copilot-cli icon indicating copy to clipboard operation
copilot-cli copied to clipboard
verified publisher icon aws

Environment variables are recognized but not interpolated/inserted

Open fearnycompknowhow opened this issue 3 years ago • 0 comments

Hello, I apologize if this question has already been asked. I've been searching the internet for about a day and a half now, and I haven't found anything that works.

My pipeline builds a docker image. Both the buildspec.yml and the service manifest.yml files were generated through the AWS CLI.

I'm struggling with how to pass values from Secrets Manager into Dockerfile at build time. Based on my reading, it's possible to pull in values from Secrets Manager using either this syntax in the service's manfiest.yml file:

secrets:
  SECRET_1: "arn:for:secret"
  SECRET_2: "arn:for:secret"

# Or this instead
secrets:
  SECRET_1:
    secretsmanager: "secret-name:secret-key-1"
  SECRET_2:
    secretsmanager: "secret-name:secret-key-2"

Or you can specify them in the top-level buildspec.yml file using the following syntax:

env:
  secrets-manager:
    SECRET_1: "secret-name:secret-key-1"
    SECRET_2: "secret-name:secret-key-2"

The problem comes when I attempt to pass the values into the Docker file as build args. Within the service's manifest.yml file:

image:
  build:
    dockerfile: Dockerfile
    args:
      SECRET_1: ${SECRET_1}
      # Omitting the curly braces doesn't help anything
      SECRET_2: $SECRET_2

The problem seems to be that neither of the two environment variables are replaced with the environment variable values. Instead the literal string values of "${SECRET_1}" and "$SECRET_2" are passed into the Dockerfile.

I notice here that the person is referencing custom environment variables in the exact same way that I am, and it seems to have worked for them.

What's weird is that Copilot seems to recognize that SECRET_1 and SECRET_2 are actual environment variables, it just doesn't interpolate/insert them.

I know this, because if I remove every and all definition for the variables (both in the buildspec.yml file and in the manifest.yml file), the error message changes and the Dockerfile build never even runs due to the fact that there is an error in the Copilot config itself (i.e. missing environment variables).

fearnycompknowhow avatar Aug 02 '22 14:08 fearnycompknowhow