Customize Elastic Beanstalk Environment

Occasionally, you will need to customize environment for applications running in Elastic Beanstalk. Some of the use cases can be:
  • Download properties/configuration files, used by application, from S3
  • Run customized scripts which make use of environment variables
  • Create or modify files/directories
One of the approach, to customize environment, is to use Elastic Beanstalk configuration files. These configuration files are part of source code and are usually placed at root of source code in folder .ebextensions.  Lets consider a use case where web application reads properties from a file. And file needs to be downloaded from S3.
Create folder .ebextensions at root of source code.  Create file 'downloadPropertiesFile.config' in folder .ebextensions with following content in yaml format: 
container_commands:
    010-downloadfile:
        command: sudo /usr/bin/aws s3 --region eu-west-1 cp s3://${Bucket_Path_To_File_In_S3} /destination_file_path
If using gradle, add following content in build.gralde to make this .ebextensions part of war file. 
war {
    from('.ebextensions') {
        into('.ebextensions')
    }
}
Add Environment Variable Bucket_Path_To_File_In_S3 to Elastic Beanstalk environment.
Deploy war file to elastic beanstalk environment and file from S3 should be downloaded. Make sure that ec2-instace has associated Role (Instance Profile) which has access to S3 bucket.
It is recommended to use Roles/Instance Profiles to access AWS resources from ec2-instance. However, if you cannot assign role to ec2-instance then you can download files using environment variables. Change content of 'downloadPropertiesFile.config' to:
container_commands:
    010-export-accesskey:
        command: export AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
    020-export-secretkey:
        command: export AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
    030-downloadfile:
        command: sudo /usr/bin/aws s3 --region eu-west-1 cp s3://${Bucket_Path_To_File_In_S3} /destination_file_path
And add following environment variables to Elastic Beanstalk application. These environment variables are not available in shell and this is why we have to export them first in order to download file from S3. 
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
Bucket_Path_To_File_In_S3

This example also demonstrates on how to access environment variables in .ebextensions files. Elastic beanstalk executes container commands after extracting source code, but before deploying it. It is important to note that Environment Variables are available for container commands but they are not available for other .ebextensions keys such as Files and Commands.
For Further Reading: Container Commands

Comments

Post a comment

Popular posts from this blog

Practice Questions - AWS Solutions Architect - Associate Certification

These are some of the practice questions from the e-book which is available on Amazon : 1.        Name of S3bucket must be unique: a)        Within your AWS Account b)       Across all your AWS Accounts c)        Within a region d)       Globally across all AWS Accounts 2.        Which of following can be used as storage class for S3: (Select all that apply) a)        S3 - Standard Infrequent b)       Amazon Glacier c)        Storage Gateway d)       EBS e)       Dynamo DB 3.        S3 replicates all objects: a)        On multiple devices within availability zone b)       In multiple availability zones within a region c)        Across multiple regions to achieve higher durability and availability d)       On a single device 4.        You have successfully launched an ec2 instance in VPC and have also downloaded the Private key which you will use to access instance via SSH. What else do you need to do to access the instance? a)        Add
Read more

AWS: Increase Connection Timeout

Environment: Elastic Beanstalk - Java with Tomcat Recently, we faced a situation where java-tomcat server was taking more than 60 seconds to process the request. And we were getting Bad Gateway 5xx Errors. For this particular use case, we could not use asynchronous communication protocol such as Queues; And business users were more than happy to wait for requests to complete even if it takes more than a minute. For every request, Classic Load Balancer maintains 2 connections. One connection is from client to load balancer, and another connection from load balancer to ec2-instance. By default, idle timeout of classic load balancer is set to 60 seconds which means it can close connection if data is not sent within 60 seconds. In order to handle requests which takes more than 60 seconds to process, we can edit the idle timeout setting and increase it to any value upto 4000 seconds . However, If we want to handle requests which takes more than 60 seconds to process, then Load Balancer
Read more

AWS Parameter Store

A typical web application needs credentials to access different resources such as credentials to connect to database and tokens to communicate with other web services. It is common practice to pass these secret parameters to applications via system properties or environment variables. For example, if you are using Elastic Beanstalk for java web application then you can pass parameters (database url, username, password etc.) as properties.  Every infrastructure is different, but in general this practice is neither secure nor manageable. Some of the common problems are: parameters are not encrypted, parameters might be available in plain text on ec2-instance ebs scripts, parameters are hard to rotate if parameters are being shared by multiple applications. Moreover, if credentials are shared by different applications and multiple people are responsible for deployment then all those people will need access to credentials. Instead of passing secret parameters as environment variab
Read more