Creating process.env variables using AWS Amplify?

Question

With serverless we can add process.env variables by creating a configuration file entry like this:

environment:
    STRIPE_SECRET_KEY: ${self:custom.secrets.stripeSecretKey} # Stripe secret API key

And we can access it in our lambda function like this:

const stripe = require('stripe')(process.env.STRIPE_SECRET_KEY);

How do we do this with AWS Amplify?

Did you find any solution for that? I am trying the same because i need to set a different hostedUi Path for local and uploaded environment — d0utone, Aug 14 '19 at 12:25
Looks like we can add them manually like this, all though that's outside of the Amplify workflow: https://docs.aws.amazon.com/lambda/latest/dg/env_variables.html — Ole, Aug 14 '19 at 12:52

score 4 · Accepted Answer · answered Jan 13 '20 at 05:13

4

You can add variables at your Amplify environment configuration. You can also add variable overrides and select a branch that's gonna use it.

DOCS: https://docs.aws.amazon.com/amplify/latest/userguide/environment-variables.html

answered Jan 13 '20 at 05:13

v.nikopolidi

100
3

9

These are not available in `process.env`. – devth May 18 '20 at 22:36
1

It actually works @devth - but it requires re-deploying the stack – kartonnade Jul 21 '20 at 04:10
1

I didn't get it working. After contacting AWS Premium support I've said it's not going to work so I had put keys right into lambda function as config and manage values with `process.env.ENV === "production" ? PRODUCTION_KEY : STAGING_KEY` – v.nikopolidi Jul 21 '20 at 16:37
when I create an amplify function and have environment variable in there, I can't seem to create a function which gets these variables passed through. are you saying any lambda functions you create after you add the env vars, will have those env vars passed into that function? – Ramon Rahman Feb 23 '21 at 13:53
These are build time variables, not for backend / lambda functions – Dylan w Mar 25 '23 at 00:06

JunKim · Answer 2 · 2020-12-10T03:18:22.937

1

Using Amplify environment variable in lambda is unavailable at the moment.

Btw, what you can do is referring to the name of backend environment in lambda.

It would be automatically set if you create lambda with amplify.

For example, you can get the name of your backend environment name with os.environ['ENV'] in python lambda.

edited Dec 10 '20 at 03:18

answered Dec 10 '20 at 01:41

JunKim

647
7
17

this seems to be the proper answer – Ramon Rahman Feb 23 '21 at 13:52

score 1 · Answer 3 · edited Feb 24 '21 at 14:23

After a year+ of development using amplify framework I figured that you can only specify ENV VARIABLE form from your front-end build process. for lambdas it's a bit tricky. You can add a condition "IsProductionEnv" which is going to place value to ENV Variables for that function depending on amplify env. for production I use "prod" you can use whatever you want. go to your amplify/backend/function/{functionName} folder. there should be {functionName}-cloudformation-template.json file. you need to add one more item to "Conditions" object:

"Conditions":{
  ...,
  "IsProductionEnv": {
      "Fn::Equals": [
        {
          "Ref": "env"
        },
        "prod"
      ]
    }
}

then you need to use that condition at "Resources.Properties.Environment.Variables" :

       "Environment": {
          "Variables": {
            ...,
            "STRIPE_PK": {
              "Fn::If": [
                "IsProductionEnv",
                "pk_live_...",
                "pk_test_..."
              ]
            }
          }
        }

I have "dev" and "prod" amplify env names. it will handle your deployments and manage your env variables based on env for that function.

score 0 · Answer 4 · answered Mar 25 '23 at 00:05

For secrets such as Stripe API keys, they should never be visible to a user.

With Amplify CLI you can add a secret to each lambda function which will allow you to access a secret for each environment. View here

You can run amplify function update for existing functions or when you create a amplify function add there will be a prompt to add a secret.

Here is sample node lambda code to access the secret:

const { SSM } = require('aws-sdk');

...


  const { Parameters: [ stripeSecretData ] } = await ( new SSM() )
      .getParameters({
        Names: [ 'STRIPE_SECRET_KEY' ].map(secretName => process.env[ secretName ]),
        WithDecryption: true
      })
      .promise();

    STRIPE_SECRET_KEY = stripeSecretData.Value;

When you checkout into another environment and push you will be prompted to add a secret for that new environment if one doesn't exist.

Note there is costs for using AWS secrets manager https://aws.amazon.com/secrets-manager/pricing/ and you must create 1 secret per lambda function.

Creating process.env variables using AWS Amplify?

4 Answers4