refactor: migrate Secrets Manager secrets to SSM Parameter Store (free tier)

2026-05-13 12:55:16 -05:00
parent 3a34e61479
commit 74f74ef877
10 changed files with 81 additions and 81 deletions
--- a/src/lambdas/agent-runner/handler.py
+++ b/src/lambdas/agent-runner/handler.py
@@ -163,11 +163,11 @@ def handler(event, context):
            user_profile['status'] = 'active'
            prompt = f"[System: User just registered with name '{name}'. Welcome them warmly and ask how you can help.]"
        else:
-            bot_token_secret_arn = os.environ.get('TELEGRAM_BOT_TOKEN_SECRET_ARN', '')
+            bot_token_secret_arn = os.environ.get('TELEGRAM_BOT_TOKEN_SSM_PARAM', '')
            bot_token = ''
            if bot_token_secret_arn:
-                sm = boto3.client('secretsmanager', region_name='us-east-1')
-                bot_token = sm.get_secret_value(SecretId=bot_token_secret_arn)['SecretString']
+                ssm = boto3.client('ssm', region_name='us-east-1')
+                bot_token = ssm.get_parameter(Name=bot_token_secret_arn, WithDecryption=True)['Parameter']['Value']
            send_telegram_direct(chat_id, bot_token, "Hi! I don't recognize you yet. What's your name?", thread_id=message_thread_id)
            return
    # ── Get or create AgentCore session ──────────────────────────────────
@@ -212,7 +212,7 @@ def handler(event, context):
            'type': channel,
            'target_id': str(chat_id),
            'message_thread_id': message_thread_id,
-            'bot_token_secret_arn': os.environ.get('TELEGRAM_BOT_TOKEN_SECRET_ARN', ''),
+            'bot_token_secret_arn': os.environ.get('TELEGRAM_BOT_TOKEN_SSM_PARAM', ''),
        },
    }

@@ -232,11 +232,11 @@ def handler(event, context):

    # Process streaming response: buffer text chunks and send to Telegram as paragraphs arrive
    bot_token = ''
-    bot_token_secret_arn = os.environ.get('TELEGRAM_BOT_TOKEN_SECRET_ARN', '')
-    if bot_token_secret_arn:
-        sm = boto3.client('secretsmanager', region_name='us-east-1')
+    bot_token_param = os.environ.get('TELEGRAM_BOT_TOKEN_SSM_PARAM', '')
+    if bot_token_param:
+        ssm = boto3.client('ssm', region_name='us-east-1')
        try:
-            bot_token = sm.get_secret_value(SecretId=bot_token_secret_arn)['SecretString']
+            bot_token = ssm.get_parameter(Name=bot_token_param, WithDecryption=True)['Parameter']['Value']
        except Exception as e:
            print(f'[agent-runner] Failed to get bot token: {e}')