Fork me on GitHub
#aws
<
2015-10-23
>
Chris Bidler04:10:30

I could be wrong about this since I don’t know your use-case and haven’t done much with Lambda in anger, but should you not be assigning IAM roles to your Lamba functions that have the perms you need?

Chris Bidler04:10:09

I fee like looking for key-pair creds inside a Lambda function is something of an anti-pattern

ragge07:10:51

@clojuregeek: what @chris_johnson said, use an IAM profile with appropriate permissions, aws-sdk (through amazonica) should pick that up

ragge07:10:51

@clojuregeek: also, if you get your local machines env that means that you're calling System/getenv at compile-time, instead of runtime, which would happen if you for example had:

ragge07:10:14

(def aws-secret-access-key  (System/getenv "AWS_SECRET_ACCESS_KEY"))

clojuregeek13:10:19

@ragge: @chris_johnson (def instances (ec2/describe-instances creds)) the code uses amazonica library

clojuregeek13:10:03

I ended up passing the creds to the function which worked out better in the long run

Chris Bidler14:10:47

@clojuregeek: that’s an interesting case - do you expect the Lambda function to be getting instance metadata for some credentials, or always a known account/role/keypair?

Chris Bidler14:10:12

Now I’m interested enough in this to try and work up an example, if time allows this afternoon. simple_smile

ragge14:10:16

@clojuregeek: just be aware that if you do (def instances (ec2/describe-instances creds)) and that namespace is AOT compiled then the call to ec2 will be executed at compile time

ragge14:10:42

@clojuregeek: just like (def x (println "Hello"))