I have a database connection string stored in AWS Systems Manager Parameter Store that I want to pass to the environment variables of an Elastic Beanstalk instance. I don't want to commit it to source code nor have to rely on the deployer setting the values on deploy or doing it manually via the web console.
I have tried Dynamic References like {{resolve:ssm:DATABASE_CONNECTION_STRING:1}}
(with and without back ticks) which work in CloudFormation stacks but not Elastic Beanstalk config.
I have tried using container_commands
like
export DATABASE_CONNECTION_STRING=`aws ssm get-parameter --name DATABASE_CONNECTION_STRING --region eu-west-1 --query Parameter.Value --output text
but the Elastic Beanstalk instance does not have the right permissions and I'm unsure how to set them.
I have tried creating a file from the contents of an S3 file using files:
and source:
but get errors.
Ideally Dynamic References would work e.g. .ebextensions/env.config
=>
OptionSettings:
aws:elasticbeanstalk:application:environment:
DATABASE_CONNECTION_STRING: {{resolve:ssm:ANNOTATOR_DATABASE_CONNECTION_STRING:1}}
To read a value from the Systems Manager parameter store at synthesis time, use the valueFromLookup method (Python: value_from_lookup ). This method returns the actual value of the parameter as a Runtime context value. If the value is not already cached in cdk.
Parameter Store only allows one version of the parameter to be active at any given time. Secrets Manager, on the other hand, allows multiple versions to exist at the same time when you are performing a secret rotation. Secrets Manager distinguishes between different versions by the staging labels.
I was able to get this working by creating the file .ebextensions/options.config
with the contents:
option_settings:
aws:elasticbeanstalk:application:environment:
ENCRYPT_CERT: '{{resolve:ssm:SOA_ENCRYPT_CERT:1}}'
ENCRYPT_KEY: '{{resolve:ssm:SOA_ENCRYPT_KEY:1}}'
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With