Customize Elastic Beanstalk Environment

Occasionally, you will need to customize environment for applications running in Elastic Beanstalk. Some of the use cases can be:
  • Download properties/configuration files, used by application, from S3
  • Run customized scripts which make use of environment variables
  • Create or modify files/directories
One of the approach, to customize environment, is to use Elastic Beanstalk configuration files. These configuration files are part of source code and are usually placed at root of source code in folder .ebextensions.  Lets consider a use case where web application reads properties from a file. And file needs to be downloaded from S3.
Create folder .ebextensions at root of source code.  Create file 'downloadPropertiesFile.config' in folder .ebextensions with following content in yaml format: 
container_commands:
    010-downloadfile:
        command: sudo /usr/bin/aws s3 --region eu-west-1 cp s3://${Bucket_Path_To_File_In_S3} /destination_file_path
If using gradle, add following content in build.gralde to make this .ebextensions part of war file. 
war {
    from('.ebextensions') {
        into('.ebextensions')
    }
}
Add Environment Variable Bucket_Path_To_File_In_S3 to Elastic Beanstalk environment.
Deploy war file to elastic beanstalk environment and file from S3 should be downloaded. Make sure that ec2-instace has associated Role (Instance Profile) which has access to S3 bucket.
It is recommended to use Roles/Instance Profiles to access AWS resources from ec2-instance. However, if you cannot assign role to ec2-instance then you can download files using environment variables. Change content of 'downloadPropertiesFile.config' to:
container_commands:
    010-export-accesskey:
        command: export AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
    020-export-secretkey:
        command: export AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
    030-downloadfile:
        command: sudo /usr/bin/aws s3 --region eu-west-1 cp s3://${Bucket_Path_To_File_In_S3} /destination_file_path
And add following environment variables to Elastic Beanstalk application. These environment variables are not available in shell and this is why we have to export them first in order to download file from S3. 
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
Bucket_Path_To_File_In_S3

This example also demonstrates on how to access environment variables in .ebextensions files. Elastic beanstalk executes container commands after extracting source code, but before deploying it. It is important to note that Environment Variables are available for container commands but they are not available for other .ebextensions keys such as Files and Commands.
For Further Reading: Container Commands

Comments

Post a comment

Popular posts from this blog

Practice Questions - AWS Solutions Architect - Associate Certification

These are some of the practice questions from the e-book which is available on Amazon:
1.Name of S3bucket must be unique: a)Within your AWS Account b)Across all your AWS Accounts c)Within a region d)Globally across all AWS Accounts
2.Which of following can be used as storage class for S3: (Select all that apply) a)S3 - Standard Infrequent b)Amazon Glacier c)Storage Gateway d)EBS e)Dynamo DB
3.S3 replicates all objects: a)On multiple devices within availability zone b)In multiple availability zones within a region c)Across multiple regions to achieve higher durability and availability d)On a single device
Read more

Continuous Integration using AWS CodePipeline (GitHub to Elastic BeanStalk)

AWS CodePipeline can be used to continuously deploy code changes to Elastic Beanstalk in Staging Environment. Here is an example which makes use of amazon web services to deploy code changes for Grails Project. CodePipeline will get code from GitHub repository, build using CodeBuild and then deploy the war file to Elastic Beanstalk. AWS CodeBuild uses buildspec.yml to get build instructions. Add buildspec.yml at root folder of your project. Since Grails uses gradle to build the project, the content of file can be: version: 0.1 phases: install: commands: - echo Install started on `date` pre_build: commands: - echo Pre Build started on `date` build: commands: - echo Build started on `date` - ./gradlew assemble post_build: commands: - echo Build completed on `date` artifacts: files: - build/libs/*.war The root folder should also contain gradle wrapper (gradlew). We won't have to install gradle on build server …
Read more

AWS Parameter Store

A typical web application needs credentials to access different resources such as credentials to connect to database and tokens to communicate with other web services.
It is common practice to pass these secret parameters to applications via system properties or environment variables. For example, if you are using Elastic Beanstalk for java web application then you can pass parameters (database url, username, password etc.) as properties.  Every infrastructure is different, but in general this practice is neither secure nor manageable. Some of the common problems are: parameters are not encrypted, parameters might be available in plain text on ec2-instance ebs scripts, parameters are hard to rotate if parameters are being shared by multiple applications. Moreover, if credentials are shared by different applications and multiple people are responsible for deployment then all those people will need access to credentials.
Instead of passing secret parameters as environment variables, se…
Read more