How to use AWS KMS in AWS lambda

aws-lambda aws-kms
vutbao picture vutbao · Sep 17, 2015 · Viewed 9.8k times · Source

I've just started to work with AWS services, particularly AWS Lambda. Is there a way to use AWS KMS service from within Lambda code (Java). I'd like to use KMS to decrypt an encrypted externalized (read from a property) secret. My Lambda code is in java. Thanks in advance.

Answer

kleaver picture kleaver · Jun 24, 2016

In Python:

with open('encrypted_pem.txt', 'r') as encrypted_pem:
    pem_file = encrypted_pem.read()

kms = boto3.client('kms', region_name=REGION)
return kms.decrypt(CiphertextBlob=b64decode(pem_file))['Plaintext']

Taken from AWS Labs Chef cleanup source.

The README of that repo explains how to encrypt the PEM file in the first place using the AWS KMS CLI.

Related questions

How to pass a querystring or route parameter to AWS Lambda from Amazon API Gateway

for instance if we want to use GET /user?name=bob or GET /user/bob How would you pass both of these examples as a parameter to the Lambda function? I saw something about setting a "mapped from" in the …

Read More
Can an AWS Lambda function call another

I have 2 Lambda functions - one that produces a quote and one that turns a quote into an order. I'd like the Order lambda function to call the Quote function to regenerate the quote, rather than just receive it from …

Read More
AWS Lambda import module error in python

I am creating a AWS Lambda python deployment package. I am using one external dependency requests . I installed the external dependency using the AWS documentation http://docs.aws.amazon.com/lambda/latest/dg/lambda-python-how-to-create-deployment-package.html. Below is my python code. …

Read More