Reputation: 4609
How to secure the AWS access key in serverless
I am writing a serverless application which is connected to DynamoDB.
Currently I am reading the access key ID and security access key from a json file.
I am going to use Jenkins for CI and need a way to secure these keys.
What I am going to do is setting the keys as environmental variables and read them in the application. But the problem is I don't know how to set the environmental variables every time a lambda function is started.
I have read there's a way to configure this in serverless.yml file, but don't know how.
How to achieve this?
Upvotes: 1
Views: 853
Answers (2)
Reputation: 51
There's a good guide on serverless security, which among other topics, cover this one as well. It's similar to the OWASP top 10:
In general, the best practice would be to use the AWS Secrets Manager, together with SSM parameter store.
Upvotes: 1
Reputation: 4616
Don't use environment variables. Use the IAM role that is attached to your lambda function. AWS Lambda assumes the role on your behalf and sets the credentials as environment variables when your function runs. You don't even need to read these variables yourself. All of the AWS SDKs will read these environment variables automatically.
Upvotes: 3
Related Questions
- How do I solve the deploy serverless error : The provided access key is not authorized for this operation?
- How to restrict access to a lambda
- How to secure an endpoint that is accessed by unauthenticated users in a serverless application
- Using serverless, how to add secret keys as environment variable in AWS lambda function?
- Authorization code grant in lambda AWS with Serverless Framework
- AWS lambda basic-authentication without custom authorizer
- How to secure an AWS Lambda function?
- Store and regenerate auth token in serverless environment
- Serverless: Handle API key decryption in a lambda function
- Using an existing API key with the Serverless Framework in AWS