AWS Lambda: How to store secret to external API?

Question

I\'m building a monitoring tool based on AWS Lambda. Given a set of metrics, the Lambdas should be able to send SMS using Twilio API. To be able to use the API, Twilio provi

Answer 1

Well...that's what KMS was made for :) And certainly more secure than storing your tokens in plaintext in the Lambda function or delegating to a third-party service.

If you go down this route, check out this blog post for an existing usage example to get up and running faster. In particular, you will need to add the following to your Lambda execution role policy:

"kms:Decrypt",
"kms:DescribeKey",
"kms:GetKeyPolicy",

The rest of the code for the above example is a bit convoluted; you should really only need describeKey() in this case.