Injecting credentials into a docker image for lambda usage

Question

Hello,

Currently we have the following pipeline: In codebuild we build a docker image of our project and from AWS Secret manager we inject a ".env" file into the image. This image is uploaded to AWS ECR and then deployed into a lambda function, but the lambda function is not been able to find the enviroment variables. We are doing this to avoid writing secrets into the lambda console and having all credentials in one place.

How can i load this .env file so the lambda can read the credentials? It has to be in a particular folder (its in the root of the project) or is not possible to do what we are trying to do? whats the path of the image where all env variables goes?

We are using this image `FROM public.ecr.aws/lambda/nodejs:14` for the docker

Answer

Hi,

AWS Secrets Manager is a service built exactly to serve your use case: https://aws.amazon.com/secrets-manager/

More detals on using secrets frol Lambda: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets_lambda.html

By the way, you .env file should also probably not be in your container image but also accessed in SM by the container. Simlar code to Lambda should be used in the container to access the secret(s)

Best,

Didier

Answer

Please read the envirnoment variable as per the below the sample code:
Step 1: Node js apps
const dotenv = require('dotenv');
dotenv.config(); // This will read from your .env file and set the environment variables
Step 2:
copy the value from envirnoment variable

FROM public.ecr.aws/lambda/nodejs:14
WORKDIR /var/task
COPY . .  # Copy your application code and .env file
ENV VAR_NAME=value

Injecting credentials into a docker image for lambda usage

Relevanter Inhalt