Configuring the AWS AppConfig Agent Lambda extension
You can configure the extension by changing the following AWS Lambda environment variables. For more information, see Using AWS Lambda environment variables in the AWS Lambda Developer Guide.
Prefetching configuration data
The environment variable AWS_APPCONFIG_EXTENSION_PREFETCH_LIST can
improve the start-up time of your function. When the AWS AppConfig Agent Lambda extension is
initialized, it retrieves the specified configuration from AWS AppConfig before Lambda starts to
initialize your function and invoke your handler. In some cases, the configuration data is
already available in the local cache before your function requests it.
To use the prefetch capability, set the value of the environment variable to the path
corresponding to your configuration data. For example, if your configuration corresponds
to an application, environment, and configuration profile respectively named
"my_application", "my_environment", and "my_configuration_data", the path would be
/applications/my_application/environments/my_environment/configurations/my_configuration_data.
You can specify multiple configuration items by listing them as a comma-separated list (If
you have a resource name that includes a comma, use the resource’s ID value instead of its
name).
Accessing configuration data from another account
The AWS AppConfig Agent Lambda extension can retrieve configuration data from another account by specifying an IAM role that grants permissions to the data. To set this up, follow these steps:
-
In the account where AWS AppConfig is used to manage the configuration data, create a role with a trust policy that grants the account running the Lambda function access to the
appconfig:StartConfigurationSessionandappconfig:GetLatestConfigurationactions, along with the partial or complete ARNs corresponding to the AWS AppConfig configuration resources. -
In the account running the Lambda function, add the
AWS_APPCONFIG_EXTENSION_ROLE_ARNenvironment variable to the Lambda function with the ARN of the role created in step 1. -
(Optional) If needed, an external ID can be specified using the
AWS_APPCONFIG_EXTENSION_ROLE_EXTERNAL_IDenvironment variable. Similarly, a session name can be configured using theAWS_APPCONFIG_EXTENSION_ROLE_SESSION_NAMEenvironment variable.
Note
Note the following information.
-
The AWS AppConfig Agent Lambda extension can only retrieve data from one account. If you specify an IAM role, the extension will not be able to retrieve configuration data from the account in which the Lambda function is running.
-
AWS Lambda logs information about the AWS AppConfig Agent Lambda extension and the Lambda function by using Amazon CloudWatch Logs.
| Environment variable | Details | Default value |
|---|---|---|
|
|
This environment variable specifies the port on which the local HTTP server that hosts the extension runs. |
2772 |
|
|
This environment variable specifies which AWS AppConfig extension-specific logs are
sent to Amazon CloudWatch Logs for a function. Valid, case-insensitive values are:
|
|
|
|
This environment variable configures the maximum number of connections the extension uses to retrieve configurations from AWS AppConfig. |
3 |
|
|
This environment variable controls how often the extension polls AWS AppConfig for an updated configuration in seconds. |
45 |
|
|
This environment variable controls the maximum amount of time, in milliseconds, the extension waits for a response from AWS AppConfig when refreshing data in the cache. If AWS AppConfig does not respond in the specified amount of time, the extension skips this poll interval and returns the previously updated cached data. |
3000 |
|
|
This environment variable specifies the configuration data that the extension starts to retrieve before the function initializes and the handler runs. It can reduce the function's cold start time significantly. |
None |
AWS_APPCONFIG_EXTENSION_PROXY_HEADERS |
This environment variable specifies headers required by the proxy referenced
in the AWS_APPCONFIG_EXTENSION_PROXY_URL environment variable. The
value is a comma-separated list of headers. Each header uses the following form:
|
None |
AWS_APPCONFIG_EXTENSION_PROXY_URL |
This environment variable specifies the proxy URL to use for connections from
the AWS AppConfig extension to AWS services. HTTPS and HTTP
URLs are supported. |
None |
AWS_APPCONFIG_EXTENSION_ROLE_ARN |
This environment variable specifies the IAM role ARN corresponding to a role that should be assumed by the AWS AppConfig extension to retrieve configuration. | None |
AWS_APPCONFIG_EXTENSION_ROLE_EXTERNAL_ID |
This environment variable specifies the external id to use in conjunction with the assumed role ARN. | None |
AWS_APPCONFIG_EXTENSION_ROLE_SESSION_NAME |
This environment variable specifies the session name to be associated with the credentials for the assumed IAM role. | None |
AWS_APPCONFIG_EXTENSION_SERVICE_REGION |
This environment variable specifies an alternative Region the extension should use to call the AWS AppConfig service. When undefined, the extension uses the endpoint in the current Region. | None |
|
|
This environment variable configures AWS AppConfig Agent to take advantage of additional per-configuration features like multi-account retrievals and save configuration to disk. You can enter one of the following values:
For more information about these features, see Using a manifest to enable additional retrieval features. |
true |
|
|
This environment variable configures AWS AppConfig Agent to wait until the manifest is processed before completing startup. |
true |
