Don't require users to embed passwords in source

[ericfitz]

AWS Lambda provides a feature called "encryption helpers" that makes it super simple to store secrets encrypted in environment variables, rather than modifying the source to include the unencrypted secrets.

To use this:

1. Navigate to the IAM console in AWS
2. Create a new encryption key
3. Grant use privileges for that key to the role that you're using for the lambda function
4. In the Lambda console, go to the configuration for the lambda function
5. At the bottom, enter the secret(s) (e.g. username and password) into environment variables, and use the encryption helper to encrypt them.
6. Use the "code" button next to each environment variable to get a code snippet of how to use it.

I've modified main.py to use encryption helpers and attached it (also changed from print to logging for debug output).

main.py.txt

[tigerbrain]

Hi Eric,

I have personally toyed with this feature myself before and unfortunately, I don't think that this service is provided as free service by AWS. I think they charge a fee for every encryption key that you maintain. Can you verify that I was not mistaken about this?

Thanks!

tigerbrain

[ericfitz]

That is correct- there is a $1.00 USD charge per key per month.
KMS Pricing