Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Get value from AWS Systems Manager Parameter Store during Elastic Beanstalk deploy

I have a database connection string stored in AWS Systems Manager Parameter Store that I want to pass to the environment variables of an Elastic Beanstalk instance. I don't want to commit it to source code nor have to rely on the deployer setting the values on deploy or doing it manually via the web console.

I have tried Dynamic References like {{resolve:ssm:DATABASE_CONNECTION_STRING:1}} (with and without back ticks) which work in CloudFormation stacks but not Elastic Beanstalk config.

I have tried using container_commands like

export DATABASE_CONNECTION_STRING=`aws ssm get-parameter --name DATABASE_CONNECTION_STRING --region eu-west-1 --query Parameter.Value --output text

but the Elastic Beanstalk instance does not have the right permissions and I'm unsure how to set them.

I have tried creating a file from the contents of an S3 file using files: and source: but get errors.

Ideally Dynamic References would work e.g. .ebextensions/env.config =>

OptionSettings:
  aws:elasticbeanstalk:application:environment:
    DATABASE_CONNECTION_STRING: {{resolve:ssm:ANNOTATOR_DATABASE_CONNECTION_STRING:1}}

like image 408
Paul Watson Avatar asked Mar 20 '20 15:03

Paul Watson


People also ask

How do you find the value of parameter store?

To read a value from the Systems Manager parameter store at synthesis time, use the valueFromLookup method (Python: value_from_lookup ). This method returns the actual value of the parameter as a Runtime context value. If the value is not already cached in cdk.

What is the difference between parameter store and secrets manager?

Parameter Store only allows one version of the parameter to be active at any given time. Secrets Manager, on the other hand, allows multiple versions to exist at the same time when you are performing a secret rotation. Secrets Manager distinguishes between different versions by the staging labels.


Video Answer


1 Answers

I was able to get this working by creating the file .ebextensions/options.config with the contents:

option_settings:
  aws:elasticbeanstalk:application:environment:
    ENCRYPT_CERT: '{{resolve:ssm:SOA_ENCRYPT_CERT:1}}'
    ENCRYPT_KEY: '{{resolve:ssm:SOA_ENCRYPT_KEY:1}}'
like image 162
gregdev Avatar answered Sep 23 '22 09:09

gregdev