Amazon web services - How to use AWS System Manger with Amplify

eva
July 25, 2022
177 views
0 votes
2 Answers

I have an AWS Amplify App and I am storing secrets in the AWS System Manager parameter store. According to the documentation, I followed this syntax /amplify/{your_app_id}/{your_backend_environment_name}/{your_parameter_name} and created this parameter /amplify/abcdefgh1234/dev/MY_PARAM. How do I use MY_PARAM in amplify.yaml? When I use MY_PARAM as stated below, I get empty values. I have added /amplify/abcdefgh1234/dev/MY_PARAM in environment variables section in amplify app setting.

version: 1
frontend:
  phases:
    preBuild:
      commands:
        - echo ${secrets.MY_PARAM}
        - echo $secrets

Answers

Chosen as BEST ANSWER
- eva
- August 5, 2022 at 5:25 am
- 0 votes
0
Role used in Amplify was missing permissions of SSM. I have added the below actions to the existing amplify role and it was able to fetch the parameters
```
 "ssm:PutParameter",
 "ssm:GetParametersByPath",
 "ssm:GetParameters",
 "ssm:GetParameter"
```

(Edit)

- Ondemand
- March 22, 2023 at 9:15 am
- 0 votes
0
yes granting SSM permission to AmplifySSRLoggingRole worked! Thanks!

Without SSM permission, error in clone repo stage:
```
2023-03-22T06:26:52.449Z [INFO]: SSM params {"Path":"/amplify/d2h3a4ocozujg5/prb/","WithDecryption":true}
2023-03-22T06:26:52.482Z [WARNING]: !Failed to set up process.env.secrets
```
After SSM permission, you can echo $secrets to test and write your secret to runtime .env if you like:
```
- yum install jq -y
- echo "KEY1=$(echo "$secrets" | jq -r '.KEY1')" > .env
- echo "KEY2=$(echo "$secrets" | jq -r '.KEY2')" >> .env
```
then in your code you can still use ‘process.env.KEY1 or KEY2’
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.

Amazon web services – How to use AWS System Manger with Amplify

Answers