Menu
Using AWS Step Functions to string together Lambdas is interesting, but is there a way to disable/hide logging on the execution details screen? 
Private information being handed from one lambda to another needs to be able to be done in secret, and adding a KMS encrypt/decrypt to each step is a ton of overhead, and impossible for lambdas that live in a VPC without internet access.
946
Symmetric Encryption uses OpenSSL to encrypt and decrypt the data which means we are able to use any of the algorithms supported by OpenSSL. We used aes-256-cbc which is also the recommended default algorithm.
These data protection features include: Data encryption capabilities available in over 100 AWS services. Flexible key management options using AWS Key Management Service (KMS), allowing customers to choose whether to have AWS manage their encryption keys or enabling customers to keep complete control over their keys.
Another option is to use SSM parameter store with the SecureString type using KMS encryption. You would pass the name of the SSM parameter between steps. The lambda functions would use the API to retrieve and decrypt the value in a single request. See the link below for documentation on how to work with SSM parameter store using boto3 in Python.
http://boto3.readthedocs.io/en/latest/reference/services/ssm.html#SSM.Client.get_parameter
You will have to ensure that the roles to your lambda functions provide access to the SSM parameters AND access to same KMS key that was used to encrypt the value.
191
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
