Coder Social home page Coder Social logo

aws-ssm-to-env's Introduction

aws-ssm-to-env

Parse AWS Systems Manager parameters to environment variables.

Table of Contents

About

This action is designed to read AWS SSM parameters and exports them as environmental variables.

Script can parse string value parameters as well as parameters with stringified JSON values. For simple JSON objects a shortcut parameter simple_json can be used to convert all key-values from JSON into environmental variables.

Requirements

Action expects 3 secrets to be set in GitHub's repository:

  • AWS_REGION - AWS Region (e.g. us-east1)
  • AWS_ACCESS_KEY_ID - AWS Access Key for user with an SSM access policy (e.g. AmazonSSMReadOnlyAccess)
  • AWS_SECRET_ACCESS_KEY - User's AWS Access Key

Usage

Parameters

Parameter name Type Required Default Value Description
ssm_parameter_list string true AWS Systems Manager parameter name (path) or comma separated list of paths
prefix string false AWS_SSM_ Custom environmental variables prefix
simple_json boolean true false Parse parameter values as one-level JSON object and convert keys to environmental variables (see example below).
jq_params string true Custom space-separated jq filters (see example below).

Examples

Get single parameter value

Parse simple string value stored in AWS SSM my_parameter_name parameter:

name: Parse SSM parameter

on:
  push

jobs:
  aws-ssm-to-env:
    runs-on: ubuntu-latest
    steps:
      - name: aws-ssm-to-env
        uses: bomb-on/aws-ssm-to-env@master
        env:
          AWS_REGION: ${{ secrets.AWS_REGION }}
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        with:
          ssm_parameter_list: 'my_parameter_name'

Example above will set environmental variable AWS_SSM_MY_PARAMETER_NAME with value from the AWS SSM parameter itself.

Get multiple parameter values

Use comma separated list of strings to fetch multiple parameter values at once:

name: Parse SSM parameter

on:
  push

jobs:
  aws-ssm-to-env:
    runs-on: ubuntu-latest
    steps:
      - name: aws-ssm-to-env
        uses: bomb-on/aws-ssm-to-env@master
        env:
          AWS_REGION: ${{ secrets.AWS_REGION }}
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        with:
          ssm_parameter_list: |
           my_first_parameter,
           my_second_parameter

Example above will set environmental variable AWS_SSM_MY_FIRST_PARAMETER and AWS_SSM_MY_SECOND_PARAMETER with corresponding values from AWS SSM.

Custom prefix

Parse simple string value stored in AWS SSM my_parameter_name parameter and export environmental variable with a custom prefix:

name: Parse SSM parameter

on:
  push

jobs:
  aws-ssm-to-env:
    runs-on: ubuntu-latest
    steps:
      - name: aws-ssm-to-env
        uses: bomb-on/aws-ssm-to-env@master
        env:
          AWS_REGION: ${{ secrets.AWS_REGION }}
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        with:
          ssm_parameter_list: 'my_parameter_name'
          prefix: FOO_

Example above will set environmental variable FOO_MY_PARAMETER_NAME with value from the AWS SSM parameter itself.

Simple JSON parameter values

Parse simple one-level JSON object and create environmental variables from all keys:

name: Parse JSON SSM parameter

on:
  push

jobs:
  aws-ssm-to-env:
    runs-on: ubuntu-latest
    steps:
      - name: aws-ssm-to-env
        uses: bomb-on/aws-ssm-to-env@master
        env:
          AWS_REGION: ${{ secrets.AWS_REGION }}
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        with:
          ssm_parameter_list: 'my_json_parameter'
          simple_json: true

If my_json_parameter in the example above is a JSON string like

{"foo": "bar", "baz": 1}

environmental variables will be set as:

AWS_SSM_FOO=bar
AWS_SSM_BAZ=1

Complex JSON values

Pass a custom, space-separated filter(s) to jq and parse desired parts of JSON object:

name: Parse JSON SSM parameter

on:
  push

jobs:
  aws-ssm-to-env:
    runs-on: ubuntu-latest
    steps:
      - name: aws-ssm-to-env
        uses: bomb-on/aws-ssm-to-env@master
        env:
          AWS_REGION: ${{ secrets.AWS_REGION }}
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        with:
          ssm_parameter_list: 'my_json_parameter'
          jq_filter: '.db[]|select(.default).host .db[]|select(.default).port'
          prefix: DB_

If my_json_parameter in the example above was a JSON string like

{"db": [{"host": "my.db.host.com", "port": 1337, "default": true}, {"host": "other.host", "port": 42}]}

environmental variables will be set as:

DB_HOST=my.db.host.com
DB_PORT=1337

TODO

aws-ssm-to-env's People

Stargazers

avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

brianpursell craigtsmith jamesgmorgan onshape hent-dev jm4rt1ns anuragdhingra myollie cdcutler kor-financial droverltd costa-coffee

aws-ssm-to-env's Issues

No Prefix

Is there a way to omit the prefix entirely?

prefix: '' Doesn't work as it reads that as empty and applies the default prefix.

INPUT_PARAMETER_NAME is breaking in entrypoint.sh

I have done everything like described in the docs and i am getting an error:

##[warning]Unexpected input 'parameter_name', valid inputs are ['entryPoint', 'args', 'ssm_parameter', 'prefix', 'simple_json', 'jq_filter']

The parameter_name is unused in the entrypoint.sh, but it is still being checked for it's existence.

  • If i declare "parameter_name" in the action, the action is breaking
  • If i don't declare "parameter_name" in the action, the entrypoint.sh is breaking with the error "Set SSM parameter name (parameter_name) value."

aws instance profile support

Hi, this module fits my needs exactly, but is it possible to do not pass AWS credentials and use awc ec2 instance metadata intead (with corresponding IAM role attached to instance)?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.