How to best use AWS Secrets Manager in ebextensions?
Asked Answered
N

0

10

I'm looking to use AWS Secrets Manager to obtain secrets and set them as environment variables on my Elastic Beanstalk instances.

I've written a script on an ebextensions file that calls the Secrets Manager CLI to obtain my secret and I use that secret to populate the env variables of my EB instances. Since it's linux instances, I'm trying export ENV_VAR_NAME=env_value. Here's what I have so far:

packages:
  yum:
    epel-release: []
    jq: []

files:
  "/home/ec2-user/test.sh" :
    mode: "000755"
    owner: root
    group: root
    content: |
      #!/bin/bash
      config=$(aws --region us-west-1 secretsmanager get-secret-value --secret-id secret | jq -rc '.SecretString'')

      export SECRET_KEY=$(echo $config | jq -rc '.awsKey')

      # Used to print current env variables
      env

commands:
  0_test:
    command: /home/ec2-user/test.sh

#I've also tried replacing 'commands' with 'container_commands'
container_commands:
  0_test:
    command: /home/ec2-user/test.sh

When I run the script in container_commands, the right env variables are printed out, as in it is the env variables I set in my script along with what I have set in my EB env variables on the EB AWS console. However, when printing them in my application, I don't see the env variables I set through my script.

When I run the script in commands, I don't seem to be writing to the correct set of env variables at all.

Is there a way to set the EB env variables in the way I am trying to do it here? Perhaps there's a special command I should be using rather than export?

Neckwear answered 26/7, 2019 at 15:59 Comment(1)
export only sets environment variables for the session where the export was run. There is no command to permanently set an environment variable; that's just not how environment variables work in Linux. You either need to add it to your application start command, or you need to write it to somewhere it will be loaded from by the session running your application (e.g. maybe /etc/environment).Patriliny

© 2022 - 2024 — McMap. All rights reserved.