cdk-secret-manager-wrapper-layer 2.0.814 → 2.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.jsii +56 -26
- package/API.md +26 -204
- package/README.md +21 -7
- package/lib/integ.index.js +11 -7
- package/lib/layer.d.ts +9 -6
- package/lib/layer.js +15 -16
- package/package.json +2 -2
package/.jsii
CHANGED
|
@@ -3918,7 +3918,7 @@
|
|
|
3918
3918
|
},
|
|
3919
3919
|
"name": "cdk-secret-manager-wrapper-layer",
|
|
3920
3920
|
"readme": {
|
|
3921
|
-
"markdown": "# `cdk-secret-manager-wrapper-layer`\nthat Lambda layer uses a wrapper script to fetch information from Secrets Manager and create environmental variables.\n> idea from [source](https://github.com/aws-samples/aws-lambda-environmental-variables-from-aws-secrets-manager)\n\n## Example\n```ts\nimport { App, Stack, CfnOutput, Duration } from 'aws-cdk-lib';\nimport { Effect, PolicyStatement } from 'aws-cdk-lib/aws-iam';\nimport { Function, Runtime, Code, FunctionUrlAuthType } from 'aws-cdk-lib/aws-lambda';\nimport { CfnSecret } from 'aws-cdk-lib/aws-secretsmanager';\nimport { SecretManagerWrapperLayer } from 'cdk-secret-manager-wrapper-layer';\nconst env = {\n region: process.env.CDK_DEFAULT_REGION,\n account: process.env.CDK_DEFAULT_ACCOUNT,\n};\nconst app = new App();\nconst stack = new Stack(app, 'testing-stack', { env });\n\n/**\n * Example create an Secret for testing.\n */\nconst secret = new CfnSecret(stack, '
|
|
3921
|
+
"markdown": "# `cdk-secret-manager-wrapper-layer`\nthat Lambda layer uses a wrapper script to fetch information from Secrets Manager and create environmental variables.\n> idea from [source](https://github.com/aws-samples/aws-lambda-environmental-variables-from-aws-secrets-manager)\n\n## Updates\n\n**2025-03-02: v2.1.0**\n- Added architecture parameter support for Lambda Layer\n- Updated Python runtime from 3.9 to 3.13\n- Fixed handler name in example code\n- Improved layer initialization and referencing patterns\n- Enhanced compatibility with AWS Lambda ARM64 architecture\n\n## Example\n```ts\nimport { App, Stack, CfnOutput, Duration } from 'aws-cdk-lib';\nimport { Effect, PolicyStatement } from 'aws-cdk-lib/aws-iam';\nimport { Function, Runtime, Code, FunctionUrlAuthType, Architecture } from 'aws-cdk-lib/aws-lambda';\nimport { CfnSecret } from 'aws-cdk-lib/aws-secretsmanager';\nimport { SecretManagerWrapperLayer } from 'cdk-secret-manager-wrapper-layer';\nconst env = {\n region: process.env.CDK_DEFAULT_REGION,\n account: process.env.CDK_DEFAULT_ACCOUNT,\n};\nconst app = new App();\nconst stack = new Stack(app, 'testing-stack', { env });\n\n/**\n * Example create an Secret for testing.\n */\nconst secret = new CfnSecret(stack, 'MySecret', {\n secretString: JSON.stringify({\n KEY1: 'VALUE1',\n KEY2: 'VALUE2',\n KEY3: 'VALUE3',\n }),\n});\n\nconst lambdaArchitecture = Architecture.X86_64;\n\nconst layer = new SecretManagerWrapperLayer(stack, 'SecretManagerWrapperLayer', {\n lambdaArchitecture,\n});\n\nconst lambda = new Function(stack, 'fn', {\n runtime: Runtime.PYTHON_3_13,\n code: Code.fromInline(`\nimport os\ndef handler(events, contexts):\n env = {}\n env['KEY1'] = os.environ.get('KEY1', 'Not Found')\n env['KEY2'] = os.environ.get('KEY2', 'Not Found')\n env['KEY3'] = os.environ.get('KEY3', 'Not Found')\n return env\n `),\n handler: 'index.handler',\n layers: [layer.layerVersion],\n timeout: Duration.minutes(1),\n /**\n * you need to define this 4 environment various.\n */\n environment: {\n AWS_LAMBDA_EXEC_WRAPPER: '/opt/get-secrets-layer',\n SECRET_REGION: stack.region,\n SECRET_ARN: secret.ref,\n API_TIMEOUT: '5000',\n },\n architecture: lambdaArchitecture,\n});\n\n/**\n * Add Permission for lambda get secret value from secret manager.\n */\nlambda.role!.addToPrincipalPolicy(\n new PolicyStatement({\n effect: Effect.ALLOW,\n actions: ['secretsmanager:GetSecretValue'],\n // Also you can use find from context.\n resources: [secret.ref],\n }),\n);\n\n/**\n * For Testing.\n */\nconst FnUrl = lambda.addFunctionUrl({\n authType: FunctionUrlAuthType.NONE,\n});\n\nnew CfnOutput(stack, 'FnUrl', {\n value: FnUrl.url,\n});\n```\n\n## Testing\n```bash\n# ex: curl https://sdfghjklertyuioxcvbnmghj.lambda-url.us-east-1.on.aws/\ncurl ${FnUrl}\n{\"KEY2\":\"VALUE2\",\"KEY1\":\"VALUE1\",\"KEY3\":\"VALUE3\"}\n```"
|
|
3922
3922
|
},
|
|
3923
3923
|
"repository": {
|
|
3924
3924
|
"type": "git",
|
|
@@ -3937,10 +3937,9 @@
|
|
|
3937
3937
|
"types": {
|
|
3938
3938
|
"cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer": {
|
|
3939
3939
|
"assembly": "cdk-secret-manager-wrapper-layer",
|
|
3940
|
-
"base": "
|
|
3940
|
+
"base": "constructs.Construct",
|
|
3941
3941
|
"docs": {
|
|
3942
|
-
"stability": "experimental"
|
|
3943
|
-
"summary": "An AWS SecretManager Wrapper layer that includes the AWS CLI, jq etc..."
|
|
3942
|
+
"stability": "experimental"
|
|
3944
3943
|
},
|
|
3945
3944
|
"fqn": "cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer",
|
|
3946
3945
|
"initializer": {
|
|
@@ -3949,7 +3948,7 @@
|
|
|
3949
3948
|
},
|
|
3950
3949
|
"locationInModule": {
|
|
3951
3950
|
"filename": "src/layer.ts",
|
|
3952
|
-
"line":
|
|
3951
|
+
"line": 20
|
|
3953
3952
|
},
|
|
3954
3953
|
"parameters": [
|
|
3955
3954
|
{
|
|
@@ -3963,44 +3962,75 @@
|
|
|
3963
3962
|
"type": {
|
|
3964
3963
|
"primitive": "string"
|
|
3965
3964
|
}
|
|
3965
|
+
},
|
|
3966
|
+
{
|
|
3967
|
+
"name": "props",
|
|
3968
|
+
"optional": true,
|
|
3969
|
+
"type": {
|
|
3970
|
+
"fqn": "cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayerProps"
|
|
3971
|
+
}
|
|
3966
3972
|
}
|
|
3967
3973
|
]
|
|
3968
3974
|
},
|
|
3969
3975
|
"kind": "class",
|
|
3970
3976
|
"locationInModule": {
|
|
3971
3977
|
"filename": "src/layer.ts",
|
|
3972
|
-
"line":
|
|
3978
|
+
"line": 12
|
|
3973
3979
|
},
|
|
3974
|
-
"
|
|
3980
|
+
"name": "SecretManagerWrapperLayer",
|
|
3981
|
+
"properties": [
|
|
3975
3982
|
{
|
|
3976
3983
|
"docs": {
|
|
3977
3984
|
"stability": "experimental"
|
|
3978
3985
|
},
|
|
3986
|
+
"immutable": true,
|
|
3979
3987
|
"locationInModule": {
|
|
3980
3988
|
"filename": "src/layer.ts",
|
|
3981
|
-
"line":
|
|
3982
|
-
},
|
|
3983
|
-
"name": "getOrCreate",
|
|
3984
|
-
"parameters": [
|
|
3985
|
-
{
|
|
3986
|
-
"name": "scope",
|
|
3987
|
-
"type": {
|
|
3988
|
-
"fqn": "constructs.Construct"
|
|
3989
|
-
}
|
|
3990
|
-
}
|
|
3991
|
-
],
|
|
3992
|
-
"returns": {
|
|
3993
|
-
"type": {
|
|
3994
|
-
"fqn": "cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer"
|
|
3995
|
-
}
|
|
3989
|
+
"line": 19
|
|
3996
3990
|
},
|
|
3997
|
-
"
|
|
3991
|
+
"name": "layerVersion",
|
|
3992
|
+
"type": {
|
|
3993
|
+
"fqn": "aws-cdk-lib.aws_lambda.ILayerVersion"
|
|
3994
|
+
}
|
|
3998
3995
|
}
|
|
3999
3996
|
],
|
|
4000
|
-
"name": "SecretManagerWrapperLayer",
|
|
4001
3997
|
"symbolId": "src/layer:SecretManagerWrapperLayer"
|
|
3998
|
+
},
|
|
3999
|
+
"cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayerProps": {
|
|
4000
|
+
"assembly": "cdk-secret-manager-wrapper-layer",
|
|
4001
|
+
"datatype": true,
|
|
4002
|
+
"docs": {
|
|
4003
|
+
"stability": "experimental"
|
|
4004
|
+
},
|
|
4005
|
+
"fqn": "cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayerProps",
|
|
4006
|
+
"kind": "interface",
|
|
4007
|
+
"locationInModule": {
|
|
4008
|
+
"filename": "src/layer.ts",
|
|
4009
|
+
"line": 6
|
|
4010
|
+
},
|
|
4011
|
+
"name": "SecretManagerWrapperLayerProps",
|
|
4012
|
+
"properties": [
|
|
4013
|
+
{
|
|
4014
|
+
"abstract": true,
|
|
4015
|
+
"docs": {
|
|
4016
|
+
"stability": "experimental",
|
|
4017
|
+
"summary": "The architecture for the Lambda function that will use this layer."
|
|
4018
|
+
},
|
|
4019
|
+
"immutable": true,
|
|
4020
|
+
"locationInModule": {
|
|
4021
|
+
"filename": "src/layer.ts",
|
|
4022
|
+
"line": 10
|
|
4023
|
+
},
|
|
4024
|
+
"name": "lambdaArchitecture",
|
|
4025
|
+
"optional": true,
|
|
4026
|
+
"type": {
|
|
4027
|
+
"fqn": "aws-cdk-lib.aws_lambda.Architecture"
|
|
4028
|
+
}
|
|
4029
|
+
}
|
|
4030
|
+
],
|
|
4031
|
+
"symbolId": "src/layer:SecretManagerWrapperLayerProps"
|
|
4002
4032
|
}
|
|
4003
4033
|
},
|
|
4004
|
-
"version": "2.0
|
|
4005
|
-
"fingerprint": "
|
|
4034
|
+
"version": "2.1.0",
|
|
4035
|
+
"fingerprint": "+VVrsivUwz9Du3T2cTKq4ktFbcUv4AzkBk6ZcN5W71Y="
|
|
4006
4036
|
}
|
package/API.md
CHANGED
|
@@ -4,20 +4,19 @@
|
|
|
4
4
|
|
|
5
5
|
### SecretManagerWrapperLayer <a name="SecretManagerWrapperLayer" id="cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer"></a>
|
|
6
6
|
|
|
7
|
-
An AWS SecretManager Wrapper layer that includes the AWS CLI, jq etc...
|
|
8
|
-
|
|
9
7
|
#### Initializers <a name="Initializers" id="cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.Initializer"></a>
|
|
10
8
|
|
|
11
9
|
```typescript
|
|
12
10
|
import { SecretManagerWrapperLayer } from 'cdk-secret-manager-wrapper-layer'
|
|
13
11
|
|
|
14
|
-
new SecretManagerWrapperLayer(scope: Construct, id: string)
|
|
12
|
+
new SecretManagerWrapperLayer(scope: Construct, id: string, props?: SecretManagerWrapperLayerProps)
|
|
15
13
|
```
|
|
16
14
|
|
|
17
15
|
| **Name** | **Type** | **Description** |
|
|
18
16
|
| --- | --- | --- |
|
|
19
17
|
| <code><a href="#cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.Initializer.parameter.scope">scope</a></code> | <code>constructs.Construct</code> | *No description.* |
|
|
20
18
|
| <code><a href="#cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.Initializer.parameter.id">id</a></code> | <code>string</code> | *No description.* |
|
|
19
|
+
| <code><a href="#cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.Initializer.parameter.props">props</a></code> | <code><a href="#cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayerProps">SecretManagerWrapperLayerProps</a></code> | *No description.* |
|
|
21
20
|
|
|
22
21
|
---
|
|
23
22
|
|
|
@@ -33,13 +32,17 @@ new SecretManagerWrapperLayer(scope: Construct, id: string)
|
|
|
33
32
|
|
|
34
33
|
---
|
|
35
34
|
|
|
35
|
+
##### `props`<sup>Optional</sup> <a name="props" id="cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.Initializer.parameter.props"></a>
|
|
36
|
+
|
|
37
|
+
- *Type:* <a href="#cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayerProps">SecretManagerWrapperLayerProps</a>
|
|
38
|
+
|
|
39
|
+
---
|
|
40
|
+
|
|
36
41
|
#### Methods <a name="Methods" id="Methods"></a>
|
|
37
42
|
|
|
38
43
|
| **Name** | **Description** |
|
|
39
44
|
| --- | --- |
|
|
40
45
|
| <code><a href="#cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.toString">toString</a></code> | Returns a string representation of this construct. |
|
|
41
|
-
| <code><a href="#cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.applyRemovalPolicy">applyRemovalPolicy</a></code> | Apply the given removal policy to this resource. |
|
|
42
|
-
| <code><a href="#cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.addPermission">addPermission</a></code> | Add permission for this layer version to specific entities. |
|
|
43
46
|
|
|
44
47
|
---
|
|
45
48
|
|
|
@@ -51,65 +54,11 @@ public toString(): string
|
|
|
51
54
|
|
|
52
55
|
Returns a string representation of this construct.
|
|
53
56
|
|
|
54
|
-
##### `applyRemovalPolicy` <a name="applyRemovalPolicy" id="cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.applyRemovalPolicy"></a>
|
|
55
|
-
|
|
56
|
-
```typescript
|
|
57
|
-
public applyRemovalPolicy(policy: RemovalPolicy): void
|
|
58
|
-
```
|
|
59
|
-
|
|
60
|
-
Apply the given removal policy to this resource.
|
|
61
|
-
|
|
62
|
-
The Removal Policy controls what happens to this resource when it stops
|
|
63
|
-
being managed by CloudFormation, either because you've removed it from the
|
|
64
|
-
CDK application or because you've made a change that requires the resource
|
|
65
|
-
to be replaced.
