I have a use case where I want to usecertificate based authentication
in AWS Lambda
to generate oauth tokens
. Currently I am storing the certificates and private keys locally and running it like a normal java application.
However while migrating to AWS Lambda,
I need to store these .crt
and .key
files somewhere in AWS
, so that I can use it in AWS Lambda.
I have come across some solutions like
1. Storing certs and keys in S3 buckets
2. Storing certs and keys in Secrets Manager
3. Storing them in Amazon Certificate Manager**
Can someone please help with which method is efficient and optimal for storing certs
and keys
?
CodePudding user response:
AWS ACM is not a regular secret store which you can query anytime you want to get your secrets back. ACM can only be used through integration with selected services such as load balancers. You can't use it with a lambda function.
Your only choices are AWS Secret Manager and SSM Parameter Store. SSM Parameter Store
is free, but AWS Secret Manager
has some extra features such as automated rotation of secrets.