re: Where do you keep credentials for your Lambda functions? VIEW POST


I use a similar setup for my containers running in Fargate. I added a piece to my docker run script that grabs the SSM parameters and saves them as env vars when the container starts up. Thanks for pointing out a nice way to handle this using Lambdas


But then they are exposed to all apps with the Fargate execution space. Security now has to move away from the OS container and towards the app itself.


What do you mean by "exposed to all apps with the Fargate execution space?" Each application has its own image, with its own run script (bash). The run script makes the request to AWS SSM and sets the environment variables before it starts the application. The secrets are only available in the container OS. The app can only read them.

Code of Conduct Report abuse