I’ve got many PowerShell scripts I’ve written over the years but one of the most useful was to simply get data from a Microsoft SQL server and another to insert or update data. This is an example of modernizing a script I wrote over 5 years ago to now run on serverless computing with AWS Lambda. In addition I can use API Gateway and Lambda to create a serverless interface to a Microsoft SQL instance. I’ve tested this with an Amazon RDS MS SQL standard instance within a VPC, a Lambda function with an ENI within that VPC, and API integration with Lambda. Additionally the security group on the RDS instance will need to allow port 1433 with the source being the Lambda function security group. With this combination of components I can do an HTTPS get request to the API which reads from a MSSQL database. This is also very useful for decoupling, migration, and adopting a microservices architecture.
AWS CodeBuild for PowerShellStandard
As I’ve been building more AWS Lambda for PowerShell functions I’m wanting to automate testing and deployment with Continuous Integration and Continuous Deployment, a CI/CD Pipeline. To do this one of the steps we’ll need to do is use the AWS Lambda PowerShell cmdlet New-AWSPowerShellLambdaPackage which will package up our script with all it’s dependencies into a zip file. I’ll want to run this on a build environment within AWS CodeBuild. Unfortunately there’s not a PowerShell specific runtime in CodeBuild yet. However, we can utilize the existing .NET 2.2 runtime provided and install PowerShell on it. With that we can run our PowerShell scripts on CodeBuild to build our functions artifacts.
AWS Lambda for PowerShell Encrypted Environment VariablesStandard
Recently I was developing a AWS Lambda for PowerShell function to read a table from a Microsoft SQL on RDS Instance within a VPC. Using the .NET Core SQL client I need to provide credentials to access the database. For the password it should be stored encrypted at rest, never in plain text, and when passed to the function should be done so as a secure string. We can configure the function to use KMS for encryption at rest. This presents us with two challenges. How do I encrypt a AWS Lambda environment variable and how will my AWS Lambda for PowerShell function securely get the decrypted value in memory as a secure string when the Lambda function is invoked.