gmr / env-aws-params Goto Github PK

Inject AWS SSM Parameters as Environment Variables

License: BSD 3-Clause "New" or "Revised" License

Go 91.53% Makefile 5.69% Dockerfile 2.78%

aws ssm parameters environment-variables 12-factor docker entrypoint hacktoberfest

env-aws-params's Introduction

env-aws-params

env-aws-params is a tool that injects AWS EC2 Systems Manager (SSM) Parameter Store Key / Value pairs as Environment Variables when executing an application. It is intended to be used as a Docker Entrypoint, but can really be used to launch applications outside of Docker as well.

The primary goal is to provide a way of injecting environment variables for 12 Factor applications that have their configuration defined in the SSM Parameter store. It was directly inspired by envconsul.

Example Usage

Create parameters in Parameter Store:

aws ssm put-parameter --name /service-prefix/ENV_VAR1 --value example
aws ssm put-parameter --name /service-prefix/ENV_VAR2 --value test-value

Then use env-aws-params to have bash display the env vars it was called with:

env-aws-params --prefix /service-prefix /bin/bash -c set

If you want to include common and service specific values, --prefix can be specified multiple times:

env-aws-params --prefix /common /bin/bash -c set

To get a plaintext output of your environment variables to use with other utilities, we can use printenv:

env-aws-params --pristine --silent --prefix /service-prefix /usr/bin/printenv > ~/some-file.sh

Which will write your environment variables in plain text, for example:

# ~/some-file.sh Contents:
ENV_VAR1=example
ENV_VAR2=test-value

CLI Options

NAME:
   env-aws-params - Application entry-point that injects SSM Parameter Store values as Environment Variables

USAGE:
   env-aws-params [global options] -p prefix command [command arguments]

COMMANDS:
     help, h  Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --aws-region value        The AWS region to use for the Parameter Store API [$AWS_REGION]
   --prefix value, -p value  Key prefix that is used to retrieve the environment variables - supports multiple use
   --pristine                Only use values retrieved from Parameter Store, do not inherit the existing environment variables
   --sanitize                Replace invalid characters in keys to underscores
   --strip                   Strip invalid characters in keys
   --upcase                  Force keys to uppercase
   --debug                   Log additional debugging information [$PARAMS_DEBUG]
   --silent                  Silence all logs [$PARAMS_SILENT]
   --help, -h                show help
   --version, -v             print the version

Building

This project uses go modules. To build the project:

go mod download
go mod verify
go build

Building an environment is also provided as a docker image based on Alpine Linux. See the Dockerfile for more information.

docker build -t env-aws-params; # Build the image
docker run --rm -it -v $HOME/.aws/:/root/.aws/ env-aws-params [your options]

env-aws-params's People

Contributors

Stargazers

Watchers

Forkers

meliuz mrtheb four43 aerisweather notonthehighstreet opswerk ferhimedamine robertverusen rawon cortiz crowdcompass say8425 lnxjedi yashmit178 anderson-pids dave-shawley hellosaks mipmip

env-aws-params's Issues

Without credentials should have non-zero exit status

Currently if you run the command, and you haven't set up AWS credentials properly, it won't execute your command, but have a zero exit status, suggesting that everything went okay. Wouldn't it make more sense if it exited with a non-zero status?

Example:

bash-4.4# env-aws-params --prefix /foobar /bin/ls && echo $?
ERROR: NoCredentialProviders: no valid providers in chain. Deprecated.
	For verbose messaging see aws.Config.CredentialsChainVerboseErrors
0

v1.0.0 assets missing

Hello, and thanks for your work on this great tool!

Is it intentional that https://github.com/gmr/env-aws-params/releases/download/1.0.0/env-aws-params_1.0.0_linux_amd64.zip doesn't exist?
Should we build those on our own from now on?

Rate limiting?

Hi @gmr,

Thanks for the tool. What's your take with rate limiting? Currently if you deploy multiple say 100 containers, you're going to run into rate limiting on AWS side.

Any chance to be able to handle say sleeping/retrying with maybe a flag instead of failing?

Cheers 🙌

Upload Docker image to Docker Hub

In addition to using it as a base image, it allows one to copy the env-aws-params binary to their image using a multi-stage build. Unlike a URL to the binary, I can actually remember the name of a Docker image. :)

For example.

FROM python:alpine
COPY --from=gmr/env-aws-params:alpine /usr/bin/env-aws-params /usr/bin/
...
ENTRYPOINT ["/usr/bin/env-aws-params"]
CMD python-app

Add option to not fail when region and prefix are not set

I would like env-aws-params to run the target command as-is if the prefix and region are not set.

Conditions

Neither the --aws-region flag nor the AWS_REGION environment variable are set.
Neither the --prefix flag nor the PARAMS_PREFIX environment variable are set.

Current Behavior
Program aborts and does execute target command.

$ env-aws-params service
ERROR: prefix is required

Desired Behavior
Program warns of missing variables and executes target command without retrieving variables.

$ env-aws-params --ignore-no-config service
WARNING: SSM variables not set

Why
I'm conditionally using env-aws-params in a Docker entrypoint script to execute the Docker command as-is if neither the PARAMS_PREFIX and AWS_REGION variables are set. This allows me to use the same container in both production and a fully local environment; the container won't reach out to SSM unless both previous mentions env vars are set.

The entrypoint script is fairly generic as it only inspects variables used by env-aws-params. However, it ends up becoming a copy/paste snippet of code that gets carried around to multiple projects. It also must be an external file to be able to safely pass "$@" to it.

COPY entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]

#!/usr/bin/env sh
if [ -n "${PARAMS_PREFIX}" ] && [ -n "${AWS_REGION}" ]; then
    exec env-aws-params "$@"
else
    exec "$@"
fi

Solution
Add a command-line flag to env-aws-params to do essentially the same thing.

ENTRYPOINT ["env-aws-params", "--ignore-no-config"]

I don't have a preference how this option is set; the name --ignore-no-config was picked without much thought put into it.

If you're open to including this, I'll glady take on development.

ERROR: NoCredentialProviders: no valid providers in chain. Deprecated.

Hello i am using env-aws-params to read all parameters from system manager with a prefix.
This is working fine in Amazon Linux 2. but when i include the same in AML 2023, i could not read read the parameters and getting the error

ERROR: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors

are there any changes needed for AML 2023 ?. trying to find what i need to pass to overcome this error, but could not find anything.

Here is my command

/usr/bin/env -i /usr/local/bin/env-aws-params --aws-region $EC2_REGION
--prefix $1
--pristine
--silent /usr/bin/printenv >> $environmentFile

Commands are confusing

First of all, great project!

I'm having a hard time integrating into my workflow however. I'm finding the "command" portion a little complex. I'm looking to just output they key/value pairs so I can add them to my systemd units like this describes: https://coreos.com/os/docs/latest/using-environment-variables-in-systemd-units.html . I would just like this program to output the data so I can pipe it to other unix-y things. How would I go about doing that? /bin/bash -c set or even /bin/sh -c set even with pristine adds a bunch BASH variables.

The following just hangs:

./env-aws-params \
	--aws-region us-east-1 \
	--upcase \
	--pristine \
	--prefix '/my-prefix/dev/' \
	/bin/cat

Thanks for the clarification!

-Seth