I'm developing a lambda function to consume a soap api. The soap api requires authentication with an ssl certificate. I managed to get it working locally by importing the pfx file using a binary loader (webpack), and then writing it back to the '/tmp/' path in the lambda container like so:
const cert = require('/etc/ssl/certs/cert.pfx')
const certPath = '/tmp/cert.pfx'
fs.writeFileSync(certPath, Buffer.from(cert, 'binary'))
client.setSecurity('/tmp/cert.pfx', 'secretPassphrase', {...options});
This is not really a viable strategy as it would either require adding the pfx file to version control or otherwise complicated measures.
What i would love is to be able to just require the pfx binary from somewhere in AWS (secretsmanager/paramstore/someotherservice). But I can't seem to figure out a way to get that to work with the binary pfx format.
What is the smart way to solve this problem?
Thanks a million!
My first thought would be to store the pfx file in an S3 bucket in your account, specifying KMS encryption when you store the file. Then give the Lambda function's IAM role permission to read the file from S3.
In some initialization code outside of your Lambda function's handler, you would simply call an S3 copy function, using the AWS SDK, to copy the pfx file to the Lambda function's /tmp
folder.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With