AWS Secrets Manager helps you manage, retrieve, and rotate database credentials, application credentials, OAuth tokens, API keys, Encryption keys, SSH keys and other secrets throughout their lifecycles.
- You replace hard-coded credentials with a runtime call to the Secrets Manager service to retrieve credentials dynamically when you need them. And AWS Secrets Manager eliminates the need to hardcode sensitive information in plain text.
- It provides default encryption to your secrets stored in AWS Secrets Manager.
- Secrets Manager offers pay as you go pricing.
AWS DynamoDB is a fast and fully managed NoSQL database designed for applications that need consistent, single-digit millisecond latency at any scale.
- It is a fully managed database and it supports both document and key value data models.
It has a very flexible data model. This means that you don't need to define your database schema upfront. Yet it provides fast, reliable and predictable performance.
DynamoDB tables consist of:
Items (Similar to a row of data in a table).
Attributes (Similar to a column of data in a table).
Supports key-value and document data structures.
Key = the name of the data. Value = the data itself.
Document can be written in JSON, HTML or XML.
AWS Lambda is a compute service that lets you run code without provisioning or managing servers.
- With Lambda, you can run code for virtually any type of application or backend service.
Let’s get started!
Please visit my GitHub Repository for DynamoDB articles on various topics being updated on constant basis.
Objectives:
I have divided this article into 2 parts for understanding this process better.
Part 1
1. Create an IAM Role
2. Create a lambda Function
3. Write a lambda hard-code access keys to create DynamoDB tables and Items.
4. View DynamoDB Table created in console.
5. Write a lambda code to return the table data.
Part 2
6. Create a Secret Manager to Store Access key and Secret Access keys
7. Write a Lambda code to create DynamoDB Items by retrieving the access keys from Secrets Manager.
8. View DynamoDB Table created in console.
9. Write a lambda code to view the table items using a secret manager.
Pre-requisites:
- AWS user account with admin access, not a root account.
- IAM role
Resources Used:
Steps for implementation to this project:
1. Create an IAM Role
1
2
3
- Next
4
- Next
5
6
- Create role
2. Create a lambda Function
1
2
3
- Create function
4
Select configuration tab in lower side and then click on Edit tab
5
3. Write a lambda hard-code access keys to create DynamoDB tables and Items.
1
2
Copy the code from
file1and replace with existing code.Note : change the AWS_Access_Key and AWS_Secret_Access_Key in file1.
import json
import boto3
def lambda_handler(event, context):
# Input values
Table_name = 'myTable1'
AWS_Access_Key = 'xxxxxxxxxxxxxxxxxxxx'
AWS_Secret_Access_Key = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
# Create a DynamoDB table
print('DynamoDB Table creation started.')
dynamodb = boto3.resource(
'dynamodb',
aws_access_key_id = AWS_Access_Key,
aws_secret_access_key = AWS_Secret_Access_Key,
region_name = 'us-east-1'
)
student_table = dynamodb.create_table(
TableName = Table_name,
KeySchema = [
{
'KeyType': 'HASH',
'AttributeName': 'StudId'
}
],
AttributeDefinitions=[
{
'AttributeName': 'StudId',
'AttributeType': 'N'
}
],
ProvisionedThroughput={
'ReadCapacityUnits': 2,
'WriteCapacityUnits': 2
}
)
# Wait until the Table gets created
student_table.meta.client.get_waiter('table_exists').wait(TableName = Table_name)
print('DynamoDB Table Creation Completed.')
print('Insert Student data to table started.')
# Insert 1st item into DynamoDB table
table = dynamodb.Table(Table_name)
table.put_item(
Item = {
'StudId': 100,
'FirstName': 'Rev1',
'LastName': 'Joshi1',
'Dept': 'Science',
'Age': 11
}
)
# Insert 2nd item into DynamoDB table
table.put_item(
Item = {
'StudId': 200,
'FirstName': 'Rev2',
'LastName': 'Joshi2',
'Dept': 'Science',
'Age': 22
}
)
# Insert 3rd item into DynamoDB table
table.put_item(
Item = {
'StudId': 300,
'FirstName': 'Rev3',
'LastName': 'Joshi3',
'Dept': 'Science',
'Age': 33
}
)
print('Insert Student data to table Completed.')
3
4
5
6
Click on the
Testbutton to run the code.Output
4. View DynamoDB Table created in console.
1
2
-
Select the tableand click onExplore table itemsButton in the right side
5. Write a lambda code to return the table data.
1
Click on Functions at the left side and select the Function you created.
Select the
Codetab under the lambdamyFunctionCopy the
file2and replace it with the existing code.
import json
import boto3
def lambda_handler(event, context):
# Input values
Table_name = 'myTable1'
AWS_Access_Key = 'xxxxxxxxxxxxxxxxxxxx'
AWS_Secret_Access_Key = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
# Create a DynamoDB table
print('DynamoDB Table creation started.')
dynamodb = boto3.resource(
'dynamodb',
aws_access_key_id = AWS_Access_Key,
aws_secret_access_key = AWS_Secret_Access_Key,
region_name = 'us-east-1'
)
# Connect to table & Scan the entire table
table = dynamodb.Table(Table_name)
response = table.scan()
print('---------------------------------------')
print('------------STUDENT DETAILS------------')
print('---------------------------------------')
for item in response['Items']:
print('Student Id : ', item['StudId'])
print('Student Name : ', item['FirstName'], ' ', item['LastName'])
print('Student Department : ', item['Dept'])
print('Student Age : ', item['Age'])
print('_______________________________')
print('---------------------------------------')
- Deploy
- Test
- Output
Top comments (0)