AWScloud~5 mins

Environment variables in Lambda in AWS - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Sometimes your Lambda function needs extra information to work, like passwords or settings. Environment variables let you store this information safely outside your code so you can change it without updating the function itself.

When you want to keep database passwords out of your Lambda code for security.

When you need to change API keys without redeploying your Lambda function.

When you want to configure different settings for development and production environments.

When you want to pass configuration values like region or log level to your Lambda function.

When you want to avoid hardcoding values that might change over time.

Config File - lambda-environment.json

lambda-environment.json

{
  "Variables": {
    "DB_HOST": "database.example.com",
    "DB_USER": "admin",
    "DB_PASS": "securepassword123",
    "LOG_LEVEL": "info"
  }
}

This JSON file sets environment variables for the Lambda function named example-lambda. The Variables section contains key-value pairs your function can use. For example, DB_HOST tells the function where the database is, and LOG_LEVEL controls how much detail the function logs.

Commands

This command updates the Lambda function's environment variables using the JSON file. It applies the new settings without changing the function code.

Terminal

aws lambda update-function-configuration --function-name example-lambda --environment file://lambda-environment.json

Expected OutputExpected

{ "FunctionName": "example-lambda", "Environment": { "Variables": { "DB_HOST": "database.example.com", "DB_USER": "admin", "DB_PASS": "securepassword123", "LOG_LEVEL": "info" } }, "ResponseMetadata": { "RequestId": "1234abcd-56ef-78gh-90ij-klmnopqrstuv", "HTTPStatusCode": 200 } }

→

--function-name - Specifies which Lambda function to update

→

--environment - Provides the environment variables configuration

This command retrieves the current configuration of the Lambda function, including the environment variables, to verify the update.

Terminal

aws lambda get-function-configuration --function-name example-lambda

Expected OutputExpected

{ "FunctionName": "example-lambda", "Environment": { "Variables": { "DB_HOST": "database.example.com", "DB_USER": "admin", "DB_PASS": "securepassword123", "LOG_LEVEL": "info" } }, "Runtime": "python3.9", "Handler": "lambda_function.lambda_handler", "Role": "arn:aws:iam::123456789012:role/lambda-role" }

→

--function-name - Specifies which Lambda function to show

Key Concept

If you remember nothing else from this pattern, remember: environment variables let you safely pass configuration and secrets to your Lambda function without changing its code.

Common Mistakes

Hardcoding sensitive information like passwords directly in the Lambda code.

This makes it hard to update secrets and risks exposing them if the code is shared.

Use environment variables to store sensitive data and update them separately from the code.

Forgetting to update the Lambda function configuration after changing the environment variables file.

The function will keep using old values until the configuration is updated.

Always run the update-function-configuration command after changing environment variables.

Exposing sensitive environment variables in logs or error messages.

This can leak secrets and cause security issues.

Avoid printing sensitive environment variables in logs or handle them carefully.

Summary

Use a JSON file to define environment variables for your Lambda function.

Update the Lambda function configuration with the AWS CLI to apply environment variables.

Verify the environment variables are set correctly by retrieving the function configuration.