Lambdas running with SnapStart do not provide the AWS_SESSION_TOKEN environment variable. Instead, they use container credentials. However, when I tried the following, I received a "bad session token or header key" return value.
ContainerCredentialsProvider containerCredentialsProvider = ContainerCredentialsProvider.builder().build();
AwsCredentials awsCredentials = containerCredentialsProvider.resolveCredentials();
if (awsCredentials instanceof AwsSessionCredentials awsSessionCredentials) {
HttpResponse<String> response = httpClient.send(HttpRequest.newBuilder()
.GET()
.uri(URI.create("http://localhost:2773" + url))
.header("X-Aws-Parameters-Secrets-Token", awsSessionCredentials.sessionToken())
.build(), HttpResponse.BodyHandlers.ofString());
return response.body();
} else {
throw new RuntimeException("Invalid environment");
}
So how can I use the extension with SnapStart if the above does not work?
I am also looking for this. Heard from aws support the extension is not compatible with snapstart - possibly some work is going-on in background to fix this. Using secrets manager SDK doubles my lambda size.