Read secret values from secret manager using API Gateway

0

Hello,

I created a secret manager and added values as key value pairs, I want to read it using API Gateway with specific key name, I tried find a way a lot but did not find anything helpful.

Can someone help for the same?

3 Answers
2

Please note API Gateway itself doesn't directly access Secret Manager. It's primarily a proxy that routes requests to backend services. To achieve your goal, you can use a Lambda function as a backend service to fetch the secret and return it to API Gateway.

profile pictureAWS
cloudyy
answered 2 months ago
profile picture
EXPERT
reviewed 2 months ago
  • Using Lambda, I need to use Client Id and and Client Secret to fetch secrets, right? Any way to fetch secrets without using Client Id and and Client Secret, just like API Gateway?

  • No, you can assign a role to the Lambda function which has access to the secrets that you specify; then you don't need to manage any credentials for the Lambda function as it is done automatically.

1

AWS Parameters and Secrets Lambda Extension can retrieve and cache AWS Secrets Manager secrets in Lambda functions. The extension can retrieve both Secrets Manager secrets and Parameter Store parameters. See: Parameter Store integration with Lambda extensions in the AWS Systems Manager User Guide

I suggest you enable debug logging for the AWS Parameters and Secrets Lambda Extension By default, the extension logs a minimal amount of information to CloudWatch. To log more details, set the environment variable PARAMETERS_SECRETS_EXTENSION_LOG_LEVEL to debug.

AWS
answered 2 months ago
0

The other answer is good but it leads to a question in return:

Why do this? Why not just call Secrets Manager and get the secret directly? Why add API Gateway to the mix?

profile pictureAWS
EXPERT
answered 2 months ago
  • Because I don't want to use Client Id and and Secret

  • Ok, so a Lambda function is probably the right way to go. Assuming that your callers/users are authenticated another way to go would be to use Cognito to authenticate the users then vend temporary credentials to the client that are scoped to only access the appropriate secret(s) in Secrets Manager. Using Lambda is conceptually easier if you're already using API Gateway but having the client call Secrets Manager directly is more scalable and potentially less costly.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions