The Parameters Utility helps to retrieve parameters from the System Manager Parameter Store (SSM), secrets from the Secrets Manager, and application configuration from AppConfig. Additionally, the utility also offers support for a DynamoDB provider, enabling the retrieval of arbitrary parameters from specified tables.
This utility supports AWS SDK for JavaScript v3 only. This allows the utility to be modular, and you to install only the SDK packages you need and keep your bundle size small.
Depending on the provider you want to use, install the library and the corresponding AWS SDK package:
You can retrieve a single parameter using the getParameter high-level function.
Fetching a single parameter from SSM
1234567
import{getParameter}from'@aws-lambda-powertools/parameters/ssm';exportconsthandler=async():Promise<void>=>{// Retrieve a single parameterconstparameter=awaitgetParameter('/my/parameter');console.log(parameter);};
For multiple parameters, you can use either:
getParameters to recursively fetch all parameters by path.
getParametersByName to fetch distinct parameters by their full name. It also accepts custom caching, transform, decrypt per parameter.
Fetching multiple parameters by path from SSM
1 2 3 4 5 6 7 8 9101112
import{getParameters}from'@aws-lambda-powertools/parameters/ssm';exportconsthandler=async():Promise<void>=>{/** * Retrieve multiple parameters from a path prefix recursively. * This returns an object with the parameter name as key */constparameters=awaitgetParameters('/my/path/prefix');for(const[key,value]ofObject.entries(parameters||{})){console.log(`${key}: ${value}`);}};
Fetching multiple parameters by names from SSM
1 2 3 4 5 6 7 8 91011121314151617181920
import{Transform}from'@aws-lambda-powertools/parameters';import{getParametersByName}from'@aws-lambda-powertools/parameters/ssm';importtype{SSMGetParametersByNameOptions}from'@aws-lambda-powertools/parameters/ssm/types';constprops:Record<string,SSMGetParametersByNameOptions>={'/develop/service/commons/telemetry/config':{maxAge:300,transform:Transform.JSON,},'/no_cache_param':{maxAge:0},'/develop/service/payment/api/capture/url':{},// When empty or undefined, it uses default values};exportconsthandler=async():Promise<void>=>{// This returns an object with the parameter name as keyconstparameters=awaitgetParametersByName(props,{maxAge:60});for(const[key,value]ofObject.entries(parameters)){console.log(`${key}: ${value}`);}};
By default, the provider will throw a GetParameterError when any parameter fails to be fetched. You can override it by setting throwOnError: false.
When disabled, instead the provider will take the following actions:
Add failed parameter name in the _errors key, e.g., { _errors: [ '/param1', '/param2' ] }
Keep only successful parameter names and their values in the response
Throw GetParameterError if any of your parameters is named _errors
1 2 3 4 5 6 7 8 910111213141516171819202122232425
import{getParametersByName}from'@aws-lambda-powertools/parameters/ssm';importtype{SSMGetParametersByNameOptions}from'@aws-lambda-powertools/parameters/ssm/types';constprops:Record<string,SSMGetParametersByNameOptions>={'/develop/service/commons/telemetry/config':{maxAge:300,transform:'json',},'/this/param/does/not/exist':{},// <- Example of non-existent parameter};exportconsthandler=async():Promise<void>=>{const{_errors:errors,...parameters}=awaitgetParametersByName(props,{throwOnError:false,});// Handle gracefully, since `/this/param/does/not/exist` will only be available in `_errors`if(errors?.length){console.error(`Unable to retrieve parameters: ${errors.join(',')}`);}for(const[key,value]ofObject.entries(parameters)){console.log(`${key}: ${value}`);}};
You can store parameters in the System Manager Parameter Store using setParameter.
Storing a parameter in SSM
1234567
import{setParameter}from'@aws-lambda-powertools/parameters/ssm';exportconsthandler=async():Promise<void>=>{// Store a string parameterconstparameter=awaitsetParameter('/my/parameter',{value:'my-value'});console.log(parameter);};
If the parameter is already existent, it needs to have the overwrite parameter set to true to update the value.
Overwriting an existing parameter in SSM
1 2 3 4 5 6 7 8 910
import{setParameter}from'@aws-lambda-powertools/parameters/ssm';exportconsthandler=async():Promise<void>=>{// Overwrite a string parameterconstparameter=awaitsetParameter('/my/parameter',{value:'my-value',overwrite:true,});console.log(parameter);};
You can fetch secrets stored in Secrets Manager using getSecret.
Fetching secrets
1234567
import{getSecret}from'@aws-lambda-powertools/parameters/secrets';exportconsthandler=async():Promise<void>=>{// Retrieve a single secretconstsecret=awaitgetSecret('my-secret');console.log(secret);};
You can fetch application configurations in AWS AppConfig using getAppConfig.
The following will retrieve the latest version and store it in the cache.
Fetching latest config from AppConfig
1 2 3 4 5 6 7 8 910
import{getAppConfig}from'@aws-lambda-powertools/parameters/appconfig';exportconsthandler=async():Promise<void>=>{// Retrieve a configuration, latest versionconstconfig=awaitgetAppConfig('my-configuration',{environment:'my-env',application:'my-app',});console.log(config);};
When using getAppConfig, the underlying provider is cached. To fetch from different applications or environments, create separate AppConfigProvider instances for each application/environment combination.
By default, the provider will cache parameters retrieved in-memory for 5 seconds.
You can adjust how long values should be kept in cache by using the param maxAge, when using get() or getMultiple() methods across all providers.
Tip
If you want to set the same TTL for all parameters, you can set the POWERTOOLS_PARAMETERS_MAX_AGE environment variable. This will override the default TTL of 5 seconds but can be overridden by the maxAge parameter.
Caching parameters values in memory for longer than 5 seconds
1 2 3 4 5 6 7 8 910111213141516171819
import{SSMProvider}from'@aws-lambda-powertools/parameters/ssm';constparametersProvider=newSSMProvider();exportconsthandler=async():Promise<void>=>{// Retrieve a single parameter and cache it for 1 minuteconstparameter=awaitparametersProvider.get('/my/parameter',{maxAge:60,});// (1)console.log(parameter);// Retrieve multiple parameters from a path prefix and cache them for 2 minutesconstparameters=awaitparametersProvider.getMultiple('/my/path/prefix',{maxAge:120,});for(const[key,value]ofObject.entries(parameters||{})){console.log(`${key}: ${value}`);}};
Options passed to get(), getMultiple(), and getParametersByName() will override the values set in POWERTOOLS_PARAMETERS_MAX_AGE environment variable.
Info
The maxAge parameter is also available in high level functions like getParameter, getSecret, etc.
If you'd like to always ensure you fetch the latest parameter from the store regardless if already available in cache, use the forceFetch parameter.
Forcefully fetching the latest parameter whether TTL has expired or not
1234567
import{getParameter}from'@aws-lambda-powertools/parameters/ssm';exportconsthandler=async():Promise<void>=>{// Retrieve a single parameterconstparameter=awaitgetParameter('/my/parameter',{forceFetch:true});console.log(parameter);};
For greater flexibility such as configuring the underlying SDK client used by built-in providers, you can use their respective Provider Classes directly.
Tip
This can be used to retrieve values from other regions, change the retry behavior, etc.
Example with SSMProvider for further extensibility
1 2 3 4 5 6 7 8 91011121314151617
import{SSMProvider}from'@aws-lambda-powertools/parameters/ssm';importtype{SSMClientConfig}from'@aws-sdk/client-ssm';constclientConfig:SSMClientConfig={region:'us-east-1'};constparametersProvider=newSSMProvider({clientConfig});exportconsthandler=async():Promise<void>=>{// Retrieve a single parameterconstparameter=awaitparametersProvider.get('/my/parameter');console.log(parameter);// Retrieve multiple parameters from a path prefixconstparameters=awaitparametersProvider.getMultiple('/my/path/prefix');for(const[key,value]ofObject.entries(parameters||{})){console.log(`${key}: ${value}`);}};
The AWS Systems Manager Parameter Store provider supports two additional arguments for the get() and getMultiple() methods:
Parameter
Default
Description
decrypt
false
Will automatically decrypt the parameter (see required IAM Permissions).
recursive
true
For getMultiple() only, will fetch all parameter values recursively based on a path prefix.
Tip
If you want to always decrypt parameters, you can set the POWERTOOLS_PARAMETERS_SSM_DECRYPT=true environment variable. This will override the default value of false but can be overridden by the decrypt parameter.
Options passed to get(), getMultiple(), and getParametersByName() will override the values set in POWERTOOLS_PARAMETERS_SSM_DECRYPT environment variable.
Example with SecretsProvider for further extensibility
1 2 3 4 5 6 7 8 91011
import{SecretsProvider}from'@aws-lambda-powertools/parameters/secrets';importtype{SecretsManagerClientConfig}from'@aws-sdk/client-secrets-manager';constclientConfig:SecretsManagerClientConfig={region:'us-east-1'};constsecretsProvider=newSecretsProvider({clientConfig});exportconsthandler=async():Promise<void>=>{// Retrieve a single secretconstsecret=awaitsecretsProvider.get('my-secret');console.log(secret);};
The AWS AppConfig provider requires two arguments when initialized:
Parameter
Mandatory in constructor
Alternative
Description
application
No
POWERTOOLS_SERVICE_NAME env variable
The application in which your config resides.
environment
Yes
(N/A)
The environment that corresponds to your current config.
Example with AppConfigProvider for further extensibility
1 2 3 4 5 6 7 8 9101112131415
import{AppConfigProvider}from'@aws-lambda-powertools/parameters/appconfig';importtype{AppConfigDataClientConfig}from'@aws-sdk/client-appconfigdata';constclientConfig:AppConfigDataClientConfig={region:'us-east-1'};constconfigsProvider=newAppConfigProvider({application:'my-app',environment:'my-env',clientConfig,});exportconsthandler=async():Promise<void>=>{// Retrieve a configconstconfig=awaitconfigsProvider.get('my-config');console.log(config);};
The DynamoDB Provider does not have any high-level functions and needs to know the name of the DynamoDB table containing the parameters.
DynamoDB table structure for single parameters
For single parameters, you must use id as the partition key for that table.
Example
DynamoDB table with id partition key and value as attribute
id
value
my-parameter
my-value
With this table, await dynamoDBProvider.get('my-param') will return my-value.
123456789
import{DynamoDBProvider}from'@aws-lambda-powertools/parameters/dynamodb';constdynamoDBProvider=newDynamoDBProvider({tableName:'my-table'});exportconsthandler=async():Promise<void>=>{// Retrieve a value from DynamoDBconstvalue=awaitdynamoDBProvider.get('my-parameter');console.log(value);};
You can initialize the DynamoDB provider pointing to DynamoDB Local using the endpoint field in the clientConfig parameter:
1 2 3 4 5 6 7 8 91011121314
import{DynamoDBProvider}from'@aws-lambda-powertools/parameters/dynamodb';constdynamoDBProvider=newDynamoDBProvider({tableName:'my-table',clientConfig:{endpoint:'http://localhost:8000',},});exportconsthandler=async():Promise<void>=>{// Retrieve a value from DynamoDBconstvalue=awaitdynamoDBProvider.get('my-parameter');console.log(value);};
DynamoDB table structure for multiple values parameters
You can retrieve multiple parameters sharing the same id by having a sort key named sk.
Example
DynamoDB table with id primary key, sk as sort key and value as attribute
id
sk
value
my-hash-key
param-a
my-value-a
my-hash-key
param-b
my-value-b
my-hash-key
param-c
my-value-c
With this table, await dynamoDBProvider.getMultiple('my-hash-key') will return a dictionary response in the shape of sk:value.
1 2 3 4 5 6 7 8 910111213141516
import{DynamoDBProvider}from'@aws-lambda-powertools/parameters/dynamodb';constdynamoDBProvider=newDynamoDBProvider({tableName:'my-table'});exportconsthandler=async():Promise<void>=>{/** * Retrieve multiple values by performing a Query on the DynamoDB table. * This returns a dict with the sort key attribute as dict key. */constvalues=awaitdynamoDBProvider.getMultiple('my-hash-key');for(const[key,value]ofObject.entries(values||{})){// key: param-a// value: my-value-aconsole.log(`${key}: ${value}`);}};
You can create your own custom parameter store provider by extending the BaseProvider class, and implementing the get() and getMultiple() methods, as well as its respective _get() and _getMultiple() private methods to retrieve a single, or multiple parameters from your custom store.
All caching logic is handled by the BaseProvider, and provided that the return types of your store are compatible with the ones used in the BaseProvider, all transformations will also work as expected.
Here's an example of implementing a custom parameter store using an external service like HashiCorp Vault, a widely popular key-value secret storage.
1 2 3 4 5 6 7 8 910111213141516171819202122
import{Logger}from'@aws-lambda-powertools/logger';import{HashiCorpVaultProvider}from'./customProviderVault.js';constlogger=newLogger({serviceName:'serverless-airline'});constsecretsProvider=newHashiCorpVaultProvider({url:'https://vault.example.com:8200/v1',token:process.env.ROOT_TOKEN??'',rootPath:'kv',});// Retrieve a secret from HashiCorp Vaultconstsecret=awaitsecretsProvider.get<{foo:'string'}>('my-secret');constres=awaitfetch('https://example.com/api',{method:'POST',headers:{'Content-Type':'application/json',Authorization:`Bearer ${secret?.foo}`,},body:JSON.stringify({data:'example'}),});logger.debug('res status',{status:res.status});
import{BaseProvider}from'@aws-lambda-powertools/parameters/base';import{GetParameterError}from'@aws-lambda-powertools/parameters/errors';importtype{HashiCorpVaultGetOptions,HashiCorpVaultProviderOptions,}from'./customProviderVaultTypes.js';classHashiCorpVaultProviderextendsBaseProvider{readonly#baseUrl:string;readonly#token:string;readonly#rootPath?:string;readonly#timeout:number;readonly#abortController:AbortController;/** * It initializes the HashiCorpVaultProvider class. * * @param config - The configuration object. */publicconstructor(config:HashiCorpVaultProviderOptions){super({});const{url,token,rootPath,timeout}=config;this.#baseUrl=url;this.#rootPath=rootPath??'secret';this.#timeout=timeout??5000;this.#token=token;this.#abortController=newAbortController();}/** * Retrieve a secret from HashiCorp Vault. * * You can customize the retrieval of the secret by passing options to the function: * * `maxAge` - The maximum age of the value in cache before fetching a new one (in seconds) (default: 5) * * `forceFetch` - Whether to always fetch a new value from the store regardless if already available in cache * * `sdkOptions` - Extra options to pass to the HashiCorp Vault SDK, e.g. `mount` or `version` * * @param name - The name of the secret * @param options - Options to customize the retrieval of the secret */publicasyncget<TextendsRecord<string,unknown>>(name:string,options?:HashiCorpVaultGetOptions):Promise<T|undefined>{returnsuper.get(name,options)asPromise<Record<string,unknown>|undefined>asPromise<T|undefined>;}/** * Retrieving multiple parameter values is not supported with HashiCorp Vault. */publicasyncgetMultiple(path:string,_options?:unknown):Promise<void>{awaitsuper.getMultiple(path);}/** * Retrieve a secret from HashiCorp Vault. * * @param name - The name of the secret * @param options - Options to customize the retrieval of the secret */protectedasync_get(name:string,options?:HashiCorpVaultGetOptions):Promise<Record<string,unknown>>{const{sdkOptions}=options??{};constmount=sdkOptions?.mount??this.#rootPath;constversion=sdkOptions?.version?`?version=${sdkOptions?.version}`:'';setTimeout(()=>{this.#abortController.abort();},this.#timeout);constres=awaitfetch(`${this.#baseUrl}/${mount}/data/${name}${version}`,{headers:{'X-Vault-Token':this.#token},method:'GET',signal:this.#abortController.signal,});if(!res.ok){thrownewGetParameterError(`Failed to fetch secret ${res.statusText}`);}constresponse=awaitres.json();returnresponse.data.data;}/** * Retrieving multiple parameter values from HashiCorp Vault is not supported. * * @throws Not Implemented Error. */protectedasync_getMultiple(_path:string,_options?:unknown):Promise<Record<string,unknown>|undefined>{thrownewGetParameterError('Method not implemented.');}}export{HashiCorpVaultProvider};
importtype{GetOptionsInterface}from'@aws-lambda-powertools/parameters/base/types';/** * Options for the HashiCorpVaultProvider class constructor. * * @param {string} url - Indicate the server name/IP, port and API version for the Vault instance, all paths are relative to this one. * @param {string} token - The Vault token to use for authentication. * */interfaceHashiCorpVaultProviderOptions{/** * Indicate the server name/IP, port and API version for the Vault instance, all paths are relative to this one. * @example 'https://vault.example.com:8200/v1' */url:string;/** * The Vault token to use for authentication. */token:string;/** * The root path to use for the secret engine. Defaults to `secret`. */rootPath?:string;/** * The timeout in milliseconds for the HTTP requests. Defaults to `5000`. * @example 10000 * @default 5000 */timeout?:number;}typeHashiCorpVaultReadKVSecretOptions={/** * The mount point of the secret engine to use. Defaults to `secret`. * @example 'kv' */mount?:string;/** * The version of the secret to retrieve. Defaults to `undefined`. * @example 1 */version?:number;};interfaceHashiCorpVaultGetOptionsextendsGetOptionsInterface{/** * The Parameters utility does not support transforming `Record<string, unknown>` values as returned by the HashiCorp Vault SDK. */transform?:never;sdkOptions?:HashiCorpVaultReadKVSecretOptions;}exporttype{HashiCorpVaultProviderOptions,HashiCorpVaultGetOptions};
If you use transform with getMultiple(), you can have a single malformed parameter value. To prevent failing the entire request, the method will return an undefined value for the parameters that failed to transform.
You can override this by setting the throwOnTransformError argument to true. If you do so, a single transform error will throw a TransformParameterError error.
For example, if you have three parameters, /param/a, /param/b and /param/c, but /param/c is malformed:
Throwing TransformParameterError at first malformed parameter
import{SSMProvider}from'@aws-lambda-powertools/parameters/ssm';constparametersProvider=newSSMProvider();exportconsthandler=async():Promise<void>=>{/** * This will display: * /param/a: [some value] * /param/b: [some value] * /param/c: undefined */constparameters=awaitparametersProvider.getMultiple('/param',{transform:'json',});for(const[key,value]ofObject.entries(parameters||{})){console.log(`${key}: ${value}`);}try{// This will throw a TransformParameterErrorconstparameters2=awaitparametersProvider.getMultiple('/param',{transform:'json',throwOnTransformError:true,});for(const[key,value]ofObject.entries(parameters2||{})){console.log(`${key}: ${value}`);}}catch(err){console.error(err);}};
If you use transform with getMultiple(), you might want to retrieve and transform parameters encoded in different formats.
You can do this with a single request by using transform: 'auto'. This will instruct any provider to infer its type based on the suffix and transform it accordingly.
Info
transform: 'auto' feature is available across all providers, including the high level functions.
Deserializing parameter values based on their suffix
You can use a special sdkOptions object argument to pass any supported option directly to the underlying SDK method.
Specify a VersionId for a secret
1 2 3 4 5 6 7 8 910111213141516
import{SecretsProvider}from'@aws-lambda-powertools/parameters/secrets';importtype{GetSecretValueCommandInput}from'@aws-sdk/client-secrets-manager';constsecretsProvider=newSecretsProvider();exportconsthandler=async():Promise<void>=>{constsdkOptions:Partial<GetSecretValueCommandInput>={VersionId:'e62ec170-6b01-48c7-94f3-d7497851a8d2',};/** * The 'VersionId' argument will be passed to the underlying * `GetSecretValueCommand` call. */constsecret=awaitsecretsProvider.get('my-secret',{sdkOptions});console.log(secret);};
Here is the mapping between this utility's functions and methods and the underlying SDK:
Injecting a custom AWS SDK v3 client allows you to apply tracing or make unit/snapshot testing easier, including SDK customizations.
1 2 3 4 5 6 7 8 910111213
import{SSMProvider}from'@aws-lambda-powertools/parameters/ssm';import{SSMClient}from'@aws-sdk/client-ssm';// construct your clients with any custom configurationconstssmClient=newSSMClient({region:'us-east-1'});// pass the client to the providerconstparametersProvider=newSSMProvider({awsSdkV3Client:ssmClient});exportconsthandler=async():Promise<void>=>{// Retrieve a single parameterconstparameter=awaitparametersProvider.get('/my/parameter');console.log(parameter);};
1 2 3 4 5 6 7 8 9101112131415
import{SecretsProvider}from'@aws-lambda-powertools/parameters/secrets';import{SecretsManagerClient}from'@aws-sdk/client-secrets-manager';// construct your clients with any custom configurationconstsecretsManagerClient=newSecretsManagerClient({region:'us-east-1'});// pass the client to the providerconstsecretsProvider=newSecretsProvider({awsSdkV3Client:secretsManagerClient,});exportconsthandler=async():Promise<void>=>{// Retrieve a single secretconstsecret=awaitsecretsProvider.get('my-secret');console.log(secret);};
1 2 3 4 5 6 7 8 910111213141516
import{AppConfigProvider}from'@aws-lambda-powertools/parameters/appconfig';import{AppConfigDataClient}from'@aws-sdk/client-appconfigdata';// construct your clients with any custom configurationconstappConfigClient=newAppConfigDataClient({region:'us-east-1'});// pass the client to the providerconstconfigsProvider=newAppConfigProvider({application:'my-app',environment:'my-env',awsSdkV3Client:appConfigClient,});exportconsthandler=async():Promise<void>=>{constconfig=awaitconfigsProvider.get('my-config');console.log(config);};
1 2 3 4 5 6 7 8 910111213141516
import{DynamoDBProvider}from'@aws-lambda-powertools/parameters/dynamodb';import{DynamoDBClient}from'@aws-sdk/client-dynamodb';// construct your clients with any custom configurationconstdynamoDBClient=newDynamoDBClient({region:'us-east-1'});// pass the client to the providerconstvaluesProvider=newDynamoDBProvider({tableName:'my-table',awsSdkV3Client:dynamoDBClient,});exportconsthandler=async():Promise<void>=>{// Retrieve a single valueconstvalue=awaitvaluesProvider.get('my-value');console.log(value);};
The clientConfig parameter enables you to pass in a custom config object when constructing any of the built-in provider classes.
Tip
You can use a custom session for retrieving parameters cross-account/region and for snapshot testing.
When using VPC private endpoints, you can pass a custom client altogether. It's also useful for testing when injecting fake instances.
1 2 3 4 5 6 7 8 91011
import{SSMProvider}from'@aws-lambda-powertools/parameters/ssm';importtype{SSMClientConfig}from'@aws-sdk/client-ssm';constclientConfig:SSMClientConfig={region:'us-east-1'};constparametersProvider=newSSMProvider({clientConfig});exportconsthandler=async():Promise<void>=>{// Retrieve a single parameterconstvalue=awaitparametersProvider.get('/my/parameter');console.log(value);};
For unit testing your applications, you can mock the calls to the parameters utility to avoid calling AWS APIs. This can be achieved in a number of ways - in this example, we mock the module import to patch the getParameters function.
With this pattern in place, you can customize the return values of the mocked function to test different scenarios without calling AWS APIs.
A similar pattern can be applied also to any of the built-in provider classes - in this other example, we use spies to patch the get function of the AppConfigProvider class. This is useful also when you want to test that the correct arguments are being passed to the Parameters utility.
import{AppConfigProvider}from'@aws-lambda-powertools/parameters/appconfig';import{Uint8ArrayBlobAdapter}from'@smithy/util-stream';import{afterEach,describe,expect,it,vi}from'vitest';import{handler}from'./testingYourCodeFunctionsHandler.js';describe('Function tests',()=>{constproviderSpy=vi.spyOn(AppConfigProvider.prototype,'get');afterEach(()=>{vi.clearAllMocks();});it('retrieves the config once and uses the correct name',async()=>{// PrepareconstexpectedConfig={feature:{enabled:true,name:'paywall',},};providerSpy.mockResolvedValueOnce(Uint8ArrayBlobAdapter.fromString(JSON.stringify(expectedConfig)));// Actconstresult=awaithandler({},{});// Assessexpect(result).toStrictEqual({value:expectedConfig});expect(providerSpy).toHaveBeenCalledTimes(1);expect(providerSpy).toHaveBeenCalledWith('my-config');});});
For when you want to mock the AWS SDK v3 client directly, we recommend using the aws-sdk-client-mock and aws-sdk-client-mock-vitest libraries. This is useful when you want to test how your code behaves when the AWS SDK v3 client throws an error or a specific response.
import{GetSecretValueCommand,ResourceNotFoundException,SecretsManagerClient,}from'@aws-sdk/client-secrets-manager';import{mockClient}from'aws-sdk-client-mock';import{afterEach,describe,expect,it,vi}from'vitest';import{handler}from'./testingYourCodeFunctionsHandler.js';import'aws-sdk-client-mock-vitest';describe('Function tests',()=>{constclient=mockClient(SecretsManagerClient);afterEach(()=>{vi.clearAllMocks();client.reset();});it('returns the correct error message',async()=>{// Prepareclient.on(GetSecretValueCommand).rejectsOnce(newResourceNotFoundException({$metadata:{httpStatusCode:404,},message:'Unable to retrieve secret',}));// Actconstresult=awaithandler({},{});// Assessexpect(result).toStrictEqual({message:'Unable to retrieve secret'});});});
1 2 3 4 5 6 7 8 9101112131415161718
import{getSecret}from'@aws-lambda-powertools/parameters/secrets';exportconsthandler=async(_event:unknown,_context:unknown):Promise<Record<string,unknown>>=>{try{constparameter=awaitgetSecret('my-secret');return{value:parameter,};}catch(error){return{message:'Unable to retrieve secret',};}};
Parameters utility caches all parameter values for performance and cost reasons. However, this can have unintended interference in tests using the same parameter name.
Within your tests, you can use clearCache method available in every provider. When using multiple providers or higher level functions like getParameter, use the clearCaches standalone function to clear cache globally.
