Front-End Web & Mobile
Configure environment variables and secrets for your Lambda functions with Amplify CLI
With the recent release, Amplify CLI allows you to set environment variables and secrets for your Lambda functions. This feature is available as an advanced setting in Amplify’s “Function” category and allows you to configure environment variables and secrets interactively. The secrets configuration uses AWS Parameter Store backed by a “SecureString” parameter. In addition, this feature works out-of-the-box with Amplify’s backend environment capabilities to enable you to set different environment variables or secrets for each Amplify backend environment such as staging or prod.
This blog post was written by Daijiro Wachi, Sr. Developer Relations Engineer (Frontend Web & Mobile)
AWS Amplify is the fastest and easiest way to build cloud-powered mobile and web apps on AWS. Amplify comprises a set of tools and services that enables front-end web and mobile developers to leverage the power of AWS services to build innovative and feature-rich applications.
1. Setup a new React app with an Amplify backend
Install and configure the Amplify CLI
You can skip this section, if you have the Amplify CLI installed and configured correctly.
Install the Amplify CLI via NPM and configure the Amplify CLI. For the purposes of this demo, you can select all default options:
npm install -g @aws-amplify/cli
amplify configureSetup React app and Amplify project
Run the following command to create a new React project called “react-amplified” or if you already have an existing Amplify project skip to the next section.
npx create-react-app react-amplified
cd react-amplifiedInitialize an Amplify project by running:
amplify initIf you already have an AWS profile set up on your local machine, choose “Yes” when prompted by the CLI and select the profile you would like to use.
? Do you want to use an AWS profile? Yes
? Please choose the profile you want to use (Use arrow keys)
❯ defaultIf you do not have an AWS profile set up on your local machine, you will be prompted by the CLI to set up a new AWS profile.
2. Add a new Lambda function
Run the following command to create a new Lambda Function:
amplify add function
Select the default options:
? Select which capability you want to add:
> Lambda function (serverless function)
? Provide an AWS Lambda function name:
> reactamplifiedf7430000
? Choose the runtime that you want to use:
> NodeJS
? Choose the function template that you want to use:
> Hello WorldAmplify CLI now shows the new options to configure environment variables and secrets. Select Yes to configure advanced settings.
Tip: if you mistakenly selected No, run amplify update function to reconfigure these options.
Available advanced settings:
- Resource access permissions
- Scheduled recurring invocation
- Lambda layers configuration
- Environment variables configuration
- Secret values configuration
? Do you want to configure advanced settings?
> Yes
? Do you want to access other resources in this project from your Lambda function?
> No
? Do you want to invoke this function on a recurring schedule?
> No
? Do you want to enable Lambda layers for this function?
> NoSelect Yes to configure environment variables and enter name and value of the new environment variable.
? Do you want to configure environment variables for this function?
> Yes
? Enter the environment variable name:
> SERVICE_URL
? Enter the environment variable value:
> https://example.com
? Select what you want to do with environment variables:
> I'm doneAlso select Yes to configure secrets and enter name and value of the new secret.
? Do you want to configure secret values this function can access?
> Yes
? Enter a secret name (this is the key used to look up the secret value):
> SECRET_TOKEN
? Enter the value for SECRET_TOKEN:
> [hidden]
? What do you want to do?
> I'm done
Use the AWS SSM GetParameter API to retrieve secrets in your Lambda function.
More information can be found here: https://docs.aws.amazon.com/3. Use configured environment variable and secret in the new Lambda Function
Edit the new Lambda Function to use configured environment variable and secret.
? Do you want to edit the local lambda function now?
> Yes
? Choose your default editor:
> Visual Studio Code
Edit the file in your editor: /path/to/react-amplified/amplify/backend/function/reactamplifiedf7430000/src/index.jsTo access the environment variable: Call process.env.<variable-name> to retrieve the value.
To access the secrets value: Require aws-sdk to retrieve the secret value through AWS Systems Manager Parameter Store. A code sample on how to retrieve the secret value is automatically added to the top of your function’s file.
const aws = require('aws-sdk');
exports.handler = async () => {
const { Parameters } = await (new aws.SSM())
.getParameters({
Names: ["SECRET_TOKEN"].map(secretName => process.env[secretName]),
WithDecryption: true,
})
.promise();
const SERVICE_URL = process.env.SERVICE_URL;
const SECRET_TOKEN = Parameters.pop().Value;
const response = {
statusCode: 200,
body: `SERVICE_URL: ${SERVICE_URL}, SECRET_TOKEN: ${SECRET_TOKEN}`,
};
return response;
};Press enter in the terminal to continue once you have updated the Lambda function’s code.
? Press enter to continue
Successfully added resource reactamplifiedf7430000 locally.Now, deploy your function to the cloud by running:
amplify push4. Verify in AWS Lambda function’s console
Once the deployment is complete, you can test the new Lambda Function that you created in the AWS Lambda console. Open Lambda Function in the AWS console and select the newly created Lambda Function and click “Test”.
Tip: Quickly the AWS Lambda console by running amplify console function.
You will see the configured environment variable and secret returned.
5. ? Success
Success! In this blog posts, you learned how to create a Lambda function using Amplify CLI and how to set and access these environment variables and secrets. Review the Amplify documentation for environment variables and secrets value for more information.
We hope you like these new features! Let us know your feedback via: