fix(lambda): corrected environment variable naming for params and secrets extension (#26016)

This PR corrects a bug where environment variable keys being generated as part of the lambda parameters and secrets extension were being generated at 'PARAMETERS_AND_SECRETS_...' instead of 'PARAMETERS_SECRETS_...'.

Note: existing unit tests were updated to reflect changes to environment variable keys.

Closes #26011

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: colifran

packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.params-and-secrets.js.snapshot/Stack1.assets.json

@@ -14,15 +14,15 @@
         }
       }
     },
-    "64fb6d6ac3e1f7cda4cb6336b78f1be8f0e1f6c6323b232c8e04430a803085a2": {
+    "750190a0dbe80dfcab9c761fced7db8ca431c751df10b9c2aa9e73d18a6f1414": {
       "source": {
         "path": "Stack1.template.json",
         "packaging": "file"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "64fb6d6ac3e1f7cda4cb6336b78f1be8f0e1f6c6323b232c8e04430a803085a2.json",
+          "objectKey": "750190a0dbe80dfcab9c761fced7db8ca431c751df10b9c2aa9e73d18a6f1414.json",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }

packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.params-and-secrets.js.snapshot/Stack1.template.json

@@ -125,11 +125,11 @@
     ],
     "Environment": {
      "Variables": {
-      "PARAMETERS_AND_SECRETS_EXTENSION_CACHE_ENABLED": "true",
-      "PARAMETERS_AND_SECRETS_EXTENSION_CACHE_SIZE": "100",
-      "PARAMETERS_AND_SECRETS_EXTENSION_HTTP_PORT": "2773",
-      "PARAMETERS_AND_SECRETS_EXTENSION_LOG_LEVEL": "info",
-      "PARAMETERS_AND_SECRETS_EXTENSION_MAX_CONNECTIONS": "3",
+      "PARAMETERS_SECRETS_EXTENSION_CACHE_ENABLED": "true",
+      "PARAMETERS_SECRETS_EXTENSION_CACHE_SIZE": "100",
+      "PARAMETERS_SECRETS_EXTENSION_HTTP_PORT": "8080",
+      "PARAMETERS_SECRETS_EXTENSION_LOG_LEVEL": "debug",
+      "PARAMETERS_SECRETS_EXTENSION_MAX_CONNECTIONS": "5",
       "SECRETS_MANAGER_TIMEOUT_MILLIS": "0",
       "SECRETS_MANAGER_TTL": "100",
       "SSM_PARAMETER_STORE_TIMEOUT_MILLIS": "0",

packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.params-and-secrets.js.snapshot/Stack2.assets.json

@@ -14,15 +14,15 @@
         }
       }
     },
-    "6e1695d4618774814bd2b919c4dfbc4e9eee44fc0caea11b6c60b543848088a8": {
+    "fc5442e0fcfb1c7fdef66ec049ee0905d02bb13f4fc9fbeb317bec60ec5fef09": {
       "source": {
         "path": "Stack2.template.json",
         "packaging": "file"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "6e1695d4618774814bd2b919c4dfbc4e9eee44fc0caea11b6c60b543848088a8.json",
+          "objectKey": "fc5442e0fcfb1c7fdef66ec049ee0905d02bb13f4fc9fbeb317bec60ec5fef09.json",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }

packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.params-and-secrets.js.snapshot/Stack2.template.json

@@ -125,11 +125,11 @@
     ],
     "Environment": {
      "Variables": {
-      "PARAMETERS_AND_SECRETS_EXTENSION_CACHE_ENABLED": "true",
-      "PARAMETERS_AND_SECRETS_EXTENSION_CACHE_SIZE": "100",
-      "PARAMETERS_AND_SECRETS_EXTENSION_HTTP_PORT": "2773",
-      "PARAMETERS_AND_SECRETS_EXTENSION_LOG_LEVEL": "info",
-      "PARAMETERS_AND_SECRETS_EXTENSION_MAX_CONNECTIONS": "3",
+      "PARAMETERS_SECRETS_EXTENSION_CACHE_ENABLED": "true",
+      "PARAMETERS_SECRETS_EXTENSION_CACHE_SIZE": "100",
+      "PARAMETERS_SECRETS_EXTENSION_HTTP_PORT": "8080",
+      "PARAMETERS_SECRETS_EXTENSION_LOG_LEVEL": "debug",
+      "PARAMETERS_SECRETS_EXTENSION_MAX_CONNECTIONS": "5",
       "SECRETS_MANAGER_TIMEOUT_MILLIS": "0",
       "SECRETS_MANAGER_TTL": "100",
       "SSM_PARAMETER_STORE_TIMEOUT_MILLIS": "0",

packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.params-and-secrets.js.snapshot/manifest.json

@@ -17,7 +17,7 @@
         "validateOnSynth": false,
         "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
         "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
-        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/64fb6d6ac3e1f7cda4cb6336b78f1be8f0e1f6c6323b232c8e04430a803085a2.json",
+        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/750190a0dbe80dfcab9c761fced7db8ca431c751df10b9c2aa9e73d18a6f1414.json",
         "requiresBootstrapStackVersion": 6,
         "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
         "additionalDependencies": [
@@ -100,7 +100,7 @@
         "validateOnSynth": false,
         "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
         "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
-        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/6e1695d4618774814bd2b919c4dfbc4e9eee44fc0caea11b6c60b543848088a8.json",
+        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/fc5442e0fcfb1c7fdef66ec049ee0905d02bb13f4fc9fbeb317bec60ec5fef09.json",
         "requiresBootstrapStackVersion": 6,
         "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
         "additionalDependencies": [

packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.params-and-secrets.js.snapshot/tree.json

@@ -244,11 +244,11 @@
                     ],
                     "environment": {
                       "variables": {
-                        "PARAMETERS_AND_SECRETS_EXTENSION_CACHE_ENABLED": "true",
-                        "PARAMETERS_AND_SECRETS_EXTENSION_CACHE_SIZE": "100",
-                        "PARAMETERS_AND_SECRETS_EXTENSION_HTTP_PORT": "2773",
-                        "PARAMETERS_AND_SECRETS_EXTENSION_LOG_LEVEL": "info",
-                        "PARAMETERS_AND_SECRETS_EXTENSION_MAX_CONNECTIONS": "3",
+                        "PARAMETERS_SECRETS_EXTENSION_CACHE_ENABLED": "true",
+                        "PARAMETERS_SECRETS_EXTENSION_CACHE_SIZE": "100",
+                        "PARAMETERS_SECRETS_EXTENSION_HTTP_PORT": "8080",
+                        "PARAMETERS_SECRETS_EXTENSION_LOG_LEVEL": "debug",
+                        "PARAMETERS_SECRETS_EXTENSION_MAX_CONNECTIONS": "5",
                         "SECRETS_MANAGER_TIMEOUT_MILLIS": "0",
                         "SECRETS_MANAGER_TTL": "100",
                         "SSM_PARAMETER_STORE_TIMEOUT_MILLIS": "0",
@@ -559,11 +559,11 @@
                     ],
                     "environment": {
                       "variables": {
-                        "PARAMETERS_AND_SECRETS_EXTENSION_CACHE_ENABLED": "true",
-                        "PARAMETERS_AND_SECRETS_EXTENSION_CACHE_SIZE": "100",
-                        "PARAMETERS_AND_SECRETS_EXTENSION_HTTP_PORT": "2773",
-                        "PARAMETERS_AND_SECRETS_EXTENSION_LOG_LEVEL": "info",
-                        "PARAMETERS_AND_SECRETS_EXTENSION_MAX_CONNECTIONS": "3",
+                        "PARAMETERS_SECRETS_EXTENSION_CACHE_ENABLED": "true",
+                        "PARAMETERS_SECRETS_EXTENSION_CACHE_SIZE": "100",
+                        "PARAMETERS_SECRETS_EXTENSION_HTTP_PORT": "8080",
+                        "PARAMETERS_SECRETS_EXTENSION_LOG_LEVEL": "debug",
+                        "PARAMETERS_SECRETS_EXTENSION_MAX_CONNECTIONS": "5",
                         "SECRETS_MANAGER_TIMEOUT_MILLIS": "0",
                         "SECRETS_MANAGER_TTL": "100",
                         "SSM_PARAMETER_STORE_TIMEOUT_MILLIS": "0",
@@ -647,7 +647,7 @@
                 "path": "IntegTest/DefaultTest/Default",
                 "constructInfo": {
                   "fqn": "constructs.Construct",
-                  "version": "10.2.26"
+                  "version": "10.2.52"
                 }
               },
               "DeployAssert": {
@@ -693,7 +693,7 @@
         "path": "Tree",
         "constructInfo": {
           "fqn": "constructs.Construct",
-          "version": "10.2.26"
+          "version": "10.2.52"
         }
       }
     },

packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.params-and-secrets.ts

@@ -12,6 +12,7 @@ import {
   Code,
   ParamsAndSecretsLayerVersion,
   ParamsAndSecretsVersions,
+  ParamsAndSecretsLogLevel,
 } from 'aws-cdk-lib/aws-lambda';
 
 const app = new cdk.App();
@@ -32,6 +33,10 @@ class StackUnderTest extends Stack {
 
     const paramsAndSecrets = ParamsAndSecretsLayerVersion.fromVersion(ParamsAndSecretsVersions.V1_0_103, {
       cacheSize: 100,
+      cacheEnabled: true,
+      httpPort: 8080,
+      logLevel: ParamsAndSecretsLogLevel.DEBUG,
+      maxConnections: 5,
       secretsManagerTtl: cdk.Duration.seconds(100),
       parameterStoreTtl: cdk.Duration.seconds(100),
     });

packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/params-and-secrets-handler/index.py

@@ -7,13 +7,13 @@ def handler(event, context):
     headers = {'X-Aws-Parameters-Secrets-Token': session_token}
 
     # request to parameter store
-    parameter_url = 'http://localhost:2773/systemsmanager/parameters/get?name=email_url'
+    parameter_url = 'http://localhost:8080/systemsmanager/parameters/get?name=email_url'
     response = requests.get(parameter_url, headers=headers)
     print(f'response status code from HTTP for parameters request was {response.status_code}')
     print(f'response json is {response.json()}')
 
     # request to secrets manager
-    secrets_url = 'https://localhost:2773/secretsmanager/get?secretId=MySecret'
+    secrets_url = 'https://localhost:8080/secretsmanager/get?secretId=MySecret'
     response = requests.get(secrets_url, headers=headers)
     print(f'response status code from HTTP for secrets request was {response.status_code}')
     print(f'response json is {response.json()}')

packages/aws-cdk-lib/aws-lambda/lib/params-and-secrets-layers.ts

@@ -219,11 +219,11 @@ export abstract class ParamsAndSecretsLayerVersion {
     }
 
     return {
-      PARAMETERS_AND_SECRETS_EXTENSION_CACHE_ENABLED: this.options.cacheEnabled ?? true,
-      PARAMETERS_AND_SECRETS_EXTENSION_CACHE_SIZE: this.options.cacheSize ?? 1000,
-      PARAMETERS_AND_SECRETS_EXTENSION_HTTP_PORT: this.options.httpPort ?? 2773,
-      PARAMETERS_AND_SECRETS_EXTENSION_LOG_LEVEL: this.options.logLevel ?? ParamsAndSecretsLogLevel.INFO,
-      PARAMETERS_AND_SECRETS_EXTENSION_MAX_CONNECTIONS: this.options.maxConnections ?? 3,
+      PARAMETERS_SECRETS_EXTENSION_CACHE_ENABLED: this.options.cacheEnabled ?? true,
+      PARAMETERS_SECRETS_EXTENSION_CACHE_SIZE: this.options.cacheSize ?? 1000,
+      PARAMETERS_SECRETS_EXTENSION_HTTP_PORT: this.options.httpPort ?? 2773,
+      PARAMETERS_SECRETS_EXTENSION_LOG_LEVEL: this.options.logLevel ?? ParamsAndSecretsLogLevel.INFO,
+      PARAMETERS_SECRETS_EXTENSION_MAX_CONNECTIONS: this.options.maxConnections ?? 3,
       SECRETS_MANAGER_TIMEOUT_MILLIS: this.options.secretsManagerTimeout?.toMilliseconds() ?? 0,
       SECRETS_MANAGER_TTL: this.options.secretsManagerTtl?.toSeconds() ?? 300,
       SSM_PARAMETER_STORE_TIMEOUT_MILLIS: this.options.parameterStoreTimeout?.toMilliseconds() ?? 0,