Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature Request] Support for Lambda Secrets extension for SSR environments #3972

Open
3 tasks done
taraspos opened this issue Dec 5, 2024 · 1 comment
Open
3 tasks done
Labels
feature-request New feature or request

Comments

@taraspos
Copy link

taraspos commented Dec 5, 2024

Before opening, please confirm:

Amplify Hosting feature

Access control, Environment variables, SSR

Is your feature request related to a problem? Please describe:

Currently, there is no way to pass secret values to SSR environments. The only available way to pass any variables at all is via .env files 1. This way is not secure, because secrets will be stored in plain text in the .env file and can be found in downloaded build artefact.

Describe how you'd like this feature to work

Taking into account that SSR applications are running as Lambdas, the ideal solution would be (if architecture allows it) to enable Lambda Extension23 for reading secrets45. This will allow accessing secrets in secure way without need to add AWS SDK to the application bundle.

Then secrets can be accessed as simply as:

GET http://localhost:port/systemsmanager/parameters/get?name=parameter-name&version=version&label=label&withDecryption={true|false}

This will likely be possible only once IAM roles for SSR environments are released:

Related issues:

Footnotes

  1. https://docs.aws.amazon.com/amplify/latest/userguide/ssr-environment-variables.html

  2. https://aws.amazon.com/blogs/compute/introducing-aws-lambda-extensions-in-preview/

  3. https://docs.aws.amazon.com/lambda/latest/dg/lambda-extensions.html

  4. https://aws.amazon.com/blogs/compute/using-the-aws-parameter-and-secrets-lambda-extension-to-cache-parameters-and-secrets/

  5. https://docs.aws.amazon.com/systems-manager/latest/userguide/ps-integration-lambda-extensions.html

@taraspos taraspos added the feature-request New feature or request label Dec 5, 2024
Copy link

github-actions bot commented Dec 5, 2024

This has been identified as a feature request. If this feature is important to you, we strongly encourage you to give a 👍 reaction on the request. This helps us prioritize new features most important to you. Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature-request New feature or request
Projects
None yet
Development

No branches or pull requests

1 participant