npm
Sign UpSign In

@n1ru4l/ssm-parameter-env
TypeScript icon, indicating that this package has built-in type declarations

1.0.0-rc.0 • Public • Published

SSM Parameter Env

Supply your environment with the AWS Systems Manager Parameter Store

Install

yarn

yarn add -D @n1ru4l/ssm-parameter-env

npm

npm install -D @n1ru4l/ssm-parameter-env

Usage Example (lambda)

"use strict";
const AWS = require("aws-sdk");
const ssm = new AWS.SSM();
const createGetEnvironment = require("@n1ru4l/ssm-parameter-env");
const expect = require("expect");

// You would probably use process.env
const env = {
  MY_SCURR: "ssm:/Scurr/Burr/Eagle",
  MY_BAZZ: "Passthrough value"
};

// Create outside of handler to use in-memory caching (default is 5 minutes)
const getEnvironment = createGetEnvironment({
  env,
  ssm,
  expires: 5 * 60 * 1000
});

module.exports.handler = (event, context, callback) => {
  getEnvironment().then(env => {
    expect(env).toEqual({
      MY_SCURR: "TOP SECRET VALUE",
      MY_BAZZ: "Passthrough value"
    }); // true

    const response = {
      statusCode: 200,
      body: JSON.stringify({
        message: env.MY_SCURR
      })
    };
    callback(null, response);
  });
};

More documentation will follow soon. For more detail you can take a look at the tests 😇.

How to use with serverless(-offline)

This plugin should work out of the box with serverless-offline. You should not uny any environment variables prefixed with ssm: in your local development environment to prevent any request to AWS.

Required Permissions

This document should cover all info about permissions. You will have to give permissions to your target for the following actions: ssm:GetParameters and kms:Decrypt. I recommend to group your ssm parameters with a prefix (e.g. my-project-production/database-password). By doing so you can restrict the ssm:GetParameters to a subset of ssm parameters that start with the shared prefix (e.g. my-project-production/*).

I use serverless and I don't care, I am testing and I just wanne copy paste stuff

If you do not care about fine graned access control just use these iamRoleStatements (serverless):

  iamStatements:
    - Effect: Allow
      Action:
        - ssm:GetParameters
      Resource: *
    - Effect: Allow
      Action:
        - kms:Decrypt
      Resource: *

Roadmap

  • [x] Make it compatible to serverless framework (offline mode)
  • [ ] Test in Real World Application
  • [x] Publish to npm
  • [x] Implement caching

Useful Links

Readme

Keywords

none

Package Sidebar

Install

npm i @n1ru4l/ssm-parameter-env

Repository

github.com/n1ru4l/ssm-parameter-env

Homepage

github.com/n1ru4l/ssm-parameter-env#readme

Weekly Downloads

1

Version

1.0.0-rc.0

License

MIT

Unpacked Size

11.4 kB

Total Files

10

Last publish

Collaborators

  • n1ru4l
Try on RunKit
Report malware