I have an AWS Amplify App and I am storing secrets in the AWS System Manager parameter store. According to the documentation, I followed this syntax /amplify/{your_app_id}/{your_backend_environment_name}/{your_parameter_name}
and created this parameter /amplify/abcdefgh1234/dev/MY_PARAM
. How do I use MY_PARAM
in amplify.yaml
? When I use MY_PARAM
as stated below, I get empty values. I have added /amplify/abcdefgh1234/dev/MY_PARAM
in environment variables
section in amplify app setting.
version: 1
frontend:
phases:
preBuild:
commands:
- echo ${secrets.MY_PARAM}
- echo $secrets
2
Answers
Role used in Amplify was missing permissions of SSM. I have added the below actions to the existing amplify role and it was able to fetch the parameters
yes granting SSM permission to AmplifySSRLoggingRole worked! Thanks!
Without SSM permission, error in clone repo stage:
After SSM permission, you can echo $secrets to test and write your secret to runtime .env if you like:
then in your code you can still use ‘process.env.KEY1 or KEY2’