Use Amazon Secrets Manager secrets in Amazon Lambda functions - Amazon Secrets Manager
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Use Amazon Secrets Manager secrets in Amazon Lambda functions

Amazon Lambda is a serverless compute service that lets you run code without provisioning or managing servers. Parameter Store, a capability of Amazon Systems Manager, provides secure, hierarchical storage for configuration data management and secrets management. You can use the Amazon Parameters and Secrets Lambda Extension to retrieve and cache Amazon Secrets Manager secrets and Parameter Store parameters in Lambda functions without using an SDK. For detailed information about using this extension, see Use Secrets Manager secrets in Lambda functions in the Lambda Developer Guide.

Using Secrets Manager secrets with Lambda

The Lambda Developer Guide provides comprehensive instructions for using Secrets Manager secrets in Lambda functions. To get started:

  1. Follow the step-by-step tutorial in Use Secrets Manager secrets in Lambda functions, which includes:

    • Creating a Lambda function with your preferred runtime (Python, Node.js, Java)

    • Adding the Amazon Parameters and Secrets Lambda Extension as a layer

    • Configuring the necessary permissions

    • Writing code to retrieve secrets from the extension

    • Testing your function

  2. Learn about environment variables for configuring the extension's behavior, including cache settings and timeouts

  3. Understand best practices for working with secret rotation

Using Secrets Manager and Lambda in a VPC

If your Lambda function runs in a VPC, you need to create a VPC endpoint so that the extension can make calls to Secrets Manager. For more information, see Using an Amazon Secrets Manager VPC endpoint.

Using the Amazon Parameters and Secrets Lambda Extension

The extension can retrieve both Secrets Manager secrets and Parameter Store parameters. For detailed information about using Parameter Store parameters with the extension, see Using Parameter Store parameters in Lambda functions in the Amazon Systems Manager User Guide.

The Systems Manager documentation includes:

  • Detailed explanation of how the extension works with Parameter Store

  • Instructions for adding the extension to a Lambda function

  • Environment variables for configuring the extension

  • Sample commands for retrieving parameters

  • Complete list of extension ARNs for all supported architectures and regions