DEV Community

Cover image for How to retrieve DynamoDB items using secrets stored in AWS Secrets Manager with AWS Lambda - 2
AWS Community Builders profile image Revathi Joshi
Revathi Joshi for AWS Community Builders

Posted on

How to retrieve DynamoDB items using secrets stored in AWS Secrets Manager with AWS Lambda - 2

#dynamodb #secretsmanager #lambda #accesskeys

Please read my previous article - How to retrieve DynamoDB items using secrets stored in AWS Secrets Manager with AWS Lambda - 1

Let’s get started!

Please visit my GitHub Repository for DynamoDB articles on various topics being updated on constant basis.

Pre-requisites:

  • AWS user account with admin access, not a root account.
  • Create an IAM role

Resources Used:

What is Amazon DynamoDB?

What is AWS Secrets Manager?

What is AWS Lambda?

Steps for implementation to this project:

Part 2

6. Create a Secret Manager to Store Access key and Secret Access keys

1

Image description

2

Image description

3

Image description

4

Image description

  • Next
  • Next
  • Store

5

Image description

6

Image description

7. Write a Lambda code to create DynamoDB Items by retrieving the access keys from Secrets Manager.

1

  • Click on Functions at the left side and select the Function you created.

  • Select the Code tab under the lambda myFunction

  • Copy the file3, replace it with the existing code and and change the Secret ARN in file3

import boto3
import json
import base64

def lambda_handler(event, context):
    secret_name = "arn:aws:secretsmanager:us-east-1:xxxxxxxxxxxx:secret:mySecret-q7slUY"
    # Create a Secrets Manager client
    secretClient = boto3.client(
        service_name = 'secretsmanager',
        region_name = 'us-east-1'
    )

    get_secret_value_response = secretClient.get_secret_value(
        SecretId=secret_name
    )
    secret = get_secret_value_response['SecretString']
    Table_name = 'myTable2'

    print('DynamoDB Table creation started.')

    dynamodb = boto3.resource(
        'dynamodb',
        aws_access_key_id = json.loads(secret).get('Access Key'),
        aws_secret_access_key = json.loads(secret).get('Secret Access Key'),
        region_name = 'us-east-1'
    )

    student_table = dynamodb.create_table(
        TableName = Table_name,
        KeySchema = [
            {
                'KeyType': 'HASH',
                'AttributeName': 'StudId'
            }
        ],
        AttributeDefinitions=[
            {
                'AttributeName': 'StudId',
                'AttributeType': 'N'
            }
        ],
        ProvisionedThroughput={
            'ReadCapacityUnits': 2,
            'WriteCapacityUnits': 2
        }
    )

    # Wait until the Table gets created
    student_table.meta.client.get_waiter('table_exists').wait(TableName = Table_name)
    print('DynamoDB Table Creation Completed.')

    print('Insert Student data to table started.')
    # Insert 1st item into DynamoDB table
    table = dynamodb.Table(Table_name)
    table.put_item(
    Item = {
            'StudId': 100,
            'FirstName': 'Rev1',
            'LastName': 'Joshi1',
            'Dept': 'Science',
            'Age': 11
        }
    )



    # Insert 2nd item into DynamoDB table
    table.put_item(
    Item = {
            'StudId': 200,
            'FirstName': 'Rev2',
            'LastName': 'Joshi2',
            'Dept': 'Science',
            'Age': 22
        }
    )



    # Insert 3rd item into DynamoDB table
    table.put_item(
    Item = {
            'StudId': 300,
            'FirstName': 'Rev3',
            'LastName': 'Joshi3',
            'Dept': 'Science',
            'Age': 33
        }
    )
    print('Insert Student data to table Completed.')
Enter fullscreen mode Exit fullscreen mode

Image description

  • Deploy
  • Test
  • Output

2

Image description

8. View DynamoDB Table created in console.

1

Image description

2

  • Select the table myTable2 and click on Explore table items Button in the right side

Image description

9. Write a lambda code to view the table items using a secret manager.

1

  • Click on Functions at the left side and select the Function you created.

  • Select the Code tab under the lambda myFunction

  • Copy the file4, replace it with the existing code and change the Secret ARN in file4

import boto3
import json
import base64

def lambda_handler(event, context):
    secret_name = "arn:aws:secretsmanager:us-east-1:xxxxxxxxxxxx:secret:mySecret-q7slUY"
    # Create a Secrets Manager client
    secretClient = boto3.client(
        service_name = 'secretsmanager',
        region_name = 'us-east-1'
    )

    get_secret_value_response = secretClient.get_secret_value(
        SecretId=secret_name
    )

    secret = get_secret_value_response['SecretString']
    Table_name = 'myTable2'

    # Create a DynamoDB table
    print('DynamoDB Table creation started.')

    dynamodb = boto3.resource(
        'dynamodb',
        aws_access_key_id = json.loads(secret).get('Access Key'),
        aws_secret_access_key = json.loads(secret).get('Secret Access Key'),
        region_name = 'us-east-1'
    )

    # Connect to table & Scan the entire table
    table = dynamodb.Table(Table_name)
    response = table.scan()

    print('---------------------------------------')
    print('------------STUDENT DETAILS------------')
    print('---------------------------------------')
    for item in response['Items']:
        print('Student Id : ', item['StudId'])
        print('Student Name : ', item['FirstName'], ' ', item['LastName'])
        print('Student Department : ', item['Dept'])
        print('Student Age : ', item['Age'])
        print('_______________________________')
    print('---------------------------------------')
Enter fullscreen mode Exit fullscreen mode
  • Deploy
  • Test
  • Output

Image description

Cleanup

  • Delete Lambda Function
  • Delete DynamoDB tables
  • Delete Secrets

What we have done so far

  • Successfully retrieved items from DynamoDB tables using secrets stored in AWS Secrets Manager with AWS Lambda function.

Top comments (0)