BlogCommunity
Signup

AWS Lambda

Integrate Onboardbase into AWS Lambda

Suggest Edits

πŸ“˜

Requirements

  • A deployed AWS Lambda function
  • AWS CLI installed
  • AWC CLI authenticated with the user having lambda:UpdateFunctionConfiguration and GetFunctionConfiguration permissions
  • jq CLI
  • Onboardbase service token for authentication.

πŸ“˜

TIP

You can authenticate the CLI with Environment variables.
Supported environment variables are:

  • ONBOARDBASE_TOKEN - A service token
  • ONBOARDBASE_PROJECT - an onboardbase project name
  • ONBOARDBASE_ENVIRONMENT - an environment in the specified project

AWS Permissions

If your IAM user does not have lambda:UpdateFunctionConfiguration and GetFunctionConfiguration permissions, create a new policy, and attach it to the user.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "LambdaConfig",
            "Effect": "Allow",
            "Action": [
                "lambda:UpdateFunctionConfiguration",
                "lambda:GetFunctionConfiguration"
            ],
            "Resource": "*"
        }
    ]
}

Authenticate Onboardbase CLI

onboardbase config:set-token $SERVICE_TOKEN scope /

Fetching Secrets

Use the below command to pull the variables from a Lambda function directly into your Onboardbase project.

onboardbase secrets:upload -p 'onboardbase-project' -e 'project-environment' \
  $(aws lambda get-function-configuration --function-name awsLambdaFunctionName | jq .Environment.Variables -M -c)

The command above would fetch the Environment configuration of awsLambdaFunctionName from AWS and upload it directly to the Onboardbase project specified under the environment

Uploading Secrets

Use the below command to upload all the secrets inside an environment of a project to an AWS Lambda function.

aws lambda update-function-configuration --function-name awsLambdaFunctionName --environment \
  "$(echo "{\"Variables\":$(onboardbase secrets --json -p onboardbase-project -e project-environment)}")"
  • Ensure that the awsLambdaFunctionName exists on AWS with the right permissions
  • Ensure that the project name and environment are passed to onboardbase secrets --json -p onboardbase-project -e project-environment exist on Onboardbase

Updated 5 months ago