Environment variables using AWS CodeDeploy

2019-03-23 11:33发布

I have a web application that utilizes environment variables for some of its configuration (DB credentials, API keys, etc). I'm currently using Elastic Beanstalk for deployment and can easily set these from within AWS, which is great because I don't have this sensitive data in my code base.

However, I'm looking into switching from Elastic Beanstalk so I can leverage a bit more flexibility with my web instances, and naturally I'm looking into deploying (from my Codeship CI setup) using CodeDeploy. CodeDeploy is fairly straight forward and I've integrated it with Codeship just fine, but I noticed there's no built-in feature to set environment variables with CodeDeploy like there is with Elastic Beanstalk. Does anyone have any best practices for this process?

3条回答
The star\"
2楼-- · 2019-03-23 12:12

It seems to be possible to use Environment Variables (mainly your DEPLOYMENT_GROUP_NAME).

See this guide from Amazon.

查看更多
forever°为你锁心
3楼-- · 2019-03-23 12:13

One way I have found to set environment variables is through scripts run during the AfterInstall hook (specified in the appspec http://docs.aws.amazon.com/codedeploy/latest/userguide/app-spec-ref.html).

I am able to determine the environment I am currently deploying to in these scripts by calling to my instances metadata where I get my instance id and then utilize the aws cli to execute describe-tags filtered to my instance Id where I have a tag set for Environment

ID=$(curl "http://169.254.169.254/latest/meta-data/instance-id")
aws --region us-east-1 ec2 describe-tags --filters Name=resource-id,Values=$ID Name=key,Values=Environment

I don't love this, but until Code Deploy has something built in to pass parameters to the appspec, this is the best I can find.

查看更多
狗以群分
4楼-- · 2019-03-23 12:15

Assuming you are using github to manage your code, here is one potential way to manage your environment

Use git-crypt(https://github.com/AGWA/git-crypt) to encrypt sensitive information. You can put the key to decode these files on the server. During codedeploy afterInstall phase, you could decrypt and setup the environment.

The advantage is now you have all the information in one place in a safe way.

查看更多
登录 后发表回答