Environment variables for a Node app running on an EC2 Instance


I have set up a CI/CD pipeline for my project. On git commits there is a trigger which runs the CodePipeline -> CodeDeploy -> EC2 setup. The EC2 instance runs an Nginx web server and Node cluster using PM2. I am using a package called dotenv to load env vars like API keys and secrets. Since we don't commit it there is no way these vars load into the Node app on EC2. I have heard about secrets manager but I am not sure. Can someone guide me on this?

1 Answer

Good question!

There are a few different AWS-native ways you can pull env vars into your Node app on EC2.

  • AWS Secrets Manager
  • AWS System Manager Parameter Store

For secrets, AWS Secrets Managers offers more features that help with protecting and managing those secrets.

In this case, you could configure the EC2 instance to pull those variables from AWS Secrets Manager. A couple things you would need to do:

  • Store the secrets in AWS Secrets Manager
  • Update the EC2 Instance Profile IAM Role to have permissions to pull from AWS Secrets Manager
  • Encrypt the secrets in AWS Secrets Manager and ensure the instance has access to use the KMS Key.

Now for Secret Retrieval:


For more in-depth AWS guides, check out: https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions