AWS Lambda with environment variables injected from SecretsManager

[THOUSAND-SKY]

I'm looking for a construct that sets up a lambda function with secrets before the lambda gets invoked.

Something a la https://github.com/aws-samples/aws-lambda-environmental-variables-from-aws-secrets-manager

Use Case

In nodejs, it's a hassle to move variables into secrets when you can only load secrets async. Top level await isn't straightforward either because web frameworks may bundle the server files into a single file and I don't have full control over which file appears first.

Proposed Solution

I'd like my secrets to be injected as env vars when the lambda is invoked. Preferably they'd only get loaded from SecretsManager on cold starts, and cached. It'd use a lambda layer like described in this https://github.com/aws-samples/aws-lambda-environmental-variables-from-aws-secrets-manager

Other

• 👋 I may be able to implement this feature request
• ⚠️ This feature might incur a breaking change

---

This is a 🚀 Feature Request

[biffgaut]

Our current philosophy is to restrict the library to Infrastructure as Code, and not deploy code that operates within a client's application (e.g. - we provide no Lambda functions outside of Custom Resources that configure infrastructure during launch). But we will add this idea to our backlog if this changes in the future.