Google OAuth from AWS lambda

Question

How do I securely authenticate with google service account from an AWS lambda function? I want to call some google api from AWS lambda.

Answer 1

You can store the credentials encrypted in Lambda environment variables too. You can either programmatically store or configure it in the aws console.

More details:

http://docs.aws.amazon.com/lambda/latest/dg/env_variables.html

CLI:

aws lambda create-function \
    --region us-east-1
    --function-name myTestFunction
    --zip-file fileb://path/package.zip
    --role role-arn
    --environment Variables="{LD_LIBRARY_PATH=/usr/bin/test/lib64}"
    --handler index.handler
    --runtime nodejs6.10
    --profile default

Nodejs:

http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Lambda.html

check on

Variables: {

in the below code.

To Encrypt, check on KMSKeyArn and provide your KMS Arn Value.

var params = {
  FunctionName: 'STRING_VALUE', /* required */
  DeadLetterConfig: {
    TargetArn: 'STRING_VALUE'
  },
  Description: 'STRING_VALUE',
  Environment: {
    Variables: {
      '<EnvironmentVariableName>': 'STRING_VALUE',
      /* '<EnvironmentVariableName>': ... */
    }
  },
  Handler: 'STRING_VALUE',
  KMSKeyArn: 'STRING_VALUE',
  MemorySize: 0,
  Role: 'STRING_VALUE',
  Runtime: nodejs | nodejs4.3 | nodejs6.10 | java8 | python2.7 | python3.6 | dotnetcore1.0 | nodejs4.3-edge,
  Timeout: 0,
  TracingConfig: {
    Mode: Active | PassThrough
  },
  VpcConfig: {
    SecurityGroupIds: [
      'STRING_VALUE',
      /* more items */
    ],
    SubnetIds: [
      'STRING_VALUE',
      /* more items */
    ]
  }
};
lambda.updateFunctionConfiguration(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Hope it helps.