lambda

package module

v0.1.0 Latest Latest Go to latest Published: Feb 16, 2025 License: Apache-2.0 Imports: 14 Imported by: 2

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/nguyengg/go-aws-commons

Links

Open Source Insights

README ¶

Lambda Handler wrappers with sensible defaults

GetParameter and GetSecretValue using AWS Parameter and Secrets Lambda extension

When running in Lambda, if you need to retrieve parameters from Parameter Store or secrets from Secrets Manager, you can use the AWS Parameter and Secrets Lambda extension to cache the values. The extension was first described in detail in blog post https://aws.amazon.com/blogs/compute/using-the-aws-parameter-and-secrets-lambda-extension-to-cache-parameters-and-secrets/.

package main

import (
	"context"

	"github.com/aws/aws-sdk-go-v2/aws"
	"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
	"github.com/aws/aws-sdk-go-v2/service/ssm"
	"github.com/nguyengg/go-aws-commons/lambda"
)

func main() {
	// lambda.ParameterSecretsExtensionClient implements GetSecretValue and GetParameter so I can substitute the
	// client to any code that needs it. the zero-value struct is ready for use.
	c := lambda.ParameterSecretsExtensionClient{}

	// in my Lambda handler, instead of invoking Secrets Manager SDK directly, I can use the client from the
	// extension package which makes use of the AWS Parameter and Secrets Lambda extension.
	_, err := c.GetSecretValue(context.Background(), &secretsmanager.GetSecretValueInput{
		SecretId:     aws.String("my-secret"),
		VersionId:    nil,
		VersionStage: nil,
	})

	// I can also use the package-level methods which will use the default client.
	_, err = lambda.GetParameter(context.Background(), &ssm.GetParameterInput{
		Name:           aws.String("my-parameter"),
		WithDecryption: nil,
	})
}

getenv adds abstraction on top of this so that I can easily swap out how the variable is retrieved.

func main() {
   // while prototyping, you can retrieve from environment variable
   v := getenv.Env("TEST")

   // now you want to retrieve from Parameter Store instead
   v = getenv.ParameterString(&ssm.GetParameterInput{
      Name:           aws.String("my-parameter-name"),
      WithDecryption: aws.Bool(true),
   })

   // in the next example, the key is retrieved and then used as secret key for HMAC verification.
   key := getenv.SecretBinary(&secretsmanager.GetSecretValueInput{
      SecretId:     aws.String("my-secret-id"),
      VersionId:    nil,
      VersionStage: nil,
   })
   h := hmac.New(sha256.New, key.MustGetWithContext(context.Background()))
   h.Write( /* some data */ )
   h.Sum(nil)
}

Documentation ¶

Index ¶

Constants
Variables
func GetParameter(ctx context.Context, input *ssm.GetParameterInput) (*ssm.GetParameterOutput, error)
func GetSecretValue(ctx context.Context, input *secretsmanager.GetSecretValueInput) (*secretsmanager.GetSecretValueOutput, error)
func SetUpGlobalLogger(ctx context.Context) func()
func SetUpLogger(ctx context.Context, logger *log.Logger) func()
type GetParameterClient
type GetSecretValueClient
type ParameterSecretsExtensionClient
- func (l *ParameterSecretsExtensionClient) GetParameter(ctx context.Context, input *ssm.GetParameterInput, _ ...func(*ssm.Options)) (*ssm.GetParameterOutput, error)
- func (l *ParameterSecretsExtensionClient) GetSecretValue(ctx context.Context, input *secretsmanager.GetSecretValueInput, ...) (*secretsmanager.GetSecretValueOutput, error)

Constants ¶

View Source

const (
	// DebugLogFlags is the flag passed to log.SetFlags by SetUpLogger if IsDebug is true.
	DebugLogFlags = log.Ldate | log.Lmicroseconds | log.LUTC | log.Llongfile | log.Lmsgprefix

	// DefaultLogFlags is the flag passed to log.SetFlags by SetUpLogger if IsDebug is false.
	DefaultLogFlags = DebugLogFlags | log.Lshortfile
)

Variables ¶

View Source

var DefaultParameterSecretsExtensionClient = &ParameterSecretsExtensionClient{Client: http.DefaultClient}

DefaultParameterSecretsExtensionClient is the client used by package-level GetSecretValue and GetParameter.

