Question 191752 in Amazon Web Sevices Question posted in
The official Amazon Web Services documentation can be found here.

Amazon web services – Update lambda function environment variables using api

I got error {message: ‘Missing Authentication Token’} .
how can i fix issue ?

const AWS_REGION = 'myREGION';
const FUNCTION_NAME = 'myfn';
const ACCESS_KEY = 'myACCESS_KEY';
const SECRET_KEY = 'mySECRET_KEY';

const updateEnvironmentVariables = async () => {
const credentials = `${ACCESS_KEY}:${SECRET_KEY}`;

  const mybody = JSON.stringify({
  "environment": {
    "Variables": {
      "API_KEY": "abc123",
      "DB_URL": "https://my.com/db"
    }
  }
});

    const response = await fetch(`https://lambda.${AWS_REGION}.amazonaws.com/2015-03-31/functions/${FUNCTION_NAME}/configuration`, {
      method: 'PUT',
      headers: {
        'Content-Type': 'application/json',
        'Authorization': credentials,
      },
      body: mybody,
    }).then((v)=>v.json());
    console.log(response)
};

how i provide correct Authentication?

Tags:

2

Answers


  1. 0

    The error message you’re seeing usually indicates that your request isn’t authenticated. In AWS, most authenticated requests are signed with AWS Signature Version 4. The authentication you currently pass ('Authorization': credentials,) isn’t valid as it contains the access and secret keys concatenated together.

    AWS SDKs and CLI handle request signing for you, but if you’re making manual API calls (as it appears you are doing), you’ll have to sign them manually. AWS Signature Version 4 signing process is somewhat complex. You can see full details here: Signature

    However, a simpler way to interact with AWS resources is to use the AWS SDK for JavaScript in Node.js. Here is how you could update your AWS Lambda environment variables using the AWS SDK:

    var AWS = require('aws-sdk');

AWS.config.update({
  region: 'myREGION',
  accessKeyId: 'myACCESS_KEY',
  secretAccessKey: 'mySECRET_KEY'
});

var lambda = new AWS.Lambda();

var params = {
  FunctionName: 'myfn',
  Environment: {
    Variables: {
      'API_KEY': 'abc123',
      'DB_URL': 'https://my.com/db'
    }
  }
};

lambda.updateFunctionConfiguration(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

    Please replace 'myREGION', 'myACCESS_KEY' and 'mySECRET_KEY' with your actual values.

    Please ensure you install AWS SDK via npm before you use it with the command:

    npm install aws-sdk

    Remember that hardcoding AWS access credentials in the code are not a good practice. Consider storing them securely in environment variables or using IAM roles running on EC2 instances or AWS Lambda.

    Lastly, always ensure you have the necessary permissions in AWS IAM to perform the required operations. In this case, you’ll need the lambda:UpdateFunctionConfiguration permission.

    Login or Signup to reply.
  2. 0

    It’s not enough to send the credentials as part of the request header. To directly access the AWS API, you need to sign the request with your credentials.

    Having that said, I would strongly recommend using the AWS SDK for JavaScript instead because it takes care of all the low-level work for you.

    Using the UpdateFunctionConfigurationCommand in your example would look something like this:

    import { LambdaClient, UpdateFunctionConfigurationCommand } from "@aws-sdk/client-lambda";
    
const AWS_REGION = 'myREGION';
const FUNCTION_NAME = 'myfn';
const ACCESS_KEY = 'myACCESS_KEY';
const SECRET_KEY = 'mySECRET_KEY';

const client = new LambdaClient({ 
  region: AWS_REGION,
  credentials: {
    accessKeyId: ACCESS_KEY,
    secretAccessKey: SECRET_KEY
  }
});

const config = JSON.stringify({
  "environment": {
    "Variables": {
      "API_KEY": "abc123",
      "DB_URL": "https://my.com/db"
    }
  }
})

const command = new UpdateFunctionConfigurationCommand({
  ...JSON.parse(config),
  FunctionName: FUNCTION_NAME,
});

const response = await client.send(command);

console.log(response)

    Note: Please make sure to not commit any files to a source code repository, e.g. git, that contain credentials. You can use a local AWS profile, environment variables, or a secret store instead.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search