Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| import { APIGatewayEvent, APIGatewayProxyResult, Context } from "aws-lambda"; | ||
| import { v4 as uuidv4 } from "uuid"; | ||
| import { getLogger } from "../../../utils/logger"; | ||
| import { updateSecret } from "../../../utils/secretsManager"; | ||
|
|
||
| export const handler = async ( | ||
| event: APIGatewayEvent, | ||
| context: Context | ||
| ): Promise<APIGatewayProxyResult> => { | ||
| const correlationId: string = event.requestContext.requestId || uuidv4(); | ||
| const logger = getLogger(correlationId); | ||
| const newGuid = uuidv4(); | ||
|
|
||
| try { | ||
| logger.info("Rotating verifyKey."); | ||
| await updateSecret( | ||
| process.env.VERIFY_SECRET_NAME, | ||
| JSON.stringify({ verifyKey: newGuid }) | ||
| ); | ||
| logger.info("Successfully rotated verifyKey"); | ||
|
|
||
| return { | ||
| statusCode: 200, | ||
| body: JSON.stringify({ | ||
| message: | ||
| "Successfully rotated the key and restarted the ECS Service/TD", | ||
| }), | ||
| }; | ||
| } catch (error) { | ||
| logger.error(error); | ||
|
|
||
| return { | ||
| statusCode: 500, | ||
| body: JSON.stringify({ | ||
| message: | ||
| "Something went wrong when updating the key and restarting the ECS Service/TD", | ||
| }), | ||
| }; | ||
| } | ||
| }; | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| import { | ||
| GetSecretValueCommand, | ||
| SecretsManagerClient, | ||
| UpdateSecretCommand, | ||
| } from "@aws-sdk/client-secrets-manager"; | ||
|
|
||
| const secretsManagerClient = new SecretsManagerClient(); | ||
|
|
||
| export const getSecret = async (secretName: string): Promise<string> => { | ||
| try { | ||
| const command = new GetSecretValueCommand({ SecretId: secretName }); | ||
| const data = await secretsManagerClient.send(command); | ||
|
|
||
| if (data.SecretString) { | ||
| return data.SecretString; | ||
| } else { | ||
| throw new Error( | ||
| `Secret with ID ${secretName} does not contain SecretString` | ||
| ); | ||
| } | ||
| } catch (error) { | ||
| console.error(`Error retrieving secret ${secretName}:`, error); | ||
| throw error; | ||
| } | ||
| }; | ||
|
|
||
| export const updateSecret = async ( | ||
| secretId: string, | ||
| secretString: string | ||
| ): Promise<void> => { | ||
| try { | ||
| const command = new UpdateSecretCommand({ | ||
| SecretId: secretId, | ||
| SecretString: secretString, | ||
| }); | ||
|
|
||
| await secretsManagerClient.send(command); | ||
| } catch (error) { | ||
| console.error(`Error updating secret ${secretId}`, error); | ||
| throw error; | ||
| } | ||
| }; |