Hello, This is Shiwani Lawte from the DA Business Headquarters.
Today, we will learn how to access SSM parameters in AWS Lambda function using Boto3.
What is SSM
Parameter Store, a capability of AWS Systems Manager, provides secure, hierarchical storage for configuration data management and secrets management. You can store data such as passwords, database strings, Amazon Machine Image (AMI) IDs, and license codes as parameter values.
We can access parameters from Parameter Store in AWS Lambda functions without using an SDK. AWS Parameters and Secrets Lambda Extension can be use to retrieves parameter values and caches them for future use. Using the Lambda extension can reduce your costs by reducing the number of API calls to Parameter Store.
Follow these steps to create and access Parameters from Lambda function
- Create Parameter in SSM
- Create New IAM permission for accessing SSM parameters(Variable) from Lambda function
- Create Lambda function: Use Boto3 to read/update SSM parameters
Create Parameter in SSM
- Go to AWS console and search System Manager
Click Create Parameter
Create a new variable: /my-param/dev/userName Value : Enter a value which you want to define in parameter. Eg: Param@1234
Create New IAM Role
To access SSM parameter from lambda need to give IAM Permission.
- Go to IAM Console =>IAM => Roles => Create Role
2. Select AWS services: Choose Lambda 3. Select Permission: AmazonSSMFullAccess 4. Enter Role Name => Create Role: lambda_ssm_access
The role has been created. We will use this permission in lambda function to access AWS SSM parameters.
Create Lambda Function : Use Boto3 to read SSM parameters
- Go to Services =>Lambda => Create Function => Enter Function Name : Access-SSM-Parameter
- Go to permissions => And select Existing IAM Role: lambda_ssm_access
- Lambda function is created
- Write function code to access Stored parameter
Execution Result :
Environment variables may occasionally need to be encrypted and stored somewhere where number of lambda functions can access them. With the help of the "Parameter Store" feature offered by AWS SSM, you can conveniently store your parameters in SSM and encrypt them by KMS.