Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Environment variables for a Node app running on an EC2 Instance

0

I have set up a CI/CD pipeline for my project. On git commits there is a trigger which runs the CodePipeline -> CodeDeploy -> EC2 setup. The EC2 instance runs an Nginx web server and Node cluster using PM2. I am using a package called dotenv to load env vars like API keys and secrets. Since we don't commit it there is no way these vars load into the Node app on EC2. I have heard about secrets manager but I am not sure. Can someone guide me on this?

Temas
Herramientas para desarrolladoresCálculoSeguridad, identidad y cumplimiento
Etiquetas
AWS CodeDeployAmazon EC2AWS Secrets Manager
Idioma
English
fdr
preguntada hace 2 años8240 visualizaciones
1 Respuesta
0

Good question!

There are a few different AWS-native ways you can pull env vars into your Node app on EC2.

  • AWS Secrets Manager
  • AWS System Manager Parameter Store

For secrets, AWS Secrets Managers offers more features that help with protecting and managing those secrets.

In this case, you could configure the EC2 instance to pull those variables from AWS Secrets Manager. A couple things you would need to do:

  • Store the secrets in AWS Secrets Manager
  • Update the EC2 Instance Profile IAM Role to have permissions to pull from AWS Secrets Manager
  • Encrypt the secrets in AWS Secrets Manager and ensure the instance has access to use the KMS Key.

Now for Secret Retrieval:

Additional:

For more in-depth AWS guides, check out: https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html

jsonc
respondido hace 2 años

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante