AWS Lambda Environment Variables – Encryption & Decryption

Environment variables are variables that are defined for a particular AWS Lambda function. These are useful for passing information to the function from the AWS CloudWatch Logs, AWS S3 API calls, and other various services. This blog post talks about environment variables in AWS Lambda and how to use them for encryption and decryption using the AWS SDK for Node.js.

If you do not know, AWS Lambda is a service that allows you to run code without having to setup your own servers. (you can make a server on your own machine in the same network)

In this post, we will cover the concepts of using AWS Lambda variables and discuss why there is a need to have environment variables in lambda functions.

Use case of Environment Variables in AWS Lambda Function

You can use environment variables to customize function behavior in your test environment and production environment. For example, you can create two functions with the same code but different configurations using environment variables to hold different values one for production and another for the test environment.

Creating Lambda Environment Variables

  1. Go to AWS Dashboard and click on the lambda service and select your function,
  2. Select the tab Configuration on the function,
  3. Click on Environment variables and click on Edit.

4. Add the Key and value arguments to the environment variable created

Encrypting Lambda Environment Variables

Once you create the lambda environment variables then you can also encrypt their values.

  1. To encrypt the lambda environment variables select the Encrypt in transit option and then you can click on the Encrypt button and then choose the AWS KMS key.

2. Click on Save

Decrypting and Reading AWS Lambda Environment Variables.  Java Example.

Here is an example of the code snippet that can be used or added to decrypt or read environment variables.

import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.util.HashMap;
import java.util.Map;

import com.amazonaws.services.kms.AWSKMS;
import com.amazonaws.services.kms.AWSKMSClientBuilder;
import com.amazonaws.services.kms.model.DecryptRequest;
import com.amazonaws.services.lambda.runtime.Context;
import com.amazonaws.util.Base64;

public class Hello {

// This variable will hold your decrypted key. Decryption happens on first
// invocation when the container is initialized and never again for
// subsequent invocations.
private static String DECRYPTED_KEY = decryptKey();

public String myHandler(int someInput, Context context) {
// Implement your business logic here
// Use DECRYPTED_KEY to refer to the plaintext key
return DECRYPTED_KEY;
}

private static String decryptKey() {
System.out.println(“Decrypting key”);
byte[] encryptedKey = Base64.decode(System.getenv(“prerna”));
Map<String, String> encryptionContext = new HashMap<>();
encryptionContext.put(“LambdaFunctionName”,
System.getenv(“AWS_LAMBDA_FUNCTION_NAME”));

AWSKMS client = AWSKMSClientBuilder.defaultClient();

DecryptRequest request = new DecryptRequest()
.withCiphertextBlob(ByteBuffer.wrap(encryptedKey))
.withEncryptionContext(encryptionContext);

ByteBuffer plainTextKey = client.decrypt(request).getPlaintext();
return new String(plainTextKey.array(), Charset.forName(“UTF-8”));
}

public static void main(String args[]) {
Hello h = new Hello();
System.out.println(h.myHandler(1, null));
}
}

I hope this tutorial was helpful to you. If you are interested to learn more about AWS Lambda, please have a look at the list of video courses below. One of them might be what you are looking for.

Happy learning!

Frequently Asked Questions

Does Lambda provide encrypt environment variables?

No, Lambda does not provide encryption for environment variables.

Does AWS Lambda automatically encrypt environment variables?

No. AWS Lambda does not automatically encrypt environment variables. You must use the aws-cli to encrypt your environment variables before you upload them to AWS Lambda.

Is AWS Lambda secure?

AWS Lambda is a compute service that runs your code in response to events and automatically manages the compute resources for you. AWS Lambda is designed to be secure by default, with built-in support for common security features such as authentication, authorization, encryption, and auditing.

Related Tags:

aws lambda environment variables pythonaws lambda environment variables limitaws lambda default environment variablesaws sam environment variablesaws lambda environment variables javaaws environment variables,People also search for,Feedback,Privacy settings,How Search works,aws lambda environment variables python,lambda environment variables secrets manager,aws lambda environment variables cloudformation,aws lambda environment variables limit,aws lambda default environment variables,aws lambda environment variables java,aws sam environment variables,aws environment variables

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *