AWS Security ChangesHomeSearch

AWS lambda documentation change

Service: lambda · 2025-04-18 · Documentation medium

File: lambda/latest/dg/file-processing-app.md

Summary

Added guidance to use Secrets Manager extension instead of hardcoding credentials.

Security assessment

Strengthens security guidance by recommending proper secret management over hardcoded values.

Diff

diff --git a/lambda/latest/dg/file-processing-app.md b/lambda/latest/dg/file-processing-app.md
index d47dfa2ab..d8a34294e 100644
--- a//lambda/latest/dg/file-processing-app.md
+++ b//lambda/latest/dg/file-processing-app.md
@@ -96 +96 @@ Copy and paste the following code into a file named `lambda_function.py`.
-In this example code, a password for the encrypted file (`my-secret-password`) is hardcoded into the function code. In a production application, don't include sensitive information like passwords in your function code. Use AWS Secrets Manager to securely store sensitive parameters.
+In this example code, a password for the encrypted file (`my-secret-password`) is hardcoded into the function code. In a production application, don't include sensitive information like passwords in your function code. Instead, [create an AWS Secrets Manager secret](https://docs.aws.amazon.com/secretsmanager/latest/userguide/create_secret.html) and then [use the AWS Parameters and Secrets Lambda extension](./with-secrets-manager.html) to retrieve your credentials in your Lambda function.