Reputation: 469
How to set environment variables from platform hooks in elastic beanstalk?
I am trying to deploy a django application using elastic beanstalk. The app connects to the database using the environment variables.
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': os.environ['RDS_DB_NAME'],
'USER': os.environ['RDS_USERNAME'],
'PASSWORD': os.environ['RDS_PASSWORD'],
'HOST': os.environ['RDS_HOSTNAME'],
'PORT': os.environ['RDS_PORT'],
}
}
I don't want to set these variables explicitly in EB console or option_settings, as they would appear in EB console in plain text.
The RDS credentials are stored in AWS Secrets Manager. As EB doesn't support AWS secrets manager yet, I wrote a platform hook to fetch the secrets and export the credentials as environment variables.
django_app/.platform/hooks/prebuild/set_db_credentials.sh
#!/bin/sh
# fetch secrets from secrets manager and store in db_credentials.json
aws secretsmanager get-secret-value --secret-id="$RDS_SECRETS_ID" --region="$RDS_SECRETS_REGION" --query=SecretString --output text > db_credentials.json
# export as environment variables
export RDS_HOSTNAME="$(jq -r '.host' db_credentials.json)"
export RDS_PORT="$(jq -r '.port' db_credentials.json)"
export RDS_USERNAME="$(jq -r '.username' db_credentials.json)"
export RDS_PASSWORD="$(jq -r '.password' db_credentials.json)"
export RDS_DB_NAME="$(jq -r '.dbname' db_credentials.json)"
rm db_credentials.json
The hook is running fine but the environment variables are not available for the app. Does anyone know how to do this ?
Upvotes: 4
Views: 2264
Answers (2)
Reputation: 510
A work-around solution is to save your secret in config file inside your hook. Setting the variable in the bash scripts won't work since Elastic Beanstalk likely run hooks in different shells (and provides no support for secret management so far).
For instance if you are using docker (or any platform that automatically reads env variable from the a ".env" file) the solution described here will work. Saving it into an .ebextensions might also be a solution but it doesn't seem to work with docker platform.
Upvotes: 2
Reputation: 238747
You could probably use a EB hook to create dynamically aws:elasticbeanstalk:application:environment .ebextensions config file.
So the idea is to create proper .ebextensions file for env variables using one of the EB hooks, before EB is going to read and execute your .ebextensions files.
Upvotes: 2
Related Questions
- Upload .env environment variables to elastic beanstalk
- How to configure an environment variable for a new environment?
- How to specify sensitive environment variables at deploy time with Elastic Beanstalk
- Accessing environment variables in AWS Beanstalk ebextensions
- AWS Elastic Beanstalk - switching environment variables between environments
- AWS Elastic Beanstalk environment variables do not update from config file
- AWS Elastic Beanstalk: How to use environment variables in ebextensions?
- Setting Elastic Beanstalk environment variables from deployment hook
- Add / Change environment variables on AWS elastic-beanstalk
- How do you pass custom environment variable on Amazon Elastic Beanstalk (AWS EBS)?