Use Environment Variables in Lambda Functions


#1

Link to chapter - https://serverless-stack.com/chapters/use-environment-variables-in-lambda-functions.html


#2

Small bit of confusion - this chapter references the environment variable in our serverless.yml as the following:

# These environment variables are made available to our functions
# under process.env.
environment:
    tableName:
        Ref: NotesTable

When (I believe) it should look like:

environment:
    tableName: ${self:custom.tableName}

#3

Oh you are right. Must have missed it when we made the last correction.

Edit: I see what happened, when we made the last change we moved this part to an earlier chapter - https://serverless-stack.com/chapters/configure-dynamodb-in-serverless.html and forgot to fix it here.


#4

Hey guys, I am getting the following error when I try:

serverless invoke  --function list --path mocks/list-event.json

or

serverless invoke local  --function list --path mocks/list-event.json
    Error: Missing required key 'TableName' in params
    list.js:24
    {

It seems that the process.env.tableName is empty. Do you have an Idea why?

When I hardcode the tablename it works invoking locally.

But invoking on aws gives me the following error message:

 >    message: 'User: arn:aws:sts::803222300826:assumed-role/notes-app-2-api-dev-us-east-2-lambdaRole/notes-app-2-api-dev-list is not authorized to perform: dynamodb:Query on resource: arn:aws:dynamodb:us-east-2:803222300826:table/dev-notes',
> code: 'AccessDeniedException',
> time: 2018-12-14T15:06:24.385Z,
> requestId: 'OE7JM78OSCAFJHUIR1GQ060P5RVV4KQNSO5AEMVJF66Q9ASUAAJG',
> statusCode: 400,
> retryable: false,
> retryDelay: 32.51430898444999 }

The same issue occurs when invking via the “aws-api-gateway-cli-test”

    Authenticating with User Pool
    Getting temporary credentials
    Making API request
    { status: 500,
      statusText: 'Internal Server Error',
      data:
       { status: false,
     error:
      { message: 'User: arn:aws:sts::803222300826:assumed-role/notes-app-2-api-dev-us-east-2-lambdaRole/notes-app-2-api-dev-create is not authorized to perform: dynamodb:PutItem on resource: arn:aws:dynamodb:us-east-2:803222300826:table/dev-notes',
        code: 'AccessDeniedException',
        time: '2018-12-14T15:50:00.660Z',
        requestId: 'JGFVMUCK7OBUA9GDE1SCGC1V3VVV4KQNSO5AEMVJF66Q9ASUAAJG',
        statusCode: 400,
        retryable: false,
        retryDelay: 22.44169900283858 } } }

The user in my aws configure has the Policy " [AdministratorAccess] ". Why is it working locally but not on aws?

I am lost…

I am using serverlss 1.32.0
node v8.12.0

Thanks in advance.
Patrick


#5

For the access error, it is basically saying that the Lambda function does not have the right permissions to access the DynamoDB table. I think your issues are related to the way you are setting the table name. Can you compare your serverless.yml to the one from the repo?


#6

Is there a more secure way to use environment variables than inserting them into your .yml file which is then likely to be commuted to source control?

Can you just add environment variables somehow to the aws lamda execution environment?


#7

Yeah, you can use SSM - https://medium.com/nordcloud-engineering/ssm-parameter-store-for-keeping-secrets-in-a-structured-way-53a25d48166a. We are going to transition the guide to doing so as well!