View Source

var IsDebug bool

IsDebug is true if the "DEBUG" environment have value "1" or "true".

The value of IsDebug is set at startup by way of init(). While many things in the lambda package use this value, nothing will modify it. If you want to use a different environment variable or a different way to toggle DEBUG behaviour, modify this value directly.

Functions ¶

func GetParameter ¶

func GetParameter(ctx context.Context, input *ssm.GetParameterInput) (*ssm.GetParameterOutput, error)

GetParameter is a wrapper around [DefaultClient.GetParameter].

func GetSecretValue ¶

func GetSecretValue(ctx context.Context, input *secretsmanager.GetSecretValueInput) (*secretsmanager.GetSecretValueOutput, error)

GetSecretValue is a wrapper around [DefaultClient.GetSecretValue].

func SetUpGlobalLogger ¶

func SetUpGlobalLogger(ctx context.Context) func()

SetUpGlobalLogger applies sensible default settings to log.Default instance.

Specifically, log.SetFlags is called with DefaultLogFlags, and if lambdacontext.LambdaContext.AwsRequestId is available then it is set as the log prefix with log.SetPrefix.

A function is returned that should be deferred upon to reset the log flags and prefix back to the original values. Use SetUpLogger if you wish to modify a specific log.Logger.

Usage

// this should be the first line in your AWS Lambda handler. many Start methods in this package will do this
// for you by default.
// notice the double ()() to make sure SetUpGlobalLogger executes some function first, then its returned
// function is deferred.
defer logsupport.SetUpGlobalLogger()()

func SetUpLogger ¶

func SetUpLogger(ctx context.Context, logger *log.Logger) func()

SetUpLogger is a variant of SetUpGlobalLogger that targets a specific log.Logger.

Types ¶

type GetParameterClient ¶

type GetParameterClient interface {
	GetParameter(ctx context.Context, params *ssm.GetParameterInput, optFns ...func(*ssm.Options)) (*ssm.GetParameterOutput, error)
}

GetParameterClient abstracts the GetParameter API that has an implementation using AWS Parameter and Secrets Lambda extension (ParameterSecretsExtensionClient).

type GetSecretValueClient ¶

type GetSecretValueClient interface {
	GetSecretValue(ctx context.Context, params *secretsmanager.GetSecretValueInput, optFns ...func(*secretsmanager.Options)) (*secretsmanager.GetSecretValueOutput, error)
}

GetSecretValueClient abstracts the GetSecretValue API that has an implementation using AWS Parameter and Secrets Lambda extension (ParameterSecretsExtensionClient).

type ParameterSecretsExtensionClient ¶

type ParameterSecretsExtensionClient struct {
	// Client is the HTTP client to use for making HTTP requests.
	//
	// If nil, http.DefaultClient is used.
	Client *http.Client
	// contains filtered or unexported fields
}

ParameterSecretsExtensionClient implements both GetParameterClient and GetSecretValueClient using the AWS Parameter and Secrets Lambda extension.

See https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets_lambda.html and https://docs.aws.amazon.com/systems-manager/latest/userguide/ps-integration-lambda-extensions.html.

The zero-value DefaultParameterSecretsExtensionClient is ready for use.

func (*ParameterSecretsExtensionClient) GetParameter ¶

func (l *ParameterSecretsExtensionClient) GetParameter(ctx context.Context, input *ssm.GetParameterInput, _ ...func(*ssm.Options)) (*ssm.GetParameterOutput, error)

func (*ParameterSecretsExtensionClient) GetSecretValue ¶

func (l *ParameterSecretsExtensionClient) GetSecretValue(ctx context.Context, input *secretsmanager.GetSecretValueInput, _ ...func(*secretsmanager.Options)) (*secretsmanager.GetSecretValueOutput, error)

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
getenv

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL