...
And we have selected the publish version option from the workflow so we can verify the published function version, from the plugin output and AWS Lambda console.
...
Sample code to retrieve the secured variables
We have also added some non-secured variables ( Password and Mysql_Connection_String ) to the Lambda Function and to encrypt these variables we have used AWS KMS key, to get the values of secured variables we can use the sample code provided by AWS Lambda according to the Function code language. In our case we are using java script, below is the sample code to get the value of secured and non-secured variables and creating the response to print the values.
| Code Block |
|---|
const AWS = require('aws-sdk');
AWS.config.update({ region: 'us-east-1' });
const functionName = process.env.AWS_LAMBDA_FUNCTION_NAME;
let password;
let userName;
let connectionString;
function processEvent(event) {
}
exports.handler = async (event) => {
const kms = new AWS.KMS();
try {
password = process.env['Password'];
userName = process.env['UserName'];
connectionString = process.env['Mysql_Connection_String'];
let req = {
CiphertextBlob: Buffer.from(password, 'base64'),
EncryptionContext: { LambdaFunctionName: functionName },
};
let data = await kms.decrypt(req).promise();
password= data.Plaintext.toString('ascii');
req = {
CiphertextBlob: Buffer.from(connectionString, 'base64'),
EncryptionContext: { LambdaFunctionName: functionName },
};
data = await kms.decrypt(req).promise();
connectionString = data.Plaintext.toString('ascii');
} catch (err) {
console.log('Decrypt error:', err);
throw err;
}
processEvent(event);
const response = {
UserName: userName,
Password: password,
ConnectionString: connectionString
};
return {
"isBase64Encoded": false,
"statusCode": 200,
"body": JSON.stringify(response),
"headers": {
"content-type": "application/json"
}
};
}; |
...
We can use the test option of the AWS-Lambda to test our function code, in our case test response will be:
...