1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
Good question!
There are a few different AWS-native ways you can pull env vars into your Node app on EC2.
- AWS Secrets Manager
- AWS System Manager Parameter Store
For secrets, AWS Secrets Managers offers more features that help with protecting and managing those secrets.
In this case, you could configure the EC2 instance to pull those variables from AWS Secrets Manager. A couple things you would need to do:
- Store the secrets in AWS Secrets Manager
- Update the EC2 Instance Profile IAM Role to have permissions to pull from AWS Secrets Manager
- Encrypt the secrets in AWS Secrets Manager and ensure the instance has access to use the KMS Key.
Now for Secret Retrieval:
- The instance can pull the secret by either the secret name or value. If you're looking at runtime for Node: https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/SecretsManager.html
- AWS Guide: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html
Additional:
- Caching Secrets to Improve Performance: https://docs.aws.amazon.com/secretsmanager/latest/userguide/use-client-side-caching.html
- Security of Secrets Manager: https://docs.aws.amazon.com/secretsmanager/latest/userguide/security.html
- If you're looking to do things on the EC2 instance launch, check out user-data: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html
For more in-depth AWS guides, check out: https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html
답변함 2년 전
