AWS Parameters and Secrets Lambda Extensions Usage
Today (19–10–2022), this post on LinkedIn made me very curious:
and as I looked at the release document, I had to try it myself. This article will focus on AWS Secrets Manager, but can be applicable to AWS System Manager Parameter Store too.
Basically, AWS launched the AWS Parameters and Secrets Lambda Extension, a convenient method for AWS Lambda users to retrieve parameters from AWS Systems Manager Parameter Store and secrets from AWS Secrets Manager.
This release has big implications in terms of Lambda function latency and reducing costs on both Lambda execution and Secrets Manager API calls ($0.05 per 10000 calls).
From now, you can avoid making SDK calls towards SecretsManager API — which can incur in high prices — and instead leverage caching capabilities from Lambda Extensions.
Release documentation is self explanatory, with a couple of catches:
- To associate the Layer to your lambda, grab one of those ARNs and add it, as choosing the AWS Layer dropdown could show you a “No layers are compatible with the function’s runtime”, which seems not correct.
- You should define an environment variable called PARAMETERS_SECRETS_EXTENSION_LOG_LEVEL and set to info. This is helpful to confirm the local port used to call the Secrets Manager API.
- To call the API, in the X-Aws-Parameters-Secrets-Token header, you ll need to leverage the AWS_SESSION_TOKEN, a required attributed used for validating all requests made by the user as a form of server-side request forgery (SSRF) protection.
- Below code snippets should clarify how you can achieve reading values from the extension layer instead of the SDK
Hope above helps! While more experiments are definitely needed, this sounds promising.
More content at PlainEnglish.io. Sign up for our free weekly newsletter. Follow us on Twitter, LinkedIn, YouTube, and Discord.
