hands-on lab

Migrating Hard-coded Secrets in AWS Lambda to AWS Secrets Manager

Difficulty: Intermediate
Duration: Up to 1 hour
Students: 1,179
Rating: 5/5
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.

Description

AWS Secrets Manager is a fully-managed service for managing sensitive digital credentials. Types of secrets that can be managed with AWS Secrets Manager include API keys, passwords, tokens, and certificates. AWS Secrets Manager also addresses the security and maintenance concerns that come with hardcoding sensitive pieces of data directly in your code.

With AWS Secrets Manager, you can replace hard-coded credentials in your code by retrieving the secret programmatically using an AWS Secrets API call.

In this lab, you will migrate a hard-coded API key in an AWS Lambda function to AWS Secrets Manager. You will also update the function code to follow a secure pattern that is easier to maintain.

Learning objectives

Upon completion of this intermediate-level lab, you will be able to:

  • Store a secret in AWS Secrets Manager
  • Access a secret from an AWS Lambda function

Intended audiences

  • Candidates for the AWS Certified Solutions Architect - Associate exam
  • Cloud Architects
  • Software Engineers

Prerequisites

Familiarity with the following will be beneficial but is not required:

  • Secrets Manager
  • Python Programming

The following courses and labs can be used to fulfill the prerequisite:

Updates

June 30th, 2023 - Updated lab steps to reflect the new AWS console

Environment before

Environment after

Covered topics

Lab steps

Logging In to the Amazon Web Services Console
Making a Simple API Call with AWS Lambda
Migrating a Hard-coded Secret to AWS Secrets Manager
Retrieving a Secret from AWS Secrets Manager with AWS Lambda