Storing credentials in environment variables with identifiable names can pose a significant security risk by exposing resources to unauthorized access. Attackers can exploit this vulnerability to gain access to sensitive data or systems, leading to potential data breaches and other security incidents. To reduce this risk, it is recommended to use a dedicated secret manager or key management service to store credentials securely. Such services provide additional layers of security, such as encryption and access controls, that can help to prevent unauthorized access to sensitive information. By following this recommendation, organizations can improve the overall security posture of their systems and reduce the likelihood of security incidents.
AWS Lambda functions have the ability to use Secrets Manager to authenticate to other AWS resources. To configure Lambda functions to use Secrets Manager, see the AWS documentation (below).
In AWS Console -
In Terraform:
References:
https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html
https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets_lambda.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function