in AWS Secrets Manager? I can for sure make a video about that 😄

@@EndreSynnes yes pls, thank you!

Hi 😄
The API_URL is just the URL for an API that I had created for this demo. It was just an example API that required an API key, and it don't exist anymore on that URL anymore.
The BIRD_ID (I guess that's what you ment by "BIRD_API") is just a query parameter the api required me to provide. Again this was just for demo purposes, so your API may not need a query parameter. The important takeaway here is just how to make use of Secrets Manager store sensitive information such as API keys, as well as how to retrieve them 😊
I hope this was helpful, if it didn't answer your question please let me know😄

Hi, In this video I retrieve the secret as a json object, containing both the key and value. Then I pass the whole json object as http headers in the http request later on in the video. Therefor never extracting just the value.
I hope this answered your question? Sorry for the late reply 😅