patternMinor
Use dynamic values for parameter-store in aws buildspec.yml for CodeBuild
Viewed 0 times
buildspecstorecodebuildforawsdynamicvaluesymluseparameter
Problem
For my CodeBuild projects, I have a dev, staging and production project. Each project has an environment variable called $BUILD_ENVIRONMENT set to dev, staging and production, respectively. Each stage has its own key/value pair in Systems Manager Parameter Store. I want to use one buildspec.yml across all branches, so if I try to merge a branch or checkout a new branch, it does not copy hardcoded values in buildspec.yml. This is what I tried to do:
But it doesn't work. There is no interpolation done and I get the following error:
Decrypted Variables Error Message: parameter does not exist:
/myproject/$BUILD_ENVIRONMENT/secret_base_key
Since this is such a common use case, I am wondering if anyone found any type of solution to this?
version: 0.2
env:
parameter-store:
SECRET_KEY_BASE: /myproject/$BUILD_ENVIRONMENT/secret_key_baseBut it doesn't work. There is no interpolation done and I get the following error:
Decrypted Variables Error Message: parameter does not exist:
/myproject/$BUILD_ENVIRONMENT/secret_base_key
Since this is such a common use case, I am wondering if anyone found any type of solution to this?
Solution
I faced the same problem while using different SSH key pairs for different deployment environment. Usually I used to create different ssm variables per environment and then changed the name of ssm per git branch in buildspec.yml. That worked perfectly for me. For example, for deploying to stage environment i used the git branch "dev" which had following buidlspec.yml config
for "release" environment it was,
make sure you resolve merge conflicts between inter git branches before you apply.
env:
parameter-store:
SECRET_KEY_BASE: "DEV_SECRET_KEY_BASE"for "release" environment it was,
env:
parameter-store:
SECRET_KEY_BASE: "RELEASE_SECRET_KEY_BASE"make sure you resolve merge conflicts between inter git branches before you apply.
Code Snippets
env:
parameter-store:
SECRET_KEY_BASE: "DEV_SECRET_KEY_BASE"env:
parameter-store:
SECRET_KEY_BASE: "RELEASE_SECRET_KEY_BASE"Context
StackExchange DevOps Q#10263, answer score: 1
Revisions (0)
No revisions yet.