You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have removed any sensitive information from my code snippets and submission.
Amplify Hosting feature
Access control, Environment variables, SSR
Is your feature request related to a problem? Please describe:
Currently, there is no way to pass secret values to SSR environments. The only available way to pass any variables at all is via .env files 1. This way is not secure, because secrets will be stored in plain text in the .env file and can be found in downloaded build artefact.
Describe how you'd like this feature to work
Taking into account that SSR applications are running as Lambdas, the ideal solution would be (if architecture allows it) to enable Lambda Extension23 for reading secrets45. This will allow accessing secrets in secure way without need to add AWS SDK to the application bundle.
Then secrets can be accessed as simply as:
GET http://localhost:port/systemsmanager/parameters/get?name=parameter-name&version=version&label=label&withDecryption={true|false}
This will likely be possible only once IAM roles for SSR environments are released:
This has been identified as a feature request. If this feature is important to you, we strongly encourage you to give a 👍 reaction on the request. This helps us prioritize new features most important to you. Thank you!
Before opening, please confirm:
Amplify Hosting feature
Access control, Environment variables, SSR
Is your feature request related to a problem? Please describe:
Currently, there is no way to pass secret values to SSR environments. The only available way to pass any variables at all is via
.env
files 1. This way is not secure, because secrets will be stored in plain text in the.env
file and can be found in downloaded build artefact.Describe how you'd like this feature to work
Taking into account that SSR applications are running as Lambdas, the ideal solution would be (if architecture allows it) to enable Lambda Extension23 for reading secrets45. This will allow accessing secrets in secure way without need to add AWS SDK to the application bundle.
Then secrets can be accessed as simply as:
This will likely be possible only once IAM roles for SSR environments are released:
Related issues:
Footnotes
https://docs.aws.amazon.com/amplify/latest/userguide/ssr-environment-variables.html ↩
https://aws.amazon.com/blogs/compute/introducing-aws-lambda-extensions-in-preview/ ↩
https://docs.aws.amazon.com/lambda/latest/dg/lambda-extensions.html ↩
https://aws.amazon.com/blogs/compute/using-the-aws-parameter-and-secrets-lambda-extension-to-cache-parameters-and-secrets/ ↩
https://docs.aws.amazon.com/systems-manager/latest/userguide/ps-integration-lambda-extensions.html ↩
The text was updated successfully, but these errors were encountered: