Is it insecure to send a password into a Lambda using the Event?

I have one Lambda calling another, and it would be convenient to not look up the password in Secrets Manager a second time.

CodePudding user response：

It depends on how valuable the password is, and whether or not it's time-bound. If it's a relatively static password, then you can look it up in both Lambda functions during static initialization so that you only retrieve it once for each Lambda container. Putting the password in the event means that it might get logged somewhere. How impactful would someone seeing the password in CloudWatch be?

CodePudding user response：

Uff :D

okay, I will just write down how I do things.

1. Lambda do not call lambda. We use decoupled architecture using SQS, SNS or similar.
2. Lambda has password it needs in environment variables, that will be initialized by deployment in the pipeline. This way lambda does not have to ask parameter store, it has all the passwords as soon as it is deployed.

Do with that information what ever you want :) ! gl !