Menu
I'm working on an AWS serverless application, I'm new to AWS so please correct any misconceptions in this question. We have around 30 lambda functions doing basic CRUD operations on a SQL database hosted in RDS. We used EntityFramework Core to create the database. This means that, in order to use the database, the lambda functions each need access to the EF connection string. I didn't want to leave the connection string in memory (it contains a plaintext password) so I put it in an encrypted environment variable.
The only way I could work out how to do this was to add an encrypted environment variable through the lambda management console GUI to every lambda function individually. This was tedious but it worked. I've now changed the solution a bit and we require a different set of lambda functions, these need environment variables adding to them too and I don't want to do it manually again.
My question:
Is there an easy way to add encrypted environment variables (or something similar) that can be accessed by all of my lambda functions? Is there a method to add them in bulk? A higher-level variable that I can use?
I have tried to find information in the Amazon docs (here for example) but had little success.
844
Serverless applications usually consist of multiple Lambda functions. Each Lambda function can use only one runtime but you can use multiple runtimes across multiple functions. This enables you to choose the best runtime for the task of the function.
In AWS Lambda, a concurrency limit determines how many function invocations can run simultaneously in one region. Each region in your AWS account has a Lambda concurrency limit. The limit applies to all functions in the same region and is set to 1000 by default.
Lambda is only concerned about getting the environment variables that it needs and it is not responsible for centrally managing environment variables.
What you would need to do is to handle your environment variables in your deployment process.
How do you currently deploy your 30 lambda functions?
If you use CodeBuild, it can access AWS EC2 Parameter Store where you can centrally store and manage your sensitive environment variables.
Other CI/CD tools also have their own way of centrally managing environment variables.
Update:
You can use the AWS EC2 Parameter Store programmatically. This means that you can retrieve your stored environment variables from inside your Lambda function during startup so you don't need to do this at deployment time.
Doing it on deployment time is still better if that is possible in your use case.
63
I would not call this as a solution rather a work around to address your problem. You can configure your environment variables and store it onto S3 bucket. And using S3 client within your each lambda , you can read specific variable you are interested in. Hope this helps.
36
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
