Hi everyone! I'm trying to configure my AWS Lambda function to load secrets from Parameter Store and Secrets Manager at startup. The issue I'm facing is that the AWS Parameters and Secrets Lambda Extension only shows "ready to serve traffic" after the bootstrap process is complete, which means any secret fetching attempts during bootstrap result in errors. I've included my Dockerfile and Lambda handler code below for reference. In my current setup, I'm fetching secrets lazily, but I'd love to know if there's a better way to handle this. If anyone has experience with this, your insights would be really appreciated!
3 Answers
First off, make sure your Lambda has the right permissions to read from the Systems Manager (SSM). You need to set the appropriate IAM role for your Lambda to access SSM.
If you need your environment variables set at build time, consider passing them to your Docker build process directly. For example, while building in GitHub Actions, assign roles to retrieve SSM parameters and build the image with those arguments accordingly.
You might want to simplify your Dockerfile. Too many RUN instructions can bloat your image size and complicate things. Paying attention to how you structure your Dockerfile can lead to better performance.
I hear you, but I'm focused on security and only exposing what's strictly necessary via environment variables.
I've already set those permissions, but I still encounter the extension not being ready during bootstrap!