I have a web application that utilizes environment variables for some of its configuration (DB credentials, API keys, etc). I'm currently using Elastic Beanstalk for deployment and can easily set these from within AWS, which is great because I don't have this sensitive data in my code base.

However, I'm looking into switching from Elastic Beanstalk so I can leverage a bit more flexibility with my web instances, and naturally I'm looking into deploying (from my Codeship CI setup) using CodeDeploy. CodeDeploy is fairly straight forward and I've integrated it with Codeship just fine, but I noticed there's no built-in feature to set environment variables with CodeDeploy like there is with Elastic Beanstalk. Does anyone have any best practices for this process?


Solution 1:

Amazon has quite an neat feature for this: Parameter Store. You can add key/value pairs there, securely encrypted, and then retrieve them in your CodeDeploy scripts, eg:

password=$(aws ssm get-parameters --region us-east-1 --names MySecureSQLPassword --with-decryption --query Parameters[0].Value)

You'll need to do some IAM setup to allow access between CodeDeploy/Parameter Store, but the linked article above walks you through this.