Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

ssm-starter

Package Overview
Dependencies
Maintainers
1
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

ssm-starter

Read AWS SSM parameters into the environment, then start your app.

  • 0.2.2
  • PyPI
  • Socket score

Maintainers
1

ssm-starter

|PyPI version|

Loads AWS SSM Parameter Store parameters into local system environment variables and then executes your application so it has access to those environment variables.

This was inspired by the Twelve-Factor App principle Store config in the environment <https://12factor.net/config>__.

The intended use case is to be used as the ENTRYPOINT to Docker containers which run in AWS where the application gets its configuration from SSM and stores it in the environment, then starts the application, which can reference these values through the environment.

Installation

.. code:: shell

pip install ssm-starter

Usage

SSM-Starter is installed as a command line utility and can be run as:

.. code:: shell

ssm-starter --ssm-name /dev/my-app/ --command /bin/bash run-app.sh

Regarding format of ssm-name and pathing, note that all of the following are equivalent:

.. code:: shell

ssm-starter --ssm-name /dev/my-app --command /bin/bash run-app.sh
ssm-starter --ssm-name /dev/my-app/ --command /bin/bash run-app.sh
AWS_ENV=dev ssm-starter --ssm-name my-app --command /bin/bash run-app.sh

Example

Let's say you have the following three AWS SSM Parameters and their values.

+------------+----------+ | SSM Path | Value | +============+==========+ | /dev/my-ap | abc123 | | p/MYAPP_T | | | EST_VAR | | +------------+----------+ | /dev/my-ap | Server=m | | p/MYAPP_D | yserver; | | B_CONN_S | Database | | TRING | =mydb;Ui | | | d=myuid; | | | Pwd=secr | | | et; | +------------+----------+ | /dev/my-ap | xyz789 | | p/MYAPP_T | | | EST_TWO | | +------------+----------+

Running ssm-starter with the ssm-name "my-app" and environment variable AWS_ENV set to "dev" result in the following:

.. code:: shell

  $ export AWS_REGION=us-east-1
  $ export AWS_ENV=dev
  $ ssm-starter --ssm-name my-app --command /bin/bash run-app.sh
  Reading parameters from SSM path: /dev/my-app/
  Read 3 parameters from SSM
  MYAPP_TEST_VAR - setting value from ssm: abc123
  MYAPP_DB_CONN_STRING - setting value from ssm (SecureString, 51 chars)
  MYAPP_TEST_TWO already in environment
  /bin/bash run-app.sh

After this runs these variables are in the environment and accessible to the application. Notice that if the SSM parameter was stored as a SecureString, the value is not echoed to stdout, and that if an environment variable already exists with that name, it is not overwritten. So if an environment variable is directly passed into the container through "docker run -e" or given to it by an orchestrator such as if it is defined in the task definition for ECS, that will take precidence.

Arguments

--ssm-name The name prefix of your application. If you have an environment variable AWS_ENV present, it will additionally prefix this with that. Multiple --ssm-name arguments can be provided in which case SSM starter will read all parameters from each SSM path provided.

--command The command to execute after loading the SSM variables into the environment. The command does not need to be enclosed in quotes but this should be the last argument as all arguments after this are assumed to be part of the command to execute.

--abort-if-duplicates This optional argument will instruct SSM Starter to abort (non-zero exit code) if any duplicate parameter names are found. This would only occur if multiple --ssm-name arguments are provided. The default behavior is to skip any encountered duplicates, which also logs a warning message.

--overwrite-if-duplicates This optional argument will instruct SSM Starter to overwrite if any duplicate parameter names are found, so the last parameter "wins". This would only occur if multiple --ssm-name arguments are provided. The default behavior is to skip any encountered duplicates, which also logs a warning message.

AWS_ENV (environment variable) If present, this will be prefixed before the supplied ssm-name. If you have a separate AWS accounts for each environment, you will not need this. If however you are sharing a single AWS account for multiple environments (dev, stage, prod, etc) then this provides a way to partition the SSM variables.

AWS_REGION (environment variable) The AWS_REGION environment variable is expected to be present. Region is set by this environment variable rather than though an argument to ssm-starter so that the same configuration can be promoted to multiple environments that may be in different regions. If only AWS_REGION is set, ssm-starter will also set AWS_DEFAULT_REGION to the same value. If both are set and in conflict, ssm-starter will set both to the value in AWS_REGION.

Build and test locally

.. code:: shell

docker build -t billtrust/ssm-starter:build -f Dockerfile.buildenv .

pip install iam-docker-run --user

# specify a valid IAM role name which has full permissions to SSM
export IAM_ROLE_NAME="role-ops-developers"

# specify a local AWS profile name which has access to assume the above IAM role
export AWS_PROFILE_NAME="dev"

# this executes the integration test using python scripttest in the context of
# the specified IAM role which has access to SSM
iam-docker-run \
  --image billtrust/ssm-starter:build \
  --aws-role-name $IAM_ROLE_NAME \
  --profile $AWS_PROFILE_NAME \
  --host-source-path . \
  --full-entrypoint "make test"

Publishing Updates to PyPi

For the maintainer - to publish an updated version of ssm-search, increment the version number in version.py and run the following:

.. code:: shell

docker build -f ./Dockerfile.buildenv -t billtrust/ssm-starter:build .
docker run --rm -it --entrypoint make billtrust/ssm-starter:build publish

At the prompts, enter the username and password to the Billtrust pypi.org repo.

License

MIT License

Copyright (c) 2018 Factor Systems Inc.

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

.. |PyPI version| image:: https://badge.fury.io/py/ssm-starter.svg :target: https://badge.fury.io/py/ssm-starter

Keywords

FAQs


Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc