# Lambda Secrets Manager top-level await + SDKv3

This pattern stores a secret in Secrets Manager. The includes a Node.js Lambda function which uses top-level await and the AWS SDK for Javascript v3 to read the secret in the init phase, outside the handler.

Learn more about this pattern at Serverless Land Patterns: << Add the live URL here >>

Important: this application uses various AWS services and there are costs associated with these services after the Free Tier usage - please see the [AWS Pricing page](https://aws.amazon.com/pricing/) for details. You are responsible for any AWS costs incurred. No warranty is implied in this example.

## Requirements

* [Create an AWS account](https://portal.aws.amazon.com/gp/aws/developer/registration/index.html) if you do not already have one and log in. The IAM user that you use must have sufficient permissions to make necessary AWS service calls and manage AWS resources.
* [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) installed and configured
* [Git Installed](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
* [AWS Serverless Application Model](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-install.html) (AWS SAM) installed

## Deployment Instructions

1. Create a new directory, navigate to that directory in a terminal and clone the GitHub repository:
    ``` 
    git clone https://github.com/aws-samples/serverless-patterns
    ```
1. Change directory to the pattern directory:
    ```
    cd lambda-secretsmanager-node-sdkv3-sam
    ```
1. From the command line, use AWS SAM to build the serverless application with its dependencies
    ```
    sam build
    ```
1. From the command line, use AWS SAM to deploy the AWS resources for the pattern as specified in the template.yml file:
    ```
    sam deploy --guided
    ```
1. During the prompts:
    * Enter a stack name
    * Enter the desired AWS Region
    * Allow SAM CLI to create IAM roles with the required permissions.

    Once you have run `sam deploy --guided` mode once and saved arguments to a configuration file (samconfig.toml), you can use `sam deploy` in future to use these defaults.

1. Note the outputs from the SAM deployment process. This contains the Lambda function name for testing

## How it works

* A secret with a randomly generated value is stored in Secrets Manager.
* A Node.sj Lambda function which uses top-level await and the AWS SDK for Javascript v3 reads the secret in the init phase, outside the handler.
* The function returns the value of the secret.

## Testing

Run the following Lambda CLI invoke command to invoke the function. Edit the {GetSecretFunction} placeholder with the ARN of the deployed Lambda function. This is provided in the stack outputs. 
View the secret in the function output which is stored in `response.json`.

```bash
aws lambda invoke --function-name {GetSecretFunction} --cli-binary-format raw-in-base64-out response.json
cat response.json
```
----
Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.

SPDX-License-Identifier: MIT-0