Swiftorial Logo
Home
Swift Lessons
AI Tools
Learn More
Career
Resources

AWS Serverless: Environment Variables & Secrets

1. Introduction

In serverless applications, environment variables and secrets play a critical role in managing configuration and sensitive data. This lesson will guide you through the concepts, how to manage them in AWS Lambda, and best practices for security.

2. Environment Variables

Environment variables are key-value pairs that can be used to configure your Lambda function. They allow you to pass configuration settings without hardcoding them into your application.

Setting Environment Variables in AWS Lambda


{
  "FunctionName": "my-function",
  "Environment": {
    "KEY_1": "value1",
    "KEY_2": "value2"
  }
}

Use the AWS CLI or AWS Management Console to configure environment variables. For example, with the AWS CLI, you can set them during function creation or update.

Accessing Environment Variables in Code

You can access these variables in your Lambda function code using the following syntax: 

const value1 = process.env.KEY_1;
Note: Always prefer using environment variables to manage configuration over hardcoding them directly into your code.

3. AWS Secrets Manager

AWS Secrets Manager helps you protect access to your applications, services, and IT resources without the upfront investment and on-going maintenance costs of operating your own infrastructure.

Storing Secrets

You can store sensitive information such as database passwords, API keys, and other credentials in AWS Secrets Manager. Here's how to create a secret: 


aws secretsmanager create-secret --name MySecret --secret-string '{"username":"admin","password":"mypassword"}'

Retrieving Secrets in Lambda

You can retrieve secrets in your Lambda function using the AWS SDK: 


const AWS = require('aws-sdk');
const secretsManager = new AWS.SecretsManager();

async function getSecretValue(secretName) {
    const data = await secretsManager.getSecretValue({ SecretId: secretName }).promise();
    return JSON.parse(data.SecretString);
}
Warning: Ensure that your Lambda function has the necessary IAM permissions to access the secrets stored in AWS Secrets Manager.

4. Best Practices

  • Use environment variables to store non-sensitive configuration values.
  • Store sensitive information such as passwords and API keys in AWS Secrets Manager.
  • Limit the permissions of your Lambda functions to only what is necessary.
  • Regularly rotate secrets and keys to enhance security.
  • Use encryption for sensitive data at rest and in transit.

5. FAQ

What are environment variables?

Environment variables are key-value pairs used to configure applications without hardcoding values.

How do I protect sensitive data in AWS Lambda?

Use AWS Secrets Manager to securely store and manage sensitive information.

Can I use environment variables for sensitive information?

While you can use them, it is recommended to use AWS Secrets Manager for sensitive information to ensure better security.