1

I am new to AWS Lambda functions, and I am trying to retrieve secrets to use to connect to RDS database.

Here is my current code:

var aws = require("aws-sdk");

exports.handler = async (event) => {

    console.log("version = " + aws.VERSION)

    var client = new aws.SecretsManager({
        version: '2017-10-17',
        region: 'eu-west-2' // Your region
    });
    var secret, decodedBinarySecret;

    await client.getSecretValue({
        SecretId: 'mysecretid'
    }, function(err, data) {
        if (err) {
            console.log("I am here 2");

            try {
                /* code */
                if (err.code === 'DecryptionFailureException')
                    // Secrets Manager can't decrypt the protected secret text using the provided KMS key.
                    // Deal with the exception here, and/or rethrow at your discretion.
                    throw err;
                else if (err.code === 'InternalServiceErrorException')
                    // An error occurred on the server side.
                    // Deal with the exception here, and/or rethrow at your discretion.
                    throw err;
                else if (err.code === 'InvalidParameterException')
                    // You provided an invalid value for a parameter.
                    // Deal with the exception here, and/or rethrow at your discretion.
                    throw err;
                else if (err.code === 'InvalidRequestException')
                    // You provided a parameter value that is not valid for the current state of the resource.
                    // Deal with the exception here, and/or rethrow at your discretion.
                    throw err;
                else if (err.code === 'ResourceNotFoundException')
                    // We can't find the resource that you asked for.
                    // Deal with the exception here, and/or rethrow at your discretion.
                    throw err;
            }
            catch (e) {
                console.log(e);
                console.log(JSON.stringify(e));
            }
        }
        else {

            console.log("I am here 1");
            // Decrypts secret using the associated KMS CMK.
            // Depending on whether the secret is a string or binary, one of these fields will be populated.
            if ('SecretString' in data) {
                secret = data.SecretString;
            }
            else {
                let buff = new Buffer(data.SecretBinary, 'base64');
                decodedBinarySecret = buff.toString('ascii');
            }
        } // Your code goes here. 
        console.log("I am here 3");
        console.log(secret);
    });
};

I have attached the correct roles and permissions to the function and also the console log of the aws version is version = 2.1083.0

But the other console logs do not output anything indicating the code is not being hit, wondering what I am doing wrong?

Improve this question
2
  • This one looks kinda similar, dontcha think so? stackoverflow.com/questions/61098951/… Commented Jul 8, 2022 at 10:54
  • Have you tried the secret manager's code that it generates itself? And try comparing it with yours to see what the difference is. Commented Jul 8, 2022 at 16:28

2 Answers 2

Reset to default
2

How about you try something like

const data = await client.getSecretValue({
    SecretId: 'mysecretid'
});
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

I have solved this myself:

In index.js

const SecretsManager = require('./secretsManager.js');
exports.handler = async (event) => {

    var secretName = 'mysecretid';
    var region = 'eu-west-2';
    var apiValue = await SecretsManager.getSecret(secretName, region);
    console.log(apiValue); 
    const response = {
        statusCode: 200,
        body: JSON.stringify('Hello from Lambda!'),
    };
    return response;
 
};

and then I created a new file called secretsManager.js

const AWS = require('aws-sdk'); 

class SecretsManager {

    /**
     * Uses AWS Secrets Manager to retrieve a secret
     */
    static async getSecret (secretName, region){
        const config = { region : region }
        var secret, decodedBinarySecret;
        let secretsManager = new AWS.SecretsManager(config);
        try {
            let secretValue = await secretsManager.getSecretValue({SecretId: secretName}).promise();
            if ('SecretString' in secretValue) {
                return secret = secretValue.SecretString;
            } else {
                let buff = new Buffer(secretValue.SecretBinary, 'base64');
                return decodedBinarySecret = buff.toString('ascii');
            }
        } catch (err) {
            if (err.code === 'DecryptionFailureException')
                // Secrets Manager can't decrypt the protected secret text using the provided KMS key.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
            else if (err.code === 'InternalServiceErrorException')
                // An error occurred on the server side.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
            else if (err.code === 'InvalidParameterException')
                // You provided an invalid value for a parameter.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
            else if (err.code === 'InvalidRequestException')
                // You provided a parameter value that is not valid for the current state of the resource.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
            else if (err.code === 'ResourceNotFoundException')
                // We can't find the resource that you asked for.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
        }
    } 
}
module.exports = SecretsManager;
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.