24

I have a web application that utilizes environment variables for some of its configuration (DB credentials, API keys, etc). I'm currently using Elastic Beanstalk for deployment and can easily set these from within AWS, which is great because I don't have this sensitive data in my code base.

However, I'm looking into switching from Elastic Beanstalk so I can leverage a bit more flexibility with my web instances, and naturally I'm looking into deploying (from my Codeship CI setup) using CodeDeploy. CodeDeploy is fairly straight forward and I've integrated it with Codeship just fine, but I noticed there's no built-in feature to set environment variables with CodeDeploy like there is with Elastic Beanstalk. Does anyone have any best practices for this process?

Jeff
  • 6,693
  • 2
  • 19
  • 34

4 Answers4

7

One way I have found to set environment variables is through scripts run during the AfterInstall hook (specified in the appspec http://docs.aws.amazon.com/codedeploy/latest/userguide/app-spec-ref.html).

I am able to determine the environment I am currently deploying to in these scripts by calling to my instances metadata where I get my instance id and then utilize the aws cli to execute describe-tags filtered to my instance Id where I have a tag set for Environment

ID=$(curl "http://169.254.169.254/latest/meta-data/instance-id")
aws --region us-east-1 ec2 describe-tags --filters Name=resource-id,Values=$ID Name=key,Values=Environment

I don't love this, but until Code Deploy has something built in to pass parameters to the appspec, this is the best I can find.

Levitron
  • 1,013
  • 8
  • 14
  • 3
    If one doesn't mind retrieving env variables using aws cli/sdk, better approach would be to use AWS Parameter Store, designed for keeping secrets. Tutorial is [here](https://aws.amazon.com/blogs/mt/use-parameter-store-to-securely-access-secrets-and-config-data-in-aws-codedeploy/) however it's still not integrated with appspec.yml – antiplayer Nov 21 '17 at 14:00
3

Assuming you are using github to manage your code, here is one potential way to manage your environment

Use git-crypt(https://github.com/AGWA/git-crypt) to encrypt sensitive information. You can put the key to decode these files on the server. During codedeploy afterInstall phase, you could decrypt and setup the environment.

The advantage is now you have all the information in one place in a safe way.

dminer
  • 1,051
  • 10
  • 9
0

You can use variables (if they are not "secret") in bash script:

  1. LIFECYCLE_EVENT : This variable contains the name of the lifecycle event associated with the script.
  2. DEPLOYMENT_ID : This variables contains the deployment ID of the current deployment.
  3. APPLICATION_NAME : This variable contains the name of the application being deployed. This is the name the user sets in the console or AWS CLI.
  4. DEPLOYMENT_GROUP_NAME : This variable contains the name of the deployment group. A deployment group is a set of instances associated with an application that you target for a deployment.
  5. DEPLOYMENT_GROUP_ID : This variable contains the ID of the deployment group in AWS CodeDeploy that corresponds to the current deployment

Example:

if [ "$DEPLOYMENT_GROUP_NAME" == "staging" ]
then
    
    #make directory with Deployment ID
    foldernameid=$(date +%Y%m%d)-$DEPLOYMENT_ID
    mkdir -p /var/www/releases/"$foldernameid"

    #print AWS variables to file
    awsvar1=$DEPLOYMENT_ID
    awsvar2=$LIFECYCLE_EVENT
    awsvar3=$APPLICATION_NAME
    awsvar4=$DEPLOYMENT_GROUP_NAME
    awsvar5=$DEPLOYMENT_GROUP_ID
    destdir=/var/www/releases/aws_var.txt
    echo "Deployment id" $awsvar1 "Lifecyckle_Event" $awsvar2 
    "Application_Name" $awsvar3 "Deployment_Group_Name" $awsvar4 
    "Deployment_Group_ID" $awsvar5 >>  $destdir

fi

More here: https://aws.amazon.com/blogs/devops/using-codedeploy-environment-variables/

BartZalas
  • 243
  • 4
  • 11
-2

It seems to be possible to use Environment Variables (mainly your DEPLOYMENT_GROUP_NAME).

See this guide from Amazon.

AndSoYouCode
  • 219
  • 1
  • 12