- update AWSSDK to support secrets manager

theburningmonk · theburningmonk · commit 7c743bfa2530 · 2018-08-27T01:19:47.000+01:00
- integrate middy's secretsManager middleware
diff --git a/functions/get-index.js b/functions/get-index.js
@@ -12,7 +12,7 @@ const cloudwatch = require('../lib/cloudwatch');
 const AWSXRay    = require('aws-xray-sdk');
 
 const middy         = require('middy');
-const { ssm }       = require('middy/middlewares');
+const { ssm, secretsManager } = require('middy/middlewares');
 const sampleLogging = require('../middleware/sample-logging');
 const captureCorrelationIds = require('../middleware/capture-correlation-ids');
 
@@ -89,8 +89,8 @@ const handler = co.wrap(function* (event, context, callback) {
     dayOfWeek, 
     restaurants,
     awsRegion,
-    cognitoUserPoolId: context.cognito_user_pool_id,
-    cognitoClientId: context.cognito_client_id,
+    cognitoUserPoolId: context.cognito.user_pool_id,
+    cognitoClientId: context.cognito.client_id,
     searchUrl: `${context.restaurants_api}/search`,
     placeOrderUrl: `${context.orders_api}`
   };
@@ -119,8 +119,13 @@ module.exports.handler = middy(handler)
     setToContext: true,
     names: {
       restaurants_api: `/bigmouth/${STAGE}/restaurants_api`,
-      orders_api: `/bigmouth/${STAGE}/orders_api`,
-      cognito_user_pool_id: `/bigmouth/${STAGE}/cognito_user_pool_id`,
-      cognito_client_id: `/bigmouth/${STAGE}/cognito_client_id`
+      orders_api: `/bigmouth/${STAGE}/orders_api`
+    }
+  }))
+  .use(secretsManager({
+    cache: true,
+    cacheExpiryInMillis: 3 * 60 * 1000, // 3 mins
+    secrets: {
+      cognito: `/bigmouth/${STAGE}/cognito`
     }
   }));
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -20,7 +20,7 @@
         "superagent-promise": "^1.1.0"
     },
     "devDependencies": {
-        "aws-sdk": "^2.168.0",
+        "aws-sdk": "^2.302.0",
         "chai": "^4.1.2",
         "cheerio": "^1.0.0-rc.2",
         "lodash": "^4.17.10",
diff --git a/serverless.yml b/serverless.yml
@@ -50,6 +50,9 @@ functions:
       - Effect: Allow
         Action: ssm:GetParameters*
         Resource: arn:aws:ssm:#{AWS::Region}:#{AWS::AccountId}:parameter/bigmouth/${self:custom.stage}/*
+      - Effect: Allow
+        Action: secretsmanager:GetSecretValue
+        Resource: arn:aws:secretsmanager:#{AWS::Region}:#{AWS::AccountId}:secret:/bigmouth/${self:custom.stage}/*
 
   get-restaurants:
     handler: functions/get-restaurants.handler
