Accessing PostgreSQL credentials in project
Closed this issue · 4 comments
In my customized version of your project, calls to my API will return records from a PostgreSQL RDS database. Do you know the best way to access the database connection string without hard-coding them into my project?
I was thinking that maybe the simplest way is creating encrypted environment variables for the lambda function, but I also am not sure how to implement this following the style of your project.
Thank you for your help.
If you want to stay in the AWS ecosystem you can use KMS. In this case you have to make sure that your AWS Lambda can access KMS. That's probably the safest bet.
The option using encrypted env variables is an option and can be used like this. Yet I find it tedious to encrypt those every time my database changes. KMS adds more flexibility.
Thank you for the quick response.
As a first attempt I am trying to make it work with lambda environment variables, however I am facing some issues.
I set up a PostgreSQL RDS instance, was able to connect to my RDS instance on my local PC, and also query the API and get results from my RDS instance. So I know that at least in theory, my API should be able to work when connected to the RDS database.
However, once I deploy, I am unable to see any results. I get the below error when trying to query the API. I also am not able to see the /docs or /redoc interfaces, even though openapi_prefix="/Prod" is uncommented.
{
"message": "Internal server error"
}
And from the CloudWatch logs I see this error:
[ERROR] Runtime.ImportModuleError: Unable to import module 'example_app.main': libpq.so.5: cannot open shared object file: No such file or directory
The handler is currently set as example_app.main.handler which should still apply to my project. As a side note, I added the environment variables to the template.yml file as you mentioned and I verified that they were created properly.
My GitHub project is here: https://github.com/KurtKline/fastapi_aws
I appreciate any further insights that you may be able to provide. This is the first time I am deploying a real project on AWS, so I am getting tripped up by many small issues.
And from the CloudWatch logs I see this error:
[ERROR] Runtime.ImportModuleError: Unable to import module 'example_app.main': libpq.so.5: cannot open shared object file: No such file or directory
use psycopg2-binary instead of psycopg2. If that doesn't work, welcome to the world of pain which is dependencies.
However, once I deploy, I am unable to see any results. I get the below error when trying to query the API. I also am not able to see the /docs or /redoc interfaces, even though openapi_prefix="/Prod" is uncommented.
Your template says you're deploying to /prod not /Prod. In your AWS Management console go to API Gateway and check where your API is deployed too if you're uncertain. In your handler you have to be precise about the prefix.
I appreciate any further insights that you may be able to provide. This is the first time I am deploying a real project on AWS, so I am getting tripped up by many small issues.
I can relate. That's why I added that tutorial. If you find any short-comings I'm happy for any feedback to make it more clear. However, don't confuse me with StackOverflow. :P
psycopg2-binary was the trick. Thank you so much.
After deployment, I first tried accessing /docs, but then I was getting the spinning loading circle continuously. But this was already different than the error I had gotten previously. In order to solve the problem I also needed to add my default VPC to the Lambda function.
Your tutorial / comments have saved me tons of time going from local to production. I really appreciate it.