Skip to content
/ aws.env Public

Shell scripts to help manage .env files within AWS

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

flipboxlabs/aws.env

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

39 Commits
bin
bin
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

aws.env

Shell scripts to help manage .env files within the AWS Parameter Store.

The goal of these shell scripts is to make it easier to deploy environmental variables to Amazon Web Services (AWS) environments. Point the shell script to a .env and deploy it to the AWS Parameter Store. dotenv put-dotenv deploys this file to the AWS Parameter Store based on the application and environment names you choose. The path looks something like this: /AppName/EnvName/.env/<VARIABLE NAME>.

Usage

Options

  • -a|--app The name of your application
  • -e|--env The name of your environment, ie, production, development, etc
  • -o|--output Modify output format (Options: default, dockerfile)
  • -p|--profile The aws profile used for authentication
  • -r|--region The aws region
  • -d|--debug Output debug
  • -h|--help Show help message

Update: ./bin/dotenv update

This is the most useful command. This will check for any existing .env variable within the Parameter Store and pull them into a file that you can edit with vim. Once you are done modifying the file, a diff will be presented. If you like the diff, say yes to continue to push the variable changes.

Notice: Deletes currently do not work. If you remove an env var from the file that env var will NOT be deleted. This is a known issue. Use the delete subcommand (delete-parameter) when you need to remove items.

./bin/dotenv update --app TestApp --env TestApp-Dev

Get: ./bin/dotenv get-dotenv

Print to stdout

./bin/dotenv get-dotenv --app TestApp --env TestApp-Dev

Save .env to file

./bin/dotenv get-dotenv --app TestApp --env TestApp-Dev .env

OR (of course)

./bin/dotenv get-dotenv --app TestApp --env TestApp-Dev > .env

Put: ./bin/dotenv put-dotenv

Put .env file

To deploy the environmental variables, you can point dotenv put-dotenv to the file that contains all of the needed environmental variables and it'll save the file as a whole to the aforementioned /<app>/<env>/.env path in the AWS Parameter Store. An example is very similar to dotenv get-dotenv:

./bin/dotenv put-dotenv --profile flipbox --app TestApp --env TestApp-Dev .env

Put Parameter: ./bin/dotenv put-parameter

Put a single parameter

./bin/dotenv put-parameter --profile flipbox --app TestApp --env TestApp-Dev DB_PASSWORD myDbSecret

Delete Parameter: ./bin/dotenv delete-parameter

Delete a single parameter

./bin/dotenv delete-parameter --profile flipbox --app TestApp --env TestApp-Dev DB_PASSWORD

AWS Policy Examples

You can manage permissions to the parameters by limiting access to the role/instance profile or user base on policies that specify the app and/or the environment.

The following are examples on how to restrict access via AWS CloudFormation Policies.

Example CloudFormation to restrict user based on Application Name

Resources:
  UserPolicy:
    Type: AWS::IAM::Policy
    Properties:
      PolicyName: UserSsmPolicy
      PolicyDocument:
        Statement:
        - Effect: Allow
          Action:
          - "ssm:GetParameters"
          - "ssm:GetParametersByPath"
          - "ssm:PutParameter"
          - "ssm:DeleteParameter"
          - "ssm:DeleteParameters"
          Resource: !Sub 'arn:aws:ssm:*:*:parameter/${ApplicationName}/*'

Example CloudFormation to restrict user based on Application and Environment Name

Resources:
  UserPolicy:
    Type: AWS::IAM::Policy
    Properties:
      PolicyName: UserSsmPolicy
      PolicyDocument:
        Statement:
        - Effect: Allow
          Action:
          - "ssm:GetParameters"
          - "ssm:GetParametersByPath"
          - "ssm:PutParameter"
          - "ssm:DeleteParameter"
          - "ssm:DeleteParameters"
          Resource: !Sub 'arn:aws:ssm:*:*:parameter/${ApplicationName}/${EnvironmentName}/*'

Example CloudFormation to restrict instances to read-only based on Application Name

Resources:
  InstanceRolePolicies:
    Type: AWS::IAM::Policy
    Properties:
      PolicyName: InstanceRole
      PolicyDocument:
        Statement:
        - Effect: Allow
          Action:
          - "ssm:GetParameters"
          - "ssm:GetParametersByPath"
          Resource: !Sub 'arn:aws:ssm:*:*:parameter/${ApplicationName}/*'

TODO

  • Add remove/delete parameters to the update subcommand.

About

Shell scripts to help manage .env files within AWS

Topics

aws dotenv encryption aws-ssm parameter-store

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases 11

1.3.0 Latest
Jul 11, 2022
+ 10 releases

Packages

No packages published

Languages