Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to hide sql connection strings in aws lambda?

The following is how I'm connecting. Is there any way in Lambda to set environmental variables that aren't visible and ideally would cross to several lambdas? Ideally in another AWS service that I could access with the SDK and use across all AWS services?

var MYSQL      = require('mysql');
var AWS = require('aws-sdk');

exports.handler = (event, context, callback) => {
    var connection = MYSQL.createConnection({
        host     : '127.0.0.1',
        port     : '3306',
        user     : 'myuser',
        password : 'mypass',
        database : 'mydb'
});
connection.connect();
like image 278
Dr. Chocolate Avatar asked Mar 10 '23 05:03

Dr. Chocolate


2 Answers

I am afraid that the answers given before experience some lack of relevance. The AWS recommended way of storing this sort of data like connection strings for lambda, is the Systems Manager Parameter Store:

AWS Systems Manager provides a centralized store to manage your configuration data, whether plain-text data such as database strings or secrets such as passwords. This enables you to separate your secrets and configuration data from your code.

See also: https://aws.amazon.com/blogs/compute/sharing-secrets-with-aws-lambda-using-aws-systems-manager-parameter-store/

like image 142
Andremoniy Avatar answered Mar 19 '23 11:03

Andremoniy


I would store that in either a DynamoDB table or an S3 bucket. You can assign an IAM role to the Lambda to allow access to these - maybe read-only.

Alternatively, Lambda's now have environment variables like Elastic Beanstalk and you could set it that way. They can be encrypted though that adds some complexity too.

like image 44
stdunbar Avatar answered Mar 19 '23 12:03

stdunbar