.env file locally (on linux / mac):
base64 your-env-file.env > encrypted-env-file.envencrypted-env-file.env to S3 (via aws-cli)s3:GetObject permission for the specific S3 bucket and file.| import com.amazonaws.services.lambda.runtime.Context; | |
| import com.amazonaws.services.lambda.runtime.RequestHandler; | |
| import com.amazonaws.services.s3.AmazonS3; | |
| import com.amazonaws.services.s3.AmazonS3ClientBuilder; | |
| import com.google.common.cache.Cache; | |
| import com.google.common.cache.CacheBuilder; | |
| import java.util.Base64; | |
| import java.util.concurrent.TimeUnit; | |
| // AWS Lambda Handler | |
| public class FeatureFlagHandler implements RequestHandler<Object, String> { | |
| private static final String BUCKET_NAME = "your-s3-bucket"; | |
| private static final String FILE_KEY = "path/to/your/envfile.env"; | |
| private static final Cache<String, String> cache; | |
| private final AmazonS3 s3Client; | |
| static { | |
| // Initialize cache with 30-second expiry | |
| cache = CacheBuilder.newBuilder() | |
| .expireAfterWrite(30, TimeUnit.SECONDS) | |
| .build(); | |
| } | |
| public FeatureFlagHandler() { | |
| // Initialize S3 client | |
| this.s3Client = AmazonS3ClientBuilder.defaultClient(); | |
| } | |
| @Override | |
| public String handleRequest(Object input, Context context) { | |
| try { | |
| return cache.get("featureFlags", this::fetchAndDecodeFeatureFlags); | |
| } catch (Exception e) { | |
| context.getLogger().log("Error fetching feature flags: " + e.getMessage()); | |
| return null; | |
| } | |
| } | |
| // Fetch and decode feature flags from S3 | |
| private String fetchAndDecodeFeatureFlags() { | |
| String encryptedData = s3Client.getObjectAsString(BUCKET_NAME, FILE_KEY); | |
| return new String(Base64.getDecoder().decode(encryptedData)); | |
| } | |
| } |