TransWikia.com

Use dynamic values for parameter-store in aws buildspec.yml for CodeBuild

DevOps Asked by Daniel Viglione on August 22, 2021

For my CodeBuild projects, I have a dev, staging and production project. Each project has an environment variable called $BUILD_ENVIRONMENT set to dev, staging and production, respectively. Each stage has its own key/value pair in Systems Manager Parameter Store. I want to use one buildspec.yml across all branches, so if I try to merge a branch or checkout a new branch, it does not copy hardcoded values in buildspec.yml. This is what I tried to do:

version: 0.2

env:
  parameter-store:
    SECRET_KEY_BASE: /myproject/$BUILD_ENVIRONMENT/secret_key_base

But it doesn’t work. There is no interpolation done and I get the following error:

Decrypted Variables Error Message: parameter does not exist:
/myproject/$BUILD_ENVIRONMENT/secret_base_key

Since this is such a common use case, I am wondering if anyone found any type of solution to this?

One Answer

I faced the same problem while using different SSH key pairs for different deployment environment. Usually I used to create different ssm variables per environment and then changed the name of ssm per git branch in buildspec.yml. That worked perfectly for me. For example, for deploying to stage environment i used the git branch "dev" which had following buidlspec.yml config

env:
  parameter-store:
    SECRET_KEY_BASE: "DEV_SECRET_KEY_BASE"

for "release" environment it was,

env:
  parameter-store:
    SECRET_KEY_BASE: "RELEASE_SECRET_KEY_BASE"

make sure you resolve merge conflicts between inter git branches before you apply.

Answered by chaks on August 22, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP