I recently was getting ready for the Security Speciality Exam, and I got the question to choose between using the Parameter Store to store a secret database connection URL which could hold passwords or to use KMS encrypted environment variables in the Lambda.
IMO Environment Variables are preferable because otherwise for Lambda Functions which are invoked many thousands or hundreds of thousands of times a day, this could start to cost a considerable amount of cost or could even result in hitting account limits.
In addition there is added latency to fetching the parameter each invocation, which may not be significant but nevertheless adds up. In general I would love to see a reference syntax implemented for Lambda environment variables to resolve to AWS SSM parameter values similar to what has now been implemented for Cloudformation for both SSM and secrets manager.
But until then why is SSM preferred over using KMS encrypted environment variables, considering the increased cost and latency? (This is what I have seen recommended in practice exams)
This article has some useful points:
- Hard to share configs across projects
- Hard to implement fine-grained access control
- [SSM Parameter Store] records a history of changes
So it would generally be a more flexible architecture to use SSM. That said, if these benefits really won't apply to you then you can still use environment variables and reduce the latency, as you pointed out. It is not so much that one is wrong, but that another is generally considered more of a "well-architected" approach. But specific cases may warrant other implementations.
This article mentions the better security it brings.
"While this approach [using environment variables] is simple and straightforward, it comes with considerable security drawbacks - the secrets exist in plaintext in the environment. Any other process, library, or dependency running inside the process has access to the environment which has already been exploited multiple times."
Security is a big consideration, and most things done to improve security bring latency or processing costs compared to less secure alternatives.
Some other thoughts to consider: