Better way of handling multiple environment variable in AWS Codebuild

Question

I have a AWS Codebuild project connected to my Github account. Within my github I have separate branches for each environment.

I have in total 4 environments (and by that relationship, 4 github branches) currently: dev, qa, customer1-poc, customer2-prod.

Now I use multitude of environment variables within my project and initially I was setting up these env vars within the Codebuild project under Environment > Environment variables section. So ideally per env there are 4 env vars which are distinguished using the env name.

For example if there is an env var called apiKey it is saved in codebuild 4 times by the name

apiKey_dev

apiKey_qa

apiKey_customer1poc

apiKey_customer2prod

You get the idea. Same goes for other env vars which need to be different across all envs.

These env vars are read from the buildspec file and passed on to serverless.yml file.

Now the issue is as I keep creating new environments (like more poc, prod envs) I need to keep replicating the set of env vars for each env and its getting tedious.

Is there some way I can save these env vars outside the Codebuild project which can then be passed on to the Lambda function upon successful builds?

Answer 1

CodeBuild has native integration with Parameter store:

• https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html#build-spec.env.parameter-store

In Paramter store, you can keep your variable as a json with name like /config/prod":

... then retrieve it in CodeBuild and parse via 'jq' 2. This way, all the environment specific variables are in one place. If you go this way, make sure to encrypt the Param Store variable with a KMS key if it contains secrets. Also check AWS Secrets Manager.