How to run aws ssm get marameter in instance user data?
0
Hello I am trying to automate instance autoupdate on it start. I am using for this userdata in launch template. One of them is update .env file which we are storing in AWS Parameter Store. So, user data looks like:
#!/bin/bash -x
aws ssm get-parameters --names /dev/microservices --with-decryption --output text > /home/ubuntu/microservices/.env && pm2 reload all --update-env --time
This commnd works fine when to run it locally on the server, but if to run it in userdata then .env file is just empty. How is that possible? I have instance profile attached to EC2 launch template, to be able to read the values from AWS Parameter Store. Should i also export AWS credentials in userdata?
aws configure set aws_access_key_id "AKIAI***************" --profile user2 && aws configure set aws_secret_access_key "*************************************" --profile user2 && aws configure set region "us-east-1" --profile user2 && aws configure set output "text" --profile user2
Lingua
English
posta 6 mesi fa514 visualizzazioni
1 Risposta
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
0
No, access/secret keys are not needed. When you use instance profile, instance will assume a role that you set up for instance profile. Check if this role has SSM permissions.
con risposta 6 mesi fa
Contenuto pertinente
AWS UFFICIALEAggiornata un anno fa
Hello. Issue was in "--region" option missing in the aws ssm get-parameters command.
Cat cloud-init-output.loghelped to resolve an issue. Now i can export data from the parameter store record to the .env file. Thanks.