|
|
66
|
-
|
|
67
|
-
The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
|
|
68
|
-
account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
|
|
69
|
-
|
|
70
|
-
###### `policy`<sup>Required</sup> <a name="policy" id="cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.applyRemovalPolicy.parameter.policy"></a>
|
|
71
|
-
|
|
72
|
-
- *Type:* aws-cdk-lib.RemovalPolicy
|
|
73
|
-
|
|
74
|
-
---
|
|
75
|
-
|
|
76
|
-
##### `addPermission` <a name="addPermission" id="cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.addPermission"></a>
|
|
77
|
-
|
|
78
|
-
```typescript
|
|
79
|
-
public addPermission(id: string, permission: LayerVersionPermission): void
|
|
80
|
-
```
|
|
81
|
-
|
|
82
|
-
Add permission for this layer version to specific entities.
|
|
83
|
-
|
|
84
|
-
Usage within
|
|
85
|
-
the same account where the layer is defined is always allowed and does not
|
|
86
|
-
require calling this method. Note that the principal that creates the
|
|
87
|
-
Lambda function using the layer (for example, a CloudFormation changeset
|
|
88
|
-
execution role) also needs to have the ``lambda:GetLayerVersion``
|
|
89
|
-
permission on the layer version.
|
|
90
|
-
|
|
91
|
-
###### `id`<sup>Required</sup> <a name="id" id="cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.addPermission.parameter.id"></a>
|
|
92
|
-
|
|
93
|
-
- *Type:* string
|
|
94
|
-
|
|
95
|
-
---
|
|
96
|
-
|
|
97
|
-
###### `permission`<sup>Required</sup> <a name="permission" id="cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.addPermission.parameter.permission"></a>
|
|
98
|
-
|
|
99
|
-
- *Type:* aws-cdk-lib.aws_lambda.LayerVersionPermission
|
|
100
|
-
|
|
101
|
-
---
|
|
102
|
-
|
|
103
57
|
#### Static Functions <a name="Static Functions" id="Static Functions"></a>
|
|
104
58
|
|
|
105
59
|
| **Name** | **Description** |
|
|
106
60
|
| --- | --- |
|
|
107
61
|
| <code><a href="#cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.isConstruct">isConstruct</a></code> | Checks if `x` is a construct. |
|
|
108
|
-
| <code><a href="#cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.isOwnedResource">isOwnedResource</a></code> | Returns true if the construct was created by CDK, and false otherwise. |
|
|
109
|
-
| <code><a href="#cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.isResource">isResource</a></code> | Check whether the given construct is a Resource. |
|
|
110
|
-
| <code><a href="#cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.fromLayerVersionArn">fromLayerVersionArn</a></code> | Imports a layer version by ARN. |
|
|
111
|
-
| <code><a href="#cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.fromLayerVersionAttributes">fromLayerVersionAttributes</a></code> | Imports a Layer that has been defined externally. |
|
|
112
|
-
| <code><a href="#cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.getOrCreate">getOrCreate</a></code> | *No description.* |
|
|
113
62
|
|
|
114
63
|
---
|
|
115
64
|
|
|
@@ -131,125 +80,12 @@ Any object.
|
|
|
131
80
|
|
|
132
81
|
---
|
|
133
82
|
|
|
134
|
-
##### `isOwnedResource` <a name="isOwnedResource" id="cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.isOwnedResource"></a>
|
|
135
|
-
|
|
136
|
-
```typescript
|
|
137
|
-
import { SecretManagerWrapperLayer } from 'cdk-secret-manager-wrapper-layer'
|
|
138
|
-
|
|
139
|
-
SecretManagerWrapperLayer.isOwnedResource(construct: IConstruct)
|
|
140
|
-
```
|
|
141
|
-
|
|
142
|
-
Returns true if the construct was created by CDK, and false otherwise.
|
|
143
|
-
|
|
144
|
-
###### `construct`<sup>Required</sup> <a name="construct" id="cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.isOwnedResource.parameter.construct"></a>
|
|
145
|
-
|
|
146
|
-
- *Type:* constructs.IConstruct
|
|
147
|
-
|
|
148
|
-
---
|
|
149
|
-
|
|
150
|
-
##### `isResource` <a name="isResource" id="cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.isResource"></a>
|
|
151
|
-
|
|
152
|
-
```typescript
|
|
153
|
-
import { SecretManagerWrapperLayer } from 'cdk-secret-manager-wrapper-layer'
|
|
154
|
-
|
|
155
|
-
SecretManagerWrapperLayer.isResource(construct: IConstruct)
|
|
156
|
-
```
|
|
157
|
-
|
|
158
|
-
Check whether the given construct is a Resource.
|
|
159
|
-
|
|
160
|
-
###### `construct`<sup>Required</sup> <a name="construct" id="cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.isResource.parameter.construct"></a>
|
|
161
|
-
|
|
162
|
-
- *Type:* constructs.IConstruct
|
|
163
|
-
|
|
164
|
-
---
|
|
165
|
-
|
|
166
|
-
##### `fromLayerVersionArn` <a name="fromLayerVersionArn" id="cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.fromLayerVersionArn"></a>
|
|
167
|
-
|
|
168
|
-
```typescript
|
|
169
|
-
import { SecretManagerWrapperLayer } from 'cdk-secret-manager-wrapper-layer'
|
|
170
|
-
|
|
171
|
-
SecretManagerWrapperLayer.fromLayerVersionArn(scope: Construct, id: string, layerVersionArn: string)
|
|
172
|
-
```
|
|
173
|
-
|
|
174
|
-
Imports a layer version by ARN.
|
|
175
|
-
|
|
176
|
-
Assumes it is compatible with all Lambda runtimes.
|
|
177
|
-
|
|
178
|
-
###### `scope`<sup>Required</sup> <a name="scope" id="cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.fromLayerVersionArn.parameter.scope"></a>
|
|
179
|
-
|
|
180
|
-
- *Type:* constructs.Construct
|
|
181
|
-
|
|
182
|
-
---
|
|
183
|
-
|
|
184
|
-
###### `id`<sup>Required</sup> <a name="id" id="cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.fromLayerVersionArn.parameter.id"></a>
|
|
185
|
-
|
|
186
|
-
- *Type:* string
|
|
187
|
-
|
|
188
|
-
---
|
|
189
|
-
|
|
190
|
-
###### `layerVersionArn`<sup>Required</sup> <a name="layerVersionArn" id="cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.fromLayerVersionArn.parameter.layerVersionArn"></a>
|
|
191
|
-
|
|
192
|
-
- *Type:* string
|
|
193
|
-
|
|
194
|
-
---
|
|
195
|
-
|
|
196
|
-
##### `fromLayerVersionAttributes` <a name="fromLayerVersionAttributes" id="cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.fromLayerVersionAttributes"></a>
|
|
197
|
-
|
|
198
|
-
```typescript
|
|
199
|
-
import { SecretManagerWrapperLayer } from 'cdk-secret-manager-wrapper-layer'
|
|
200
|
-
|
|
201
|
-
SecretManagerWrapperLayer.fromLayerVersionAttributes(scope: Construct, id: string, attrs: LayerVersionAttributes)
|
|
202
|
-
```
|
|
203
|
-
|
|
204
|
-
Imports a Layer that has been defined externally.
|
|
205
|
-
|
|
206
|
-
###### `scope`<sup>Required</sup> <a name="scope" id="cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.fromLayerVersionAttributes.parameter.scope"></a>
|
|
207
|
-
|
|
208
|
-
- *Type:* constructs.Construct
|
|
209
|
-
|
|
210
|
-
the parent Construct that will use the imported layer.
|
|
211
|
-
|
|
212
|
-
---
|
|
213
|
-
|
|
214
|
-
###### `id`<sup>Required</sup> <a name="id" id="cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.fromLayerVersionAttributes.parameter.id"></a>
|
|
215
|
-
|
|
216
|
-
- *Type:* string
|
|
217
|
-
|
|
218
|
-
the id of the imported layer in the construct tree.
|
|
219
|
-
|
|
220
|
-
---
|
|
221
|
-
|
|
222
|
-
###### `attrs`<sup>Required</sup> <a name="attrs" id="cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.fromLayerVersionAttributes.parameter.attrs"></a>
|
|
223
|
-
|
|
224
|
-
- *Type:* aws-cdk-lib.aws_lambda.LayerVersionAttributes
|
|
225
|
-
|
|
226
|
-
the properties of the imported layer.
|
|
227
|
-
|
|
228
|
-
---
|
|
229
|
-
|
|
230
|
-
##### `getOrCreate` <a name="getOrCreate" id="cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.getOrCreate"></a>
|
|
231
|
-
|
|
232
|
-
```typescript
|
|
233
|
-
import { SecretManagerWrapperLayer } from 'cdk-secret-manager-wrapper-layer'
|
|
234
|
-
|
|
235
|
-
SecretManagerWrapperLayer.getOrCreate(scope: Construct)
|
|
236
|
-
```
|
|
237
|
-
|
|
238
|
-
###### `scope`<sup>Required</sup> <a name="scope" id="cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.getOrCreate.parameter.scope"></a>
|
|
239
|
-
|
|
240
|
-
- *Type:* constructs.Construct
|
|
241
|
-
|
|
242
|
-
---
|
|
243
|
-
|
|
244
83
|
#### Properties <a name="Properties" id="Properties"></a>
|
|
245
84
|
|
|
246
85
|
| **Name** | **Type** | **Description** |
|
|
247
86
|
| --- | --- | --- |
|
|
248
87
|
| <code><a href="#cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
|
|
249
|
-
| <code><a href="#cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.property.
|
|
250
|
-
| <code><a href="#cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.property.stack">stack</a></code> | <code>aws-cdk-lib.Stack</code> | The stack in which this resource is defined. |
|
|
251
|
-
| <code><a href="#cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.property.layerVersionArn">layerVersionArn</a></code> | <code>string</code> | The ARN of the Lambda Layer version that this Layer defines. |
|
|
252
|
-
| <code><a href="#cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.property.compatibleRuntimes">compatibleRuntimes</a></code> | <code>aws-cdk-lib.aws_lambda.Runtime[]</code> | The runtimes compatible with this Layer. |
|
|
88
|
+
| <code><a href="#cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.property.layerVersion">layerVersion</a></code> | <code>aws-cdk-lib.aws_lambda.ILayerVersion</code> | *No description.* |
|
|
253
89
|
|
|
254
90
|
---
|
|
255
91
|
|
|
@@ -265,62 +101,48 @@ The tree node.
|
|
|
265
101
|
|
|
266
102
|
---
|
|
267
103
|
|
|
268
|
-
##### `
|
|
104
|
+
##### `layerVersion`<sup>Required</sup> <a name="layerVersion" id="cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.property.layerVersion"></a>
|
|
269
105
|
|
|
270
106
|
```typescript
|
|
271
|
-
public readonly
|
|
107
|
+
public readonly layerVersion: ILayerVersion;
|
|
272
108
|
```
|
|
273
109
|
|
|
274
|
-
- *Type:* aws-cdk-lib.
|
|
275
|
-
|
|
276
|
-
The environment this resource belongs to.
|
|
277
|
-
|
|
278
|
-
For resources that are created and managed by the CDK
|
|
279
|
-
(generally, those created by creating new class instances like Role, Bucket, etc.),
|
|
280
|
-
this is always the same as the environment of the stack they belong to;
|
|
281
|
-
however, for imported resources
|
|
282
|
-
(those obtained from static methods like fromRoleArn, fromBucketName, etc.),
|
|
283
|
-
that might be different than the stack they were imported into.
|
|
110
|
+
- *Type:* aws-cdk-lib.aws_lambda.ILayerVersion
|
|
284
111
|
|
|
285
112
|
---
|
|
286
113
|
|
|
287
|
-
##### `stack`<sup>Required</sup> <a name="stack" id="cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer.property.stack"></a>
|
|
288
|
-
|
|
289
|
-
```typescript
|
|
290
|
-
public readonly stack: Stack;
|
|
291
|
-
```
|
|
292
114
|
|
|
293
|
-
|
|
115
|
+
## Structs <a name="Structs" id="Structs"></a>
|
|
294
116
|
|
|
295
|
-
|
|
296
|
-
|
|
297
|
-
---
|
|
117
|
+
### SecretManagerWrapperLayerProps <a name="SecretManagerWrapperLayerProps" id="cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayerProps"></a>
|
|
298
118
|
|
|
299
|
-
|
|
119
|
+
#### Initializer <a name="Initializer" id="cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayerProps.Initializer"></a>
|
|
300
120
|
|
|
301
121
|
```typescript
|
|
302
|
-
|
|
122
|
+
import { SecretManagerWrapperLayerProps } from 'cdk-secret-manager-wrapper-layer'
|
|
123
|
+
|
|
124
|
+
const secretManagerWrapperLayerProps: SecretManagerWrapperLayerProps = { ... }
|
|
303
125
|
```
|
|
304
126
|
|
|
305
|
-
|
|
127
|
+
#### Properties <a name="Properties" id="Properties"></a>
|
|
306
128
|
|
|
307
|
-
|
|
129
|
+
| **Name** | **Type** | **Description** |
|
|
130
|
+
| --- | --- | --- |
|
|
131
|
+
| <code><a href="#cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayerProps.property.lambdaArchitecture">lambdaArchitecture</a></code> | <code>aws-cdk-lib.aws_lambda.Architecture</code> | The architecture for the Lambda function that will use this layer. |
|
|
308
132
|
|
|
309
133
|
---
|
|
310
134
|
|
|
311
|
-
##### `
|
|
135
|
+
##### `lambdaArchitecture`<sup>Optional</sup> <a name="lambdaArchitecture" id="cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayerProps.property.lambdaArchitecture"></a>
|
|
312
136
|
|
|
313
137
|
```typescript
|
|
314
|
-
public readonly
|
|
138
|
+
public readonly lambdaArchitecture: Architecture;
|
|
315
139
|
```
|
|
316
140
|
|
|
317
|
-
- *Type:* aws-cdk-lib.aws_lambda.
|
|
141
|
+
- *Type:* aws-cdk-lib.aws_lambda.Architecture
|
|
318
142
|
|
|
319
|
-
The
|
|
143
|
+
The architecture for the Lambda function that will use this layer.
|
|
320
144
|
|
|
321
145
|
---
|
|
322
146
|
|
|
323
147
|
|
|
324
148
|
|
|
325
|
-
|
|
326
|
-
|
package/README.md
CHANGED
|
@@ -2,11 +2,20 @@
|
|
|
2
2
|
that Lambda layer uses a wrapper script to fetch information from Secrets Manager and create environmental variables.
