amplify-hosting icon indicating copy to clipboard operation
amplify-hosting copied to clipboard

Published 20 hours ago verified publisher icon aws-amplify

Environment variables from SSM Parameter Store or Secrets Manager

Open callumthomson opened this issue 3 years ago • 4 comments

It seems currently the only way to set environment variables on an Amplify app is by providing a plaintext value. It would be really useful to provide them from Parameter Store or Secrets Manager. I have an app which requires private npm authentication during the build stage. Currently I have to provide the GitHub personal access token to Amplify as a plaintext value. I also have to remember to update it here when I regenerate the token.

callumthomson avatar Jan 14 '22 12:01 callumthomson

Hi :wave:, thanks for opening! While we look into this...

If this issue is related to custom domains, be sure to check the custom domains troubleshooting guide to see if that helps. Also, there is a more general troubleshooting FAQ that may be helpful for other questions.

Lastly, please make sure you've specified the App ID and Region in the issue!

github-actions[bot] avatar Jan 14 '22 12:01 github-actions[bot]

Is this in the pipeline?

artgibson avatar Dec 07 '22 16:12 artgibson

I was able to make it work by accessing directly the SSM store through the AWS CLI in the Amplify Build. As mentioned previously, I also needed to use npm private registry in my build to build my nextjs application.

Here is the Amplify config:

version: 1
frontend:
  phases:
    preBuild:
      commands:
        - export GITHUB_API_TOKEN=$(aws ssm get-parameter --name GITHUB_API_TOKEN --query Parameter.Value --output text --with-decryption)
        - echo $GITHUB_API_TOKEN
        - npm config set //npm.pkg.github.com/:_authToken $GITHUB_API_TOKEN
        - npm ci
    build:
      commands:
        - npm run build
  artifacts:
    baseDirectory: .next
    files:
      - '**/*'
  cache:
    paths:
      - node_modules/**/*

Cheers 👌🏻

alexabidri avatar Jul 21 '23 10:07 alexabidri

Hey @alexabidri 👋🏻 Is there any previous setup that needs to be done in order of access to the AWS CLI commands? I tried with

export RECAPTCHA_SITE_KEY=$(aws ssm get-parameter --name RECAPTCHA_SITE_KEY --query Parameter.Value --output text --with-decryption)

but I get this error:

aws: command not found

Are you using a specific build image? I'm using public.ecr.aws/docker/library/node:18.17.0.

Edit: solved this issue by installing the AWS CLI manually.

jjuannn avatar Apr 08 '24 15:04 jjuannn