python - 将 AWS Secrets Manager 与 Python 结合使用(Lambda 控制台)
问题描述
我正在尝试在 AWS 中使用 Secrets Manager 一个 Lambda 函数。秘密管理器用于将数据库凭据存储到雪花(用户名、密码)。
我设法在 Secrets Manager 中设置了一个秘密,其中包含几个键/值对(例如,一个用于用户名,另一个用于密码)。
现在我试图在我的 Python 函数代码中引用这些值。AWS 文档提供了以下代码段:
import boto3
import base64
from botocore.exceptions import ClientError
def get_secret():
secret_name = "MY/SECRET/NAME"
region_name = "us-west-2"
# Create a Secrets Manager client
session = boto3.session.Session()
client = session.client(
service_name='secretsmanager',
region_name=region_name
)
# In this sample we only handle the specific exceptions for the 'GetSecretValue' API.
# See https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html
# We rethrow the exception by default.
try:
get_secret_value_response = client.get_secret_value(
SecretId=secret_name
)
except ClientError as e:
if e.response['Error']['Code'] == 'DecryptionFailureException':
# Secrets Manager can't decrypt the protected secret text using the provided KMS key.
# Deal with the exception here, and/or rethrow at your discretion.
raise e
elif e.response['Error']['Code'] == 'InternalServiceErrorException':
# An error occurred on the server side.
# Deal with the exception here, and/or rethrow at your discretion.
raise e
elif e.response['Error']['Code'] == 'InvalidParameterException':
# You provided an invalid value for a parameter.
# Deal with the exception here, and/or rethrow at your discretion.
raise e
elif e.response['Error']['Code'] == 'InvalidRequestException':
# You provided a parameter value that is not valid for the current state of the resource.
# Deal with the exception here, and/or rethrow at your discretion.
raise e
elif e.response['Error']['Code'] == 'ResourceNotFoundException':
# We can't find the resource that you asked for.
# Deal with the exception here, and/or rethrow at your discretion.
raise e
else:
# Decrypts secret using the associated KMS CMK.
# Depending on whether the secret is a string or binary, one of these fields will be populated.
if 'SecretString' in get_secret_value_response:
secret = get_secret_value_response['SecretString']
else:
decoded_binary_secret = base64.b64decode(get_secret_value_response['SecretBinary'])
# Your code goes here.
稍后在我的def lambda_handler(event, context)
函数中,我有以下片段来建立与我的数据库的连接:
conn = snowflake.connector.connect(
user=USERNAME,
password=PASSWORD,
account=ACCOUNT,
warehouse=WAREHOUSE,
role=ROLE
)
但是,我无法弄清楚如何使用该get_secret()
函数返回诸如USERNAME
or之类的参数的值PASSWORD
。
如何实现?感谢您的帮助!
解决方案
将 get_secret() 的最后一部分更新为:
else:
# Decrypts secret using the associated KMS CMK.
# Depending on whether the secret is a string or binary, one of these fields will be populated.
if 'SecretString' in get_secret_value_response:
secret = get_secret_value_response['SecretString']
else:
secret = base64.b64decode(get_secret_value_response['SecretBinary'])
return json.loads(secret) # returns the secret as dictionary
这将返回一个字典,其中包含您在 AWS Secret Manager 控制台中指定的密钥。
推荐阅读
- python - Python 连接到 Oracle 数据库错误 DPI-1047
- r - 删除R中数据框中的数字和数字后面的句点?
- javascript - Vuejs:数据属性更改时组件不会重新渲染
- flutter - 计数器不改变其状态
- dataframe - 读取Parquet文件时spark如何决定列顺序
- javascript - 粘性导航栏,滚动到第一个元素不精确
- javascript - 在 webpack 中,CompatibilityPlugin 做了什么?
- c# - 调整网格内的图像大小以始终适合可用空间
- python - Scrapy errback 无法捕获所有错误
- .net - Visual Studio 未加载模块(因此没有要命中的断点)