By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Parameters and Secrets Lambda Extension with SnapStart

0

Lambdas running with SnapStart do not provide the AWS_SESSION_TOKEN environment variable. Instead, they use container credentials. However, when I tried the following, I received a "bad session token or header key" return value.

ContainerCredentialsProvider containerCredentialsProvider = ContainerCredentialsProvider.builder().build();
AwsCredentials awsCredentials = containerCredentialsProvider.resolveCredentials();

if (awsCredentials instanceof AwsSessionCredentials awsSessionCredentials) {
        HttpResponse<String> response = httpClient.send(HttpRequest.newBuilder()
            .GET()
            .uri(URI.create("http://localhost:2773" + url))
            .header("X-Aws-Parameters-Secrets-Token", awsSessionCredentials.sessionToken())
            .build(), HttpResponse.BodyHandlers.ofString());
        return response.body();
} else {
    throw new RuntimeException("Invalid environment");
}

So how can I use the extension with SnapStart if the above does not work?

  • DC
    24 days ago

    I am also looking for this. Heard from aws support the extension is not compatible with snapstart - possibly some work is going-on in background to fix this. Using secrets manager SDK doubles my lambda size.

Topics
ServerlessComputeSecurity, Identity, & Compliance
Tags
AWS LambdaAWS Secrets Manager
Language
English
PU
asked 5 months ago117 views
No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content