Creating and using AWS Secrets from the CDK and CLI
August 15, 2020
Secrets such as environment variables are a must when working with applications using tools such as the CDK. When generating our CloudFormation templates, the last thing you want is to have environment variables leaking through your Git history.
This short overview will create/retrieve a secret from the AWS Secrets Manager and show how you can then require it within a CDK stack.
The secrets manager from the CLI
Ensure that you have the aws-cli installed.
We’re going to add values for
example/secretToken. For us to reference later in the example CDK usage.
Creating our first example two secrets:
aws secretsmanager create-secret --name example/secretKey --description "Example Secret Key" --secret-string "super-secret-key" aws secretsmanager create-secret --name example/secretToken --description "Example Secret Token" --secret-string "super-secret-token"
The response from each will give you an ARN value - make sure you note these down.
If you do not note it down, you can always refetch the secret using
describe-secret from the CLI:
# Example to get "example/secretKey" info back aws secretsmanager describe-secret --secret-id example/secretKey
Let’s pretend we’re going to deploy a Lambda function that requires particular environment variables.
This tutorial won’t go into the depths of the AWS CDK, but just know it requires
@aws-cdk/aws-secretsmanager to be installed for the secret manager part.
The following code can be updated with the appropriate ARNs that we explored above.
Resources and Further Reading
Image credit: Emiel Maters
Have you ever wanted to build a UI Component Library with TypeScript and React? This blog post will take you through a straightforward set up that uses the bare minimum to get a working component library that you can re-use across your different React projects.
This blog post will explore the new Next.js Image component for an optimised image experience on the web.
Learn how to create a test Stripe example, update that example and deploy to Vercel for a Stripe payment gateway, React 17, TypeScript 4 and Next.js 10
Learn how to deploy the base Next.js 10 app with the Vercel CLI and/or the Vercel GitHub Integration
Learn how to export static HTML from a Nextjs 10 project to host
Use the TypeScript AWS CDK to deploy static sites to S3 with a CloudFront distribution and Route53 setup for a custom domain.
Using Webpack 5 to build lambdas for AWS deployments
A look into how you can run a cron job to self-destruct tweets
Using TypeScript to standardise types across the board using JSON Schema
Look at how we can work around one of the Service Worker's biggest misunderstanding
A personal blog on all things of interest. Written by Dennis O'Keeffe, Follow me on Twitter