From ac2724276bef8e4bd47211efa32b24a5a8cb1738 Mon Sep 17 00:00:00 2001 From: LoneRifle Date: Wed, 23 Jun 2021 09:46:45 +0800 Subject: [PATCH] build(ci): create .env files in EB with Param Store - use an .ebextensions config to create an .env from Parameter Store - determine the environment name by looking at container config files directly [1] - mount the .env into /opt/formsg/.env References: [1]: https://aws.amazon.com/premiumsupport/knowledge-center/view-environment-properties-elastic-beanstalk/ --- .ebextensions/env-file-creation.config | 41 ++++++++++++++++++++++++++ Dockerrun.aws.json | 6 +++- 2 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 .ebextensions/env-file-creation.config diff --git a/.ebextensions/env-file-creation.config b/.ebextensions/env-file-creation.config new file mode 100644 index 0000000000..3c9a9437fc --- /dev/null +++ b/.ebextensions/env-file-creation.config @@ -0,0 +1,41 @@ +# Creates an .env file from AWS SSM Parameter Store + +commands: + 01-create-env: + command: "/tmp/create-env.sh" + +files: + "/tmp/create-env.sh": + mode: "000755" + content : | + #!/bin/bash + # Reach into the undocumented container config + AWS_REGION='`{"Ref": "AWS::Region"}`' + ENV_NAME=$(jq .system.environment_name /opt/elasticbeanstalk/deploy/configuration/containerconfiguration | sed 's/"//g') + TARGET_DIR=/etc/formsg + + echo "Checking if ${TARGET_DIR} exists..." + if [ ! -d ${TARGET_DIR} ]; then + echo "Creating directory ${TARGET_DIR} ..." + mkdir -p ${TARGET_DIR} + if [ $? -ne 0 ]; then + echo 'ERROR: Directory creation failed!' + exit 1 + fi + else + echo "Directory ${TARGET_DIR} already exists!" + fi + echo "Creating config for ${ENV_NAME} in ${AWS_REGION}" + aws ssm get-parameter --name "${ENV_NAME}-general" --with-decryption --region $AWS_REGION | jq -r '.Parameter.Value' > $TARGET_DIR/.env + aws ssm get-parameter --name "${ENV_NAME}-captcha" --with-decryption --region $AWS_REGION | jq -r '.Parameter.Value' >> $TARGET_DIR/.env + aws ssm get-parameter --name "${ENV_NAME}-ga" --with-decryption --region $AWS_REGION | jq -r '.Parameter.Value' >> $TARGET_DIR/.env + aws ssm get-parameter --name "${ENV_NAME}-intranet" --with-decryption --region $AWS_REGION | jq -r '.Parameter.Value' >> $TARGET_DIR/.env + aws ssm get-parameter --name "${ENV_NAME}-sentry" --with-decryption --region $AWS_REGION | jq -r '.Parameter.Value' >> $TARGET_DIR/.env + aws ssm get-parameter --name "${ENV_NAME}-sms" --with-decryption --region $AWS_REGION | jq -r '.Parameter.Value' >> $TARGET_DIR/.env + aws ssm get-parameter --name "${ENV_NAME}-ndi" --with-decryption --region $AWS_REGION | jq -r '.Parameter.Value' >> $TARGET_DIR/.env + aws ssm get-parameter --name "${ENV_NAME}-verified-fields" --with-decryption --region $AWS_REGION | jq -r '.Parameter.Value' >> $TARGET_DIR/.env + aws ssm get-parameter --name "${ENV_NAME}-webhook-verified-content" --with-decryption --region $AWS_REGION | jq -r '.Parameter.Value' >> $TARGET_DIR/.env + +packages: + yum: + jq: [] \ No newline at end of file diff --git a/Dockerrun.aws.json b/Dockerrun.aws.json index b981ab4556..d47772957f 100644 --- a/Dockerrun.aws.json +++ b/Dockerrun.aws.json @@ -13,6 +13,10 @@ { "HostDirectory": "/certs", "ContainerDirectory": "/certs" + }, + { + "HostDirectory": "/etc/formsg/.env", + "ContainerDirectory": "/opt/formsg/.env" } ] -} +} \ No newline at end of file