stackoom
  简体   繁体   中英

Environment variables with AWS SSM Run Command

 原文  2019-04-11 01:00:03       amazon-web-services/ environment-variables/ aws-ssm

Question

I am using AWS SSM Run Command with the AWS-RunShellScript document to run a script on an AWS Linux 1 instance. Part of the script includes using an environment variable. When I run the script myself, everything is fine. But when I run the script with SSM, it can't see the environment variable. This variable needs to be passed to a Python script. I had originally been trying os.environ['VARIABLE'] to no effect.

I know that AWS SSM uses root privileges and so I have put a line exporting the variable in the root ~/.bashrc file, yet it still can not see the variable. The root user can see it when I run it myself. Is it not possible for AWS SSM to use environment variables, or am I not exporting it correctly? If it is not possible, I'll try using AWS KMS instead to store my variable.

~/.bashrc 

export VARIABLE="VALUE"

script.sh

"$VARIABLE"

Security is important, hence why I don't want to just store the variable in the script.

3 answers

solution1
 4 ACCPTED  2019-04-11 04:49:24

SSM does not open an actual SSH session so passing environment variables won't work. It's essential a daemon running on the box that's taking your requests and processing them. It's a very basic product: it doesn't support any of the standard features that come with SSH such as SCP, port forwarding, tunneling, passing of env variables etc. An alternative way of passing a value you need to a script would be to store it in AWS Systems Manager Parameter Store , and have your script pull the variable from the store.
You'll need to update your instance role permissions to have access to ssm:GetParameters for the script you run to access the value stored.

solution2
 1  2022-05-14 10:31:33

My solution to this problem:

set -o allexport; source /etc/environment; set +o allexport

-o allexport enables all variables in /etc/environment to be exported. +o allexport disables this feature.

For more information see the Set builtin documentation

I have tested this solution by using the AWS CLI command aws ssm send-command :

"commands": [
    "set -o allexport; source /etc/environment; set +o allexport",
    "echo $TEST_VAR > /home/ec2-user/app.log"
]

solution3
 0  2021-03-26 18:33:04

I am running bash script in my SSM command document, so I just source the profile/script to have env variables ready to be used by the subsequent commands. For example,

"runCommand": [
      "#!/bin/bash",
      ". /tmp/setEnv.sh",
      "echo \"myVar: $myVar, myVar2: $myVar2\""
]

You can refer to Can a shell script set environment variables of the calling shell? for sourcing your env variables. For python, you will have to parse your source profile/script, see Emulating Bash 'source' in Python

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Retrieving command invocation in AWS SSM Escaping characters in AWS SSM command How to execute AWS SSM send command to run shell script with arguments from Lambda? Run a YAML SSM Run Document from AWS Lambda with Parameters AWS SSM Command Document - Constrain instances to choose from AWS EBS not recognizng environment variables AWS amplify environment variables vs AWS secrets SSH ProxyCommand using aws SSM session manager and bash script with select command How to define Environment variables in aws EKS AWS Amplify No Option to Add Environment Variables
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM