Skip to content

Add documentation for using Lambda with Secrets Manager #2544

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jun 30, 2025
Merged

Add documentation for using Lambda with Secrets Manager #2544

merged 3 commits into from
Jun 30, 2025

Conversation

knottnt
Copy link
Contributor

@knottnt knottnt commented Jun 27, 2025

Issue #, if available:

Description of changes:

  • Add tutorial for creating a secret in AWS Secrets Manager with a reference to a Kubernetes Secret
  • Add tutorial for retrieving a secret from AWS Secrets Manager from a Lambda function created by ACK

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@ack-prow ack-prow bot requested review from a-hilaly and jlbutler June 27, 2025 22:20
@ack-prow ack-prow bot added the approved label Jun 27, 2025
@knottnt knottnt force-pushed the lambda-with-secrets-manager branch from 00a4291 to 0ef61ef Compare June 27, 2025 22:22
@knottnt knottnt force-pushed the lambda-with-secrets-manager branch from 0ef61ef to 105c43f Compare June 30, 2025 16:42
a-hilaly
a-hilaly approved these changes Jun 30, 2025
View reviewed changes
Copy link
Member

@a-hilaly a-hilaly left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @knottnt ! left a few non blocking comments

docs/content/docs/tutorials/lambda-with-secrets-manager.md
const secretName = process.env.TEST_SECRET_ARN;
const options = {
hostname: 'localhost',
port: 2773,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what is port 2773 for?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This port is what the AWS Parameter and Secrets Lambda extension listens to.

docs/content/docs/tutorials/lambda-with-secrets-manager.md

```bash
cat > index.mjs << 'EOF'
import http from 'http';
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shall we use aws-sdk instead?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This example function uses the AWS Parameter and Secrets Lambda extension as suggested in the Lambda service docs for integrating with AWS Secrets Manager. I call this out later, but I can add a call out in this section as well to make things clearer.

docs/content/docs/tutorials/lambda-with-secrets-manager.md
Comment on lines +152 to +155
ACK_LAMBDA_IAM_ROLE="ack-lambda-function"
ACK_LAMBDA_IAM_ROLE_DESCRIPTION="Role for ACK managed Lamdba function"
aws iam create-role --role-name "${ACK_LAMBDA_IAM_ROLE}" --assume-role-policy-document file://trust.json --description "${ACK_LAMBDA_IAM_ROLE_DESCRIPTION}"
ACK_LAMBDA_IAM_ROLE_ARN=$(aws iam get-role --role-name=$ACK_LAMBDA_IAM_ROLE --query Role.Arn --output text)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

similarily can we use iam controller for these?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The reason I used the IAM roles directly was that involving the IAM controller requires adding instructions on how to setup the controller which I personally found to draw focus from the core concept of this tutorial. Would a call out to the IAM controller similar to what I used for the secrets-manager controller work for you?

a-hilaly
a-hilaly approved these changes Jun 30, 2025
View reviewed changes
Copy link
Member

@a-hilaly a-hilaly left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @knottnt !
/lgtm

@ack-prow ack-prow bot added the lgtm Indicates that a PR is ready to be merged. label Jun 30, 2025
@ack-prow ACK Prow
Copy link

ack-prow bot commented Jun 30, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: a-hilaly, knottnt

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ack-prow ack-prow bot merged commit b802a7f into aws-controllers-k8s:main Jun 30, 2025
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@a-hilaly a-hilaly a-hilaly approved these changes

@jlbutler jlbutler Awaiting requested review from jlbutler

Assignees

@a-hilaly a-hilaly

Labels
approved lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@knottnt @a-hilaly