Parameters
An important step in building a data flow that you can run outside of the NiFi instance where it was built is the concept of parameterization. NiFi allows you to define Processor and Controller Service properties at runtime instead of at build time by using Parameter Contexts. The Lambda function handler allows you to specify the parameters in two ways: using environment variables or using the AWS Secrets Manager.
Environment variables
Any parameter can be specified using the environment variables of the AWS Lambda function. When configuring the Lambda function, simply add an environment variable whose name matches the name of a parameter in your Parameter Context.
AWS Secrets Manager
A more secure mechanism for storing parameters is to use the AWS Secrets Manager.
Now you can update the permissions of your Lambda:
- Navigate to .
- Click the arrow next to the role name.
Identity and Access Management (IAM) opens on a new browser tab.
- Click Add permissions to attach a new policy.You can attach a policy to grant the right permissions to the specific secret(s) that should be accessed by the Lambda.
This is an example of a policy to grant your Lambda access to your secret. Make sure to update the policy with the ARN of your secret.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "secretsmanager:GetResourcePolicy", "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret", "secretsmanager:ListSecretVersionIds" ], "Resource": [ "ARN:TO:YOUR:SECRET" ] }, { "Effect": "Allow", "Action": "secretsmanager:ListSecrets", "Resource": "*" } ] }