|
|
3
3
|
> idea from [source](https://github.com/aws-samples/aws-lambda-environmental-variables-from-aws-secrets-manager)
|
|
4
4
|
|
|
5
|
+
## Updates
|
|
6
|
+
|
|
7
|
+
**2025-03-02: v2.1.0**
|
|
8
|
+
- Added architecture parameter support for Lambda Layer
|
|
9
|
+
- Updated Python runtime from 3.9 to 3.13
|
|
10
|
+
- Fixed handler name in example code
|
|
11
|
+
- Improved layer initialization and referencing patterns
|
|
12
|
+
- Enhanced compatibility with AWS Lambda ARM64 architecture
|
|
13
|
+
|
|
5
14
|
## Example
|
|
6
15
|
```ts
|
|
7
16
|
import { App, Stack, CfnOutput, Duration } from 'aws-cdk-lib';
|
|
8
17
|
import { Effect, PolicyStatement } from 'aws-cdk-lib/aws-iam';
|
|
9
|
-
import { Function, Runtime, Code, FunctionUrlAuthType } from 'aws-cdk-lib/aws-lambda';
|
|
18
|
+
import { Function, Runtime, Code, FunctionUrlAuthType, Architecture } from 'aws-cdk-lib/aws-lambda';
|
|
10
19
|
import { CfnSecret } from 'aws-cdk-lib/aws-secretsmanager';
|
|
11
20
|
import { SecretManagerWrapperLayer } from 'cdk-secret-manager-wrapper-layer';
|
|
12
21
|
const env = {
|
|
@@ -19,7 +28,7 @@ const stack = new Stack(app, 'testing-stack', { env });
|
|
|
19
28
|
/**
|
|
20
29
|
* Example create an Secret for testing.
|
|
21
30
|
*/
|
|
22
|
-
const secret = new CfnSecret(stack, '
|
|
31
|
+
const secret = new CfnSecret(stack, 'MySecret', {
|
|
23
32
|
secretString: JSON.stringify({
|
|
24
33
|
KEY1: 'VALUE1',
|
|
25
34
|
KEY2: 'VALUE2',
|
|
@@ -27,21 +36,25 @@ const secret = new CfnSecret(stack, 'Mysecret', {
|
|
|
27
36
|
}),
|
|
28
37
|
});
|
|
29
38
|
|
|
30
|
-
const
|
|
39
|
+
const lambdaArchitecture = Architecture.X86_64;
|
|
40
|
+
|
|
41
|
+
const layer = new SecretManagerWrapperLayer(stack, 'SecretManagerWrapperLayer', {
|
|
42
|
+
lambdaArchitecture,
|
|
43
|
+
});
|
|
31
44
|
|
|
32
45
|
const lambda = new Function(stack, 'fn', {
|
|
33
|
-
runtime: Runtime.
|
|
46
|
+
runtime: Runtime.PYTHON_3_13,
|
|
34
47
|
code: Code.fromInline(`
|
|
35
48
|
import os
|
|
36
|
-
def
|
|
49
|
+
def handler(events, contexts):
|
|
37
50
|
env = {}
|
|
38
51
|
env['KEY1'] = os.environ.get('KEY1', 'Not Found')
|
|
39
52
|
env['KEY2'] = os.environ.get('KEY2', 'Not Found')
|
|
40
53
|
env['KEY3'] = os.environ.get('KEY3', 'Not Found')
|
|
41
54
|
return env
|
|
42
55
|
`),
|
|
43
|
-
handler: 'index.
|
|
44
|
-
layers: [layer],
|
|
56
|
+
handler: 'index.handler',
|
|
57
|
+
layers: [layer.layerVersion],
|
|
45
58
|
timeout: Duration.minutes(1),
|
|
46
59
|
/**
|
|
47
60
|
* you need to define this 4 environment various.
|
|
@@ -52,6 +65,7 @@ def hander(events, contexts):
|
|
|
52
65
|
SECRET_ARN: secret.ref,
|
|
53
66
|
API_TIMEOUT: '5000',
|
|
54
67
|
},
|
|
68
|
+
architecture: lambdaArchitecture,
|
|
55
69
|
});
|
|
56
70
|
|
|
57
71
|
/**
|
package/lib/integ.index.js
CHANGED
|
@@ -14,27 +14,30 @@ const stack = new aws_cdk_lib_1.Stack(mockApp, 'testing-stack', { env });
|
|
|
14
14
|
/**
|
|
15
15
|
* Example create an Secret for testing.
|
|
16
16
|
*/
|
|
17
|
-
const secret = new aws_secretsmanager_1.CfnSecret(stack, '
|
|
17
|
+
const secret = new aws_secretsmanager_1.CfnSecret(stack, 'MySecret', {
|
|
18
18
|
secretString: JSON.stringify({
|
|
19
19
|
KEY1: 'VALUE1',
|
|
20
20
|
KEY2: 'VALUE2',
|
|
21
21
|
KEY3: 'VALUE3',
|
|
22
22
|
}),
|
|
23
23
|
});
|
|
24
|
-
const
|
|
24
|
+
const lambdaArchitecture = aws_lambda_1.Architecture.ARM_64;
|
|
25
|
+
const layer = new index_1.SecretManagerWrapperLayer(stack, 'SecretManagerWrapperLayer', {
|
|
26
|
+
lambdaArchitecture,
|
|
27
|
+
});
|
|
25
28
|
const lambda = new aws_lambda_1.Function(stack, 'fn', {
|
|
26
|
-
runtime: aws_lambda_1.Runtime.
|
|
29
|
+
runtime: aws_lambda_1.Runtime.PYTHON_3_13,
|
|
27
30
|
code: aws_lambda_1.Code.fromInline(`
|
|
28
31
|
import os
|
|
29
|
-
def
|
|
32
|
+
def handler(events, contexts):
|
|
30
33
|
env = {}
|
|
31
34
|
env['KEY1'] = os.environ.get('KEY1', 'Not Found')
|
|
32
35
|
env['KEY2'] = os.environ.get('KEY2', 'Not Found')
|
|
33
36
|
env['KEY3'] = os.environ.get('KEY3', 'Not Found')
|
|
34
37
|
return env
|
|
35
38
|
`),
|
|
36
|
-
handler: 'index.
|
|
37
|
-
layers: [layer],
|
|
39
|
+
handler: 'index.handler',
|
|
40
|
+
layers: [layer.layerVersion],
|
|
38
41
|
timeout: aws_cdk_lib_1.Duration.minutes(1),
|
|
39
42
|
/**
|
|
40
43
|
* you need to define this 4 environment various.
|
|
@@ -45,6 +48,7 @@ def hander(events, contexts):
|
|
|
45
48
|
SECRET_ARN: secret.ref,
|
|
46
49
|
API_TIMEOUT: '5000',
|
|
47
50
|
},
|
|
51
|
+
architecture: lambdaArchitecture,
|
|
48
52
|
});
|
|
49
53
|
/**
|
|
50
54
|
* Add Permission for lambda get secret value from secret manager.
|
|
@@ -64,4 +68,4 @@ const FnUrl = lambda.addFunctionUrl({
|
|
|
64
68
|
new aws_cdk_lib_1.CfnOutput(stack, 'FnUrl', {
|
|
65
69
|
value: FnUrl.url,
|
|
66
70
|
});
|
|
67
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
71
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW50ZWcuaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvaW50ZWcuaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFBQSw2Q0FBOEQ7QUFDOUQsaURBQThEO0FBQzlELHVEQUFvRztBQUNwRyx1RUFBMkQ7QUFDM0QsbUNBQW9EO0FBQ3BELE1BQU0sR0FBRyxHQUFHO0lBQ1YsTUFBTSxFQUFFLE9BQU8sQ0FBQyxHQUFHLENBQUMsa0JBQWtCO0lBQ3RDLE9BQU8sRUFBRSxPQUFPLENBQUMsR0FBRyxDQUFDLG1CQUFtQjtDQUN6QyxDQUFDO0FBQ0YsTUFBTSxPQUFPLEdBQUcsSUFBSSxpQkFBRyxFQUFFLENBQUM7QUFDMUIsTUFBTSxLQUFLLEdBQUcsSUFBSSxtQkFBSyxDQUFDLE9BQU8sRUFBRSxlQUFlLEVBQUUsRUFBRSxHQUFHLEVBQUUsQ0FBQyxDQUFDO0FBRTNEOztHQUVHO0FBQ0gsTUFBTSxNQUFNLEdBQUcsSUFBSSw4QkFBUyxDQUFDLEtBQUssRUFBRSxVQUFVLEVBQUU7SUFDOUMsWUFBWSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUM7UUFDM0IsSUFBSSxFQUFFLFFBQVE7UUFDZCxJQUFJLEVBQUUsUUFBUTtRQUNkLElBQUksRUFBRSxRQUFRO0tBQ2YsQ0FBQztDQUNILENBQUMsQ0FBQztBQUVILE1BQU0sa0JBQWtCLEdBQUcseUJBQVksQ0FBQyxNQUFNLENBQUM7QUFFL0MsTUFBTSxLQUFLLEdBQUcsSUFBSSxpQ0FBeUIsQ0FBQyxLQUFLLEVBQUUsMkJBQTJCLEVBQUU7SUFDOUUsa0JBQWtCO0NBQ25CLENBQUMsQ0FBQztBQUVILE1BQU0sTUFBTSxHQUFHLElBQUkscUJBQVEsQ0FBQyxLQUFLLEVBQUUsSUFBSSxFQUFFO0lBQ3ZDLE9BQU8sRUFBRSxvQkFBTyxDQUFDLFdBQVc7SUFDNUIsSUFBSSxFQUFFLGlCQUFJLENBQUMsVUFBVSxDQUFDOzs7Ozs7OztLQVFuQixDQUFDO0lBQ0osT0FBTyxFQUFFLGVBQWU7SUFDeEIsTUFBTSxFQUFFLENBQUMsS0FBSyxDQUFDLFlBQVksQ0FBQztJQUM1QixPQUFPLEVBQUUsc0JBQVEsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDO0lBQzVCOztPQUVHO0lBQ0gsV0FBVyxFQUFFO1FBQ1gsdUJBQXVCLEVBQUUsd0JBQXdCO1FBQ2pELGFBQWEsRUFBRSxLQUFLLENBQUMsTUFBTTtRQUMzQixVQUFVLEVBQUUsTUFBTSxDQUFDLEdBQUc7UUFDdEIsV0FBVyxFQUFFLE1BQU07S0FDcEI7SUFDRCxZQUFZLEVBQUUsa0JBQWtCO0NBQ2pDLENBQUMsQ0FBQztBQUVIOztHQUVHO0FBQ0gsTUFBTSxDQUFDLElBQUssQ0FBQyxvQkFBb0IsQ0FDL0IsSUFBSSx5QkFBZSxDQUFDO0lBQ2xCLE1BQU0sRUFBRSxnQkFBTSxDQUFDLEtBQUs7SUFDcEIsT0FBTyxFQUFFLENBQUMsK0JBQStCLENBQUM7SUFDMUMsc0NBQXNDO0lBQ3RDLFNBQVMsRUFBRSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUM7Q0FDeEIsQ0FBQyxDQUNILENBQUM7QUFFRjs7R0FFRztBQUNILE1BQU0sS0FBSyxHQUFHLE1BQU0sQ0FBQyxjQUFjLENBQUM7SUFDbEMsUUFBUSxFQUFFLGdDQUFtQixDQUFDLElBQUk7Q0FDbkMsQ0FBQyxDQUFDO0FBRUgsSUFBSSx1QkFBUyxDQUFDLEtBQUssRUFBRSxPQUFPLEVBQUU7SUFDNUIsS0FBSyxFQUFFLEtBQUssQ0FBQyxHQUFHO0NBQ2pCLENBQUMsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IEFwcCwgU3RhY2ssIENmbk91dHB1dCwgRHVyYXRpb24gfSBmcm9tICdhd3MtY2RrLWxpYic7XG5pbXBvcnQgeyBFZmZlY3QsIFBvbGljeVN0YXRlbWVudCB9IGZyb20gJ2F3cy1jZGstbGliL2F3cy1pYW0nO1xuaW1wb3J0IHsgRnVuY3Rpb24sIFJ1bnRpbWUsIENvZGUsIEZ1bmN0aW9uVXJsQXV0aFR5cGUsIEFyY2hpdGVjdHVyZSB9IGZyb20gJ2F3cy1jZGstbGliL2F3cy1sYW1iZGEnO1xuaW1wb3J0IHsgQ2ZuU2VjcmV0IH0gZnJvbSAnYXdzLWNkay1saWIvYXdzLXNlY3JldHNtYW5hZ2VyJztcbmltcG9ydCB7IFNlY3JldE1hbmFnZXJXcmFwcGVyTGF5ZXIgfSBmcm9tICcuL2luZGV4JztcbmNvbnN0IGVudiA9IHtcbiAgcmVnaW9uOiBwcm9jZXNzLmVudi5DREtfREVGQVVMVF9SRUdJT04sXG4gIGFjY291bnQ6IHByb2Nlc3MuZW52LkNES19ERUZBVUxUX0FDQ09VTlQsXG59O1xuY29uc3QgbW9ja0FwcCA9IG5ldyBBcHAoKTtcbmNvbnN0IHN0YWNrID0gbmV3IFN0YWNrKG1vY2tBcHAsICd0ZXN0aW5nLXN0YWNrJywgeyBlbnYgfSk7XG5cbi8qKlxuICogRXhhbXBsZSBjcmVhdGUgYW4gU2VjcmV0IGZvciB0ZXN0aW5nLlxuICovXG5jb25zdCBzZWNyZXQgPSBuZXcgQ2ZuU2VjcmV0KHN0YWNrLCAnTXlTZWNyZXQnLCB7XG4gIHNlY3JldFN0cmluZzogSlNPTi5zdHJpbmdpZnkoe1xuICAgIEtFWTE6ICdWQUxVRTEnLFxuICAgIEtFWTI6ICdWQUxVRTInLFxuICAgIEtFWTM6ICdWQUxVRTMnLFxuICB9KSxcbn0pO1xuXG5jb25zdCBsYW1iZGFBcmNoaXRlY3R1cmUgPSBBcmNoaXRlY3R1cmUuQVJNXzY0O1xuXG5jb25zdCBsYXllciA9IG5ldyBTZWNyZXRNYW5hZ2VyV3JhcHBlckxheWVyKHN0YWNrLCAnU2VjcmV0TWFuYWdlcldyYXBwZXJMYXllcicsIHtcbiAgbGFtYmRhQXJjaGl0ZWN0dXJlLFxufSk7XG5cbmNvbnN0IGxhbWJkYSA9IG5ldyBGdW5jdGlvbihzdGFjaywgJ2ZuJywge1xuICBydW50aW1lOiBSdW50aW1lLlBZVEhPTl8zXzEzLFxuICBjb2RlOiBDb2RlLmZyb21JbmxpbmUoYFxuaW1wb3J0IG9zXG5kZWYgaGFuZGxlcihldmVudHMsIGNvbnRleHRzKTpcbiAgICBlbnYgPSB7fVxuICAgIGVudlsnS0VZMSddID0gb3MuZW52aXJvbi5nZXQoJ0tFWTEnLCAnTm90IEZvdW5kJylcbiAgICBlbnZbJ0tFWTInXSA9IG9zLmVudmlyb24uZ2V0KCdLRVkyJywgJ05vdCBGb3VuZCcpXG4gICAgZW52WydLRVkzJ10gPSBvcy5lbnZpcm9uLmdldCgnS0VZMycsICdOb3QgRm91bmQnKVxuICAgIHJldHVybiBlbnZcbiAgICBgKSxcbiAgaGFuZGxlcjogJ2luZGV4LmhhbmRsZXInLFxuICBsYXllcnM6IFtsYXllci5sYXllclZlcnNpb25dLFxuICB0aW1lb3V0OiBEdXJhdGlvbi5taW51dGVzKDEpLFxuICAvKipcbiAgICogeW91IG5lZWQgdG8gZGVmaW5lIHRoaXMgNCBlbnZpcm9ubWVudCB2YXJpb3VzLlxuICAgKi9cbiAgZW52aXJvbm1lbnQ6IHtcbiAgICBBV1NfTEFNQkRBX0VYRUNfV1JBUFBFUjogJy9vcHQvZ2V0LXNlY3JldHMtbGF5ZXInLFxuICAgIFNFQ1JFVF9SRUdJT046IHN0YWNrLnJlZ2lvbixcbiAgICBTRUNSRVRfQVJOOiBzZWNyZXQucmVmLFxuICAgIEFQSV9USU1FT1VUOiAnNTAwMCcsXG4gIH0sXG4gIGFyY2hpdGVjdHVyZTogbGFtYmRhQXJjaGl0ZWN0dXJlLFxufSk7XG5cbi8qKlxuICogQWRkIFBlcm1pc3Npb24gZm9yIGxhbWJkYSBnZXQgc2VjcmV0IHZhbHVlIGZyb20gc2VjcmV0IG1hbmFnZXIuXG4gKi9cbmxhbWJkYS5yb2xlIS5hZGRUb1ByaW5jaXBhbFBvbGljeShcbiAgbmV3IFBvbGljeVN0YXRlbWVudCh7XG4gICAgZWZmZWN0OiBFZmZlY3QuQUxMT1csXG4gICAgYWN0aW9uczogWydzZWNyZXRzbWFuYWdlcjpHZXRTZWNyZXRWYWx1ZSddLFxuICAgIC8vIEFsc28geW91IGNhbiB1c2UgZmluZCBmcm9tIGNvbnRleHQuXG4gICAgcmVzb3VyY2VzOiBbc2VjcmV0LnJlZl0sXG4gIH0pLFxuKTtcblxuLyoqXG4gKiBGb3IgVGVzdGluZy5cbiAqL1xuY29uc3QgRm5VcmwgPSBsYW1iZGEuYWRkRnVuY3Rpb25Vcmwoe1xuICBhdXRoVHlwZTogRnVuY3Rpb25VcmxBdXRoVHlwZS5OT05FLFxufSk7XG5cbm5ldyBDZm5PdXRwdXQoc3RhY2ssICdGblVybCcsIHtcbiAgdmFsdWU6IEZuVXJsLnVybCxcbn0pOyJdfQ==
|
package/lib/layer.d.ts
CHANGED
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
import * as lambda from 'aws-cdk-lib/aws-lambda';
|
|
2
2
|
import { Construct } from 'constructs';
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
3
|
+
export interface SecretManagerWrapperLayerProps {
|
|
4
|
+
/**
|
|
5
|
+
* The architecture for the Lambda function that will use this layer
|
|
6
|
+
*/
|
|
7
|
+
readonly lambdaArchitecture?: lambda.Architecture;
|
|
8
|
+
}
|
|
9
|
+
export declare class SecretManagerWrapperLayer extends Construct {
|
|
10
|
+
readonly layerVersion: lambda.ILayerVersion;
|
|
11
|
+
constructor(scope: Construct, id: string, props?: SecretManagerWrapperLayerProps);
|
|
9
12
|
}
|
package/lib/layer.js
CHANGED
|
@@ -6,28 +6,27 @@ const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
|
|
|
6
6
|
const path = require("path");
|
|
7
7
|
const aws_cdk_lib_1 = require("aws-cdk-lib");
|
|
8
8
|
const lambda = require("aws-cdk-lib/aws-lambda");
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
return existing || new SecretManagerWrapperLayer(stack, id);
|
|
18
|
-
}
|
|
19
|
-
constructor(scope, id) {
|
|
20
|
-
const image = aws_cdk_lib_1.DockerImage.fromBuild(path.join(__dirname, '../layer'));
|
|
9
|
+
const constructs_1 = require("constructs");
|
|
10
|
+
class SecretManagerWrapperLayer extends constructs_1.Construct {
|
|
11
|
+
constructor(scope, id, props) {
|
|
12
|
+
super(scope, id);
|
|
13
|
+
const image = aws_cdk_lib_1.DockerImage.fromBuild(path.join(__dirname, '../layer'), {
|
|
14
|
+
platform: props?.lambdaArchitecture == lambda.Architecture.ARM_64 ? 'linux/arm64' : 'linux/amd64',
|
|
15
|
+
file: 'Dockerfile',
|
|
16
|
+
});
|
|
21
17
|
image.cp('/layer.zip', path.join(__dirname));
|
|
22
|
-
const
|
|
18
|
+
const layerVersionProps = {
|
|
23
19
|
removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY,
|
|
24
20
|
code: lambda.Code.fromAsset(path.join(__dirname, 'layer.zip')),
|
|
25
21
|
description: 'this layer has wrapper script help you setting secret manager json string into lambda runtime',
|
|
26
22
|
};
|
|
27
|
-
|
|
23
|
+
if (!props?.lambdaArchitecture) {
|
|
24
|
+
aws_cdk_lib_1.Annotations.of(this).addWarning('The Lambda Function that uses this layer will need to have a runtime that supports X86_64 linux/amd64.');
|
|
25
|
+
}
|
|
26
|
+
this.layerVersion = new lambda.LayerVersion(this, 'SecretManagerWrapperLayer', layerVersionProps);
|
|
28
27
|
}
|
|
29
28
|
}
|
|
30
29
|
exports.SecretManagerWrapperLayer = SecretManagerWrapperLayer;
|
|
31
30
|
_a = JSII_RTTI_SYMBOL_1;
|
|
32
|
-
SecretManagerWrapperLayer[_a] = { fqn: "cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer", version: "2.0
|
|
33
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
31
|
+
SecretManagerWrapperLayer[_a] = { fqn: "cdk-secret-manager-wrapper-layer.SecretManagerWrapperLayer", version: "2.1.0" };
|
|
32
