Set Non-secret Vars in AWS Serverless (SAM)
Here's how to set non-secret variables in sam config for local dev.
Serverless Application Model
AWS has a tool called Serverless Application Model, or SAM, that allows you to run commands for your application. For instance, I can invoke my Lambda or run it behind a local API Gateway.
Invoke a Function
You can invoke an AWS Lambda function locally, running it once, with the command:
aws local invoke MyFunctionName
Start as API
You can start a local API gateway that fronts your function, allowing you to address it with HTTP requests, with this command:
aws local start-api
Access Environment Variables
But how does it get there?
template.yaml will contain the value of
MY_NONSECRET_THING. That will pass it into the runtime of your program.
TODO: fill in that syntax
samconfig.yaml will allow you to define a per-environment value for your variable. This happens in
samconfig.yaml, you need a section for your non-secret variable when used in
sam local invoke:
[default.local_invoke.parameters] parameter_overrides = [ "IdOfSomething=\"abc123\"" ]
And then duplicated in a separate section for
sam local start-api:
[default.local_start_api.parameters] parameter_overrides = [ "IdOfSomething=\"abc123\"" ]
And just for completeness: Here's what you need for your deployed environments, such as
[production.deploy] [production.deploy.parameters] parameter_overrides = [ "IdOfSomething=\"qwe234\"" ]
What about secrets?
Now, it's important that only your non-secret variables go into the
samconfig.yaml. You don't want to commit your unencrypted secrets to source control.
But where will the secret variables go? It depends. Maybe in Vault or AWS Secrets Manager.