node.js - aws lambda 解密传输中的环境变量
问题描述
我正在使用 aws lambda nodejs 模板将 vpc 流日志推送到 splunk。我对 nodejs 很陌生,但我的意图是使用它提供的代码模板。我想在传输过程中加密环境变量,他们只提供了一个关于如何解密环境变量的代码片段。我希望能够解密 SPLUNK_HEC_URL 和 SPLUNK_HEC_TOKEN。这是我试图解密令牌的代码,但最好同时拥有:
const AWS = require('aws-sdk');
AWS.config.update({ region: '' });
const functionName = process.env.AWS_LAMBDA_FUNCTION_NAME;
const encrypted_splunk_hec_token = process.env['SPLUNK_HEC_TOKEN'];
let decrypted;
if (!decrypted) {
// Decrypt code should run once and variables stored outside of the
// function handler so that these are decrypted once per container
const kms = new AWS.KMS();
try {
const req = {
CiphertextBlob: Buffer.from(encrypted_splunk_hec_token, 'base64'),
EncryptionContext: { LambdaFunctionName: functionName },
};
const data = await kms.decrypt(req).promise();
decrypted_splunk_hec_token = data.Plaintext.toString('ascii');
} catch (err) {
console.log('Decrypt error:', err);
throw err;
}
}
const loggerConfig = {
url: process.env.SPLUNK_HEC_URL,
token: decrypted_splunk_hec_token,
};
const SplunkLogger = require('./lib/mysplunklogger');
const zlib = require('zlib');
const logger = new SplunkLogger(loggerConfig);
exports.handler = (event, context, callback) => {
console.log('Received event:', JSON.stringify(event, null, 2));
// CloudWatch Logs data is base64 encoded so decode here
const payload = Buffer.from(event.awslogs.data, 'base64');
// CloudWatch Logs are gzip compressed so expand here
zlib.gunzip(payload, (err, result) => {
if (err) {
callback(err);
} else {
const parsed = JSON.parse(result.toString('ascii'));
console.log('Decoded payload:', JSON.stringify(parsed, null, 2));
let count = 0;
if (parsed.logEvents) {
parsed.logEvents.forEach((item) => {
/* Log event to Splunk with explicit event timestamp.
- Use optional 'context' argument to send Lambda metadata e.g. awsRequestId, functionName.
- Change "item.timestamp" below if time is specified in another field in the event.
- Change to "logger.log(item.message, context)" if no time field is present in event. */
logger.logWithTime(item.timestamp, item.message, context);
/* Alternatively, UNCOMMENT logger call below if you want to override Splunk input settings */
/* Log event to Splunk with any combination of explicit timestamp, index, source, sourcetype, and host.
- Complete list of input settings available at http://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTinput#services.2Fcollector */
// logger.logEvent({
// time: new Date(item.timestamp).getTime() / 1000,
// host: 'serverless',
// source: `lambda:${context.functionName}`,
// sourcetype: 'httpevent',
// index: 'main',
// event: item.message,
// });
count += 1;
});
}
// Send all the events in a single batch to Splunk
logger.flushAsync((error, response) => {
if (error) {
callback(error);
} else {
console.log(`Response from Splunk:\n${response}`);
console.log(`Successfully processed ${count} log event(s).`);
callback(null, count); // Return number of log events
}
});
}
});
};
我得到一个 "Runtime.UserCodeSyntaxError","errorMessage":"SyntaxError: await is only valid in async function"
我基本上采用了示例解密代码部分并尝试将 decrypted_splunk_hec_token 变量放置到 const loggerConfig.token
希望熟悉该语言的人可以提供帮助。谢谢
解决方案
推荐阅读
- java - 偏移和限制的 SQLite 分页问题
- apache-kafka - kafka-reassign-partition.sh 不再接受 log_dirs 参数
- firebase - @ionic-native/firebase-dynamic-links 插件未公开 getDynamicLink 方法
- wordpress - 限制除特定域之外的所有人的文件下载访问权限
- javascript - 如何创建一个单独的具有公共 id 的 json 对象数组
- python - 如何将 python pandas 系列列附加到数据框?
- javascript - 如何在 Javascript 中查找儒略历上的当前日期
- c# - .NET VS win表单项目中的序列化顺序(设计器代码)问题
- delphi - Indy TIdSocksServer 不转发流量
- python - Keras 中的 DirectoryIterator