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibGF5ZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvbGF5ZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFBQSw2QkFBNkI7QUFDN0IsNkNBQXNFO0FBQ3RFLGlEQUFpRDtBQUNqRCwyQ0FBdUM7QUFRdkMsTUFBYSx5QkFBMEIsU0FBUSxzQkFBUztJQVF0RCxZQUFZLEtBQWdCLEVBQUUsRUFBVSxFQUFFLEtBQXNDO1FBQzlFLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFDakIsTUFBTSxLQUFLLEdBQUcseUJBQVcsQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxTQUFTLEVBQUUsVUFBVSxDQUFDLEVBQUU7WUFDcEUsUUFBUSxFQUFFLEtBQUssRUFBRSxrQkFBbUIsSUFBSSxNQUFNLENBQUMsWUFBWSxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsYUFBYSxDQUFDLENBQUMsQ0FBQyxhQUFhO1lBQ2xHLElBQUksRUFBRSxZQUFZO1NBQ25CLENBQUMsQ0FBQztRQUNILEtBQUssQ0FBQyxFQUFFLENBQUMsWUFBWSxFQUFFLElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQztRQUU3QyxNQUFNLGlCQUFpQixHQUE2QjtZQUNsRCxhQUFhLEVBQUUsMkJBQWEsQ0FBQyxPQUFPO1lBQ3BDLElBQUksRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsRUFBRSxXQUFXLENBQUMsQ0FBQztZQUM5RCxXQUFXLEVBQUUsK0ZBQStGO1NBQzdHLENBQUM7UUFFRixJQUFJLENBQUMsS0FBSyxFQUFFLGtCQUFrQixFQUFFLENBQUM7WUFDL0IseUJBQVcsQ0FBQyxFQUFFLENBQUMsSUFBSSxDQUFDLENBQUMsVUFBVSxDQUM3Qix3R0FBd0csQ0FDekcsQ0FBQztRQUNKLENBQUM7UUFFRCxJQUFJLENBQUMsWUFBWSxHQUFHLElBQUksTUFBTSxDQUFDLFlBQVksQ0FBQyxJQUFJLEVBQUUsMkJBQTJCLEVBQUUsaUJBQWlCLENBQUMsQ0FBQztJQUNwRyxDQUFDOztBQTdCSCw4REE4QkMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgKiBhcyBwYXRoIGZyb20gJ3BhdGgnO1xuaW1wb3J0IHsgRG9ja2VySW1hZ2UsIFJlbW92YWxQb2xpY3ksIEFubm90YXRpb25zIH0gZnJvbSAnYXdzLWNkay1saWInO1xuaW1wb3J0ICogYXMgbGFtYmRhIGZyb20gJ2F3cy1jZGstbGliL2F3cy1sYW1iZGEnO1xuaW1wb3J0IHsgQ29uc3RydWN0IH0gZnJvbSAnY29uc3RydWN0cyc7XG5cbmV4cG9ydCBpbnRlcmZhY2UgU2VjcmV0TWFuYWdlcldyYXBwZXJMYXllclByb3BzIHtcbiAgLyoqXG4gICAqIFRoZSBhcmNoaXRlY3R1cmUgZm9yIHRoZSBMYW1iZGEgZnVuY3Rpb24gdGhhdCB3aWxsIHVzZSB0aGlzIGxheWVyXG4gICAqL1xuICByZWFkb25seSBsYW1iZGFBcmNoaXRlY3R1cmU/OiBsYW1iZGEuQXJjaGl0ZWN0dXJlO1xufVxuZXhwb3J0IGNsYXNzIFNlY3JldE1hbmFnZXJXcmFwcGVyTGF5ZXIgZXh0ZW5kcyBDb25zdHJ1Y3Qge1xuICAvLyBwdWJsaWMgc3RhdGljIGdldE9yQ3JlYXRlKHNjb3BlOiBDb25zdHJ1Y3QpOiBTZWNyZXRNYW5hZ2VyV3JhcHBlckxheWVyIHtcbiAgLy8gICBjb25zdCBzdGFjayA9IFN0YWNrLm9mKHNjb3BlKTtcbiAgLy8gICBjb25zdCBpZCA9ICdTZWNyZXRNYW5hZ2VyV3JhcHBlckxheWVyJztcbiAgLy8gICBjb25zdCBleGlzdGluZyA9IHN0YWNrLm5vZGUudHJ5RmluZENoaWxkKGlkKTtcbiAgLy8gICByZXR1cm4gKGV4aXN0aW5nIGFzIFNlY3JldE1hbmFnZXJXcmFwcGVyTGF5ZXIpIHx8IG5ldyBTZWNyZXRNYW5hZ2VyV3JhcHBlckxheWVyKHN0YWNrLCBpZCwgKTtcbiAgLy8gfVxuICBwdWJsaWMgcmVhZG9ubHkgbGF5ZXJWZXJzaW9uOiBsYW1iZGEuSUxheWVyVmVyc2lvbjtcbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM/OiBTZWNyZXRNYW5hZ2VyV3JhcHBlckxheWVyUHJvcHMpIHtcbiAgICBzdXBlcihzY29wZSwgaWQpO1xuICAgIGNvbnN0IGltYWdlID0gRG9ja2VySW1hZ2UuZnJvbUJ1aWxkKHBhdGguam9pbihfX2Rpcm5hbWUsICcuLi9sYXllcicpLCB7XG4gICAgICBwbGF0Zm9ybTogcHJvcHM/LmxhbWJkYUFyY2hpdGVjdHVyZSEgPT0gbGFtYmRhLkFyY2hpdGVjdHVyZS5BUk1fNjQgPyAnbGludXgvYXJtNjQnIDogJ2xpbnV4L2FtZDY0JyxcbiAgICAgIGZpbGU6ICdEb2NrZXJmaWxlJyxcbiAgICB9KTtcbiAgICBpbWFnZS5jcCgnL2xheWVyLnppcCcsIHBhdGguam9pbihfX2Rpcm5hbWUpKTtcblxuICAgIGNvbnN0IGxheWVyVmVyc2lvblByb3BzOiBsYW1iZGEuTGF5ZXJWZXJzaW9uUHJvcHMgPSB7XG4gICAgICByZW1vdmFsUG9saWN5OiBSZW1vdmFsUG9saWN5LkRFU1RST1ksXG4gICAgICBjb2RlOiBsYW1iZGEuQ29kZS5mcm9tQXNzZXQocGF0aC5qb2luKF9fZGlybmFtZSwgJ2xheWVyLnppcCcpKSxcbiAgICAgIGRlc2NyaXB0aW9uOiAndGhpcyBsYXllciBoYXMgd3JhcHBlciBzY3JpcHQgaGVscCB5b3Ugc2V0dGluZyBzZWNyZXQgbWFuYWdlciBqc29uIHN0cmluZyBpbnRvIGxhbWJkYSBydW50aW1lJyxcbiAgICB9O1xuXG4gICAgaWYgKCFwcm9wcz8ubGFtYmRhQXJjaGl0ZWN0dXJlKSB7XG4gICAgICBBbm5vdGF0aW9ucy5vZih0aGlzKS5hZGRXYXJuaW5nKFxuICAgICAgICAnVGhlIExhbWJkYSBGdW5jdGlvbiB0aGF0IHVzZXMgdGhpcyBsYXllciB3aWxsIG5lZWQgdG8gaGF2ZSBhIHJ1bnRpbWUgdGhhdCBzdXBwb3J0cyBYODZfNjQgbGludXgvYW1kNjQuJyxcbiAgICAgICk7XG4gICAgfVxuXG4gICAgdGhpcy5sYXllclZlcnNpb24gPSBuZXcgbGFtYmRhLkxheWVyVmVyc2lvbih0aGlzLCAnU2VjcmV0TWFuYWdlcldyYXBwZXJMYXllcicsIGxheWVyVmVyc2lvblByb3BzKTtcbiAgfVxufSJdfQ==
|
package/package.json
CHANGED
|
@@ -22,7 +22,6 @@
|
|
|
22
22
|
"post-upgrade": "npx projen post-upgrade",
|
|
23
23
|
"pre-compile": "npx projen pre-compile",
|
|
24
24
|
"release": "npx projen release",
|
|
25
|
-
"release:cdkv1": "npx projen release:cdkv1",
|
|
26
25
|
"test": "npx projen test",
|
|
27
26
|
"test:watch": "npx projen test:watch",
|
|
28
27
|
"unbump": "npx projen unbump",
|
|
@@ -58,6 +57,7 @@
|
|
|
58
57
|
"mock-fs": "5.1.2",
|
|
59
58
|
"projen": "^0.91.13",
|
|
60
59
|
"ts-jest": "^27",
|
|
60
|
+
"ts-node": "^10.9.2",
|
|
61
61
|
"typescript": "^4.9"
|
|
62
62
|
},
|
|
63
63
|
"peerDependencies": {
|
|
@@ -76,7 +76,7 @@
|
|
|
76
76
|
"publishConfig": {
|
|
77
77
|
"access": "public"
|
|
78
78
|
},
|
|
79
|
-
"version": "2.0
|
|
79
|
+
"version": "2.1.0",
|
|
80
80
|
"jest": {
|
|
81
81
|
"coverageProvider": "v8",
|
|
82
82
|
"testMatch": [
|