AWS lambda documentation change
Summary
Added guidance to use Secrets Manager extension instead of hardcoding credentials.
Security assessment
Strengthens security guidance by recommending proper secret management over hardcoded values.
Diff
diff --git a/lambda/latest/dg/file-processing-app.md b/lambda/latest/dg/file-processing-app.md index d47dfa2ab..d8a34294e 100644 --- a//lambda/latest/dg/file-processing-app.md +++ b//lambda/latest/dg/file-processing-app.md @@ -96 +96 @@ Copy and paste the following code into a file named `lambda_function.py`. -In this example code, a password for the encrypted file (`my-secret-password`) is hardcoded into the function code. In a production application, don't include sensitive information like passwords in your function code. Use AWS Secrets Manager to securely store sensitive parameters. +In this example code, a password for the encrypted file (`my-secret-password`) is hardcoded into the function code. In a production application, don't include sensitive information like passwords in your function code. Instead, [create an AWS Secrets Manager secret](https://docs.aws.amazon.com/secretsmanager/latest/userguide/create_secret.html) and then [use the AWS Parameters and Secrets Lambda extension](./with-secrets-manager.html) to retrieve your credentials in your Lambda function.