Why would it be better if we use lambda for API calls?

In this article we will talk about how to hide sensitive information with the help of lambda. If you have a dynamic developer team, you probably want to hide your sensitive information likewise db passwords, api keys, username password for 3rd party API’s. Managing these properties in the code brings several problems to the team. Malicious usage and code duplications are the first two that come to mind. Using the lambda for these calls is really advantageous.

For example there is a table and you use it from different applications. If you will change anything about that table like column or admin informations, you have to change just one environment variable in your lambda.

If you use one api from multiple service, you probably have code duplications. Managing these properties from lambda prevents you to write same code in different projects.

you may want to hide information from some developers. If you keep these information in the properties file, probably everyone can see them but the lambda provides us security with policy management. With the correct usage of policies, you can decide that who can see my password who can execute it who can change it.

Suppose that we have top secret link and we have to call it from java and we want to hide it. First we will write simple “go” code that can invoke http get method and it will find the link from “Environment variables”. “Environment variables” is the key for our title. Probably developers can see your “go” code but if you want, they cant see “environment variables”. After deploy that lambda function we will invoke it from java client without link or username, password.

We have simple “go” code. It will read environment variables and reach any data.

we can define environment variables in lambda configuration.

update/create the function

$ env GOOS=linux GOARCH=amd64 go build -o main main.go$ zip -j main.zip main$ aws lambda create-function --function-name req --runtime go1.x \\n  --zip-file fileb://function.zip --handler main \\n  --role arn:aws:iam::YOUR_ARN:role/LAMMBDA_EXECUTE_ROLE --profile YOUR_PROFİLE

We can execute lambda function easily.

https://github.com/munirKarsli/hiding-the-data