I'm looking to use AWS Secrets Manager to obtain secrets and set them as environment variables on my Elastic Beanstalk instances.
I've written a script on an ebextensions file that calls the Secrets Manager CLI to obtain my secret and I use that secret to populate the env variables of my EB instances. Since it's linux instances, I'm trying export ENV_VAR_NAME=env_value
. Here's what I have so far:
packages:
yum:
epel-release: []
jq: []
files:
"/home/ec2-user/test.sh" :
mode: "000755"
owner: root
group: root
content: |
#!/bin/bash
config=$(aws --region us-west-1 secretsmanager get-secret-value --secret-id secret | jq -rc '.SecretString'')
export SECRET_KEY=$(echo $config | jq -rc '.awsKey')
# Used to print current env variables
env
commands:
0_test:
command: /home/ec2-user/test.sh
#I've also tried replacing 'commands' with 'container_commands'
container_commands:
0_test:
command: /home/ec2-user/test.sh
When I run the script in container_commands
, the right env variables are printed out, as in it is the env variables I set in my script along with what I have set in my EB env variables on the EB AWS console. However, when printing them in my application, I don't see the env variables I set through my script.
When I run the script in commands
, I don't seem to be writing to the correct set of env variables at all.
Is there a way to set the EB env variables in the way I am trying to do it here? Perhaps there's a special command I should be using rather than export
?