build(ci): create .env files in EB with Param Store

- use an .ebextensions config to create an .env from Parameter Store - determine the environment name by looking at container config files directly [1] - mount the .env into /opt/formsg/.env References: [1]: https://aws.amazon.com/premiumsupport/knowledge-center/view-environment-properties-elastic-beanstalk/
opengovsg · Jun 23, 2021 · ac27242 · ac27242
1 parent 9fc8c9e
commit ac27242
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 1 deletion.
diff --git a/.ebextensions/env-file-creation.config b/.ebextensions/env-file-creation.config
@@ -0,0 +1,41 @@
+# Creates an .env file from AWS SSM Parameter Store
+
+commands:
+  01-create-env:
+    command: "/tmp/create-env.sh"
+
+files:
+  "/tmp/create-env.sh":
+      mode: "000755"
+      content : |
+        #!/bin/bash
+        # Reach into the undocumented container config
+        AWS_REGION='`{"Ref": "AWS::Region"}`'
+        ENV_NAME=$(jq .system.environment_name /opt/elasticbeanstalk/deploy/configuration/containerconfiguration | sed 's/"//g')
+        TARGET_DIR=/etc/formsg
+
+        echo "Checking if ${TARGET_DIR} exists..."
+        if [ ! -d ${TARGET_DIR} ]; then
+            echo "Creating directory ${TARGET_DIR} ..."
+            mkdir -p ${TARGET_DIR}
+            if [ $? -ne 0 ]; then
+                echo 'ERROR: Directory creation failed!'
+                exit 1
+            fi
+        else
+            echo "Directory ${TARGET_DIR} already exists!"
+        fi
+        echo "Creating config for ${ENV_NAME} in ${AWS_REGION}"
+        aws ssm get-parameter --name "${ENV_NAME}-general" --with-decryption --region $AWS_REGION | jq -r '.Parameter.Value' > $TARGET_DIR/.env
+        aws ssm get-parameter --name "${ENV_NAME}-captcha" --with-decryption --region $AWS_REGION | jq -r '.Parameter.Value' >> $TARGET_DIR/.env
+        aws ssm get-parameter --name "${ENV_NAME}-ga" --with-decryption --region $AWS_REGION | jq -r '.Parameter.Value' >> $TARGET_DIR/.env
+        aws ssm get-parameter --name "${ENV_NAME}-intranet" --with-decryption --region $AWS_REGION | jq -r '.Parameter.Value' >> $TARGET_DIR/.env
+        aws ssm get-parameter --name "${ENV_NAME}-sentry" --with-decryption --region $AWS_REGION | jq -r '.Parameter.Value' >> $TARGET_DIR/.env
+        aws ssm get-parameter --name "${ENV_NAME}-sms" --with-decryption --region $AWS_REGION | jq -r '.Parameter.Value' >> $TARGET_DIR/.env
+        aws ssm get-parameter --name "${ENV_NAME}-ndi" --with-decryption --region $AWS_REGION | jq -r '.Parameter.Value' >> $TARGET_DIR/.env
+        aws ssm get-parameter --name "${ENV_NAME}-verified-fields" --with-decryption --region $AWS_REGION | jq -r '.Parameter.Value' >> $TARGET_DIR/.env
+        aws ssm get-parameter --name "${ENV_NAME}-webhook-verified-content" --with-decryption --region $AWS_REGION | jq -r '.Parameter.Value' >> $TARGET_DIR/.env
+
+packages:
+  yum: 
+    jq: []
diff --git a/Dockerrun.aws.json b/Dockerrun.aws.json
@@ -13,6 +13,10 @@
     {
       "HostDirectory": "/certs",
       "ContainerDirectory": "/certs"
+    },
+    {
+      "HostDirectory": "/etc/formsg/.env",
+      "ContainerDirectory": "/opt/formsg/.env"
     }
   ]
-}
+}