I have a web application that utilizes environment variables for some of its configuration (DB credentials, API keys, etc). I'm currently using Elastic Beanstalk for deployment and can easily set these from within AWS, which is great because I don't have this sensitive data in my code base.
However, I'm looking into switching from Elastic Beanstalk so I can leverage a bit more flexibility with my web instances, and naturally I'm looking into deploying (from my Codeship CI setup) using CodeDeploy. CodeDeploy is fairly straight forward and I've integrated it with Codeship just fine, but I noticed there's no built-in feature to set environment variables with CodeDeploy like there is with Elastic Beanstalk. Does anyone have any best practices for this process?
It seems to be possible to use Environment Variables (mainly your DEPLOYMENT_GROUP_NAME).
See this guide from Amazon.
One way I have found to set environment variables is through scripts run during the AfterInstall hook (specified in the appspec http://docs.aws.amazon.com/codedeploy/latest/userguide/app-spec-ref.html).
I am able to determine the environment I am currently deploying to in these scripts by calling to my instances metadata where I get my instance id and then utilize the aws cli to execute describe-tags filtered to my instance Id where I have a tag set for Environment
I don't love this, but until Code Deploy has something built in to pass parameters to the appspec, this is the best I can find.
Assuming you are using github to manage your code, here is one potential way to manage your environment
Use git-crypt(https://github.com/AGWA/git-crypt) to encrypt sensitive information. You can put the key to decode these files on the server. During codedeploy afterInstall phase, you could decrypt and setup the environment.
The advantage is now you have all the information in one place in a safe way.