-
-
Save codelinx/1db2df54694b27a513661b091f39b743 to your computer and use it in GitHub Desktop.
Get secret parameters from Amazon EC2 Parameter Store
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if (process.argv.length < 3) { | |
| throw `Usage: ${process.argv[1]} path_prefix` | |
| } | |
| const PATH_PREFIX = process.argv[2] | |
| const path = require('path') | |
| const AWS = require('aws-sdk') | |
| const ssm = new AWS.SSM() | |
| function getParametersByPath(nextToken, callback) { | |
| const params = { Path: PATH_PREFIX, Recursive: true, WithDecryption: true } | |
| if (nextToken) params['NextToken'] = nextToken | |
| ssm.getParametersByPath(params, (err, data) => { | |
| if (err) throw err | |
| callback(data) | |
| }) | |
| } | |
| function printParameter(parameter) { | |
| const envName = path.basename(parameter.Name) | |
| console.log(`${envName}="${parameter.Value}"`) | |
| } | |
| function handleResponse(response) { | |
| if (response.Parameters.length === 0) return | |
| response.Parameters.forEach(printParameter) | |
| if (!response.NextToken) return | |
| getParametersByPath(response.NextToken, handleResponse) | |
| } | |
| getParametersByPath(null, handleResponse) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from os import path | |
| from sys import argv | |
| import boto3 | |
| if len(argv) < 2: | |
| raise "Usage: %s path" % argv[0] | |
| PATH = argv[1] | |
| SSM = boto3.client('ssm') | |
| def get_parameters_by_path(next_token = None): | |
| params = { | |
| 'Path': PATH, | |
| 'Recursive': True, | |
| 'WithDecryption': True | |
| } | |
| if next_token is not None: | |
| params['NextToken'] = next_token | |
| return SSM.get_parameters_by_path(**params) | |
| def parameters(): | |
| next_token = None | |
| while True: | |
| response = get_parameters_by_path(next_token) | |
| parameters = response['Parameters'] | |
| if len(parameters) == 0: | |
| break | |
| for parameter in parameters: | |
| yield parameter | |
| if 'NextToken' not in response: | |
| break | |
| next_token = response['NextToken'] | |
| def print_env_vars(parameter): | |
| env_name = path.basename(parameter['Name']) | |
| env_value = parameter['Value'] | |
| print("%s=\"%s\"" % (env_name, env_value)) | |
| def main(): | |
| for parameter in parameters(): | |
| print_env_vars(parameter) | |
| if __name__ == "__main__": | |
| main() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| require 'aws-sdk' | |
| raise "Usage: #{$0} path" if ARGV[0].nil? | |
| PATH = ARGV[0] | |
| SSM = Aws::SSM::Client.new | |
| def get_parameters_by_path(next_token = nil) | |
| params = { | |
| path: PATH, | |
| recursive: true, | |
| with_decryption: true, | |
| } | |
| params[:next_token] = next_token unless next_token.nil? | |
| SSM.get_parameters_by_path(params) | |
| end | |
| def parameters | |
| next_token = nil | |
| while true | |
| response = get_parameters_by_path(next_token) | |
| break if response.parameters.empty? | |
| response.parameters.each { |parameter| yield parameter } | |
| next_token = response.next_token | |
| break if next_token.nil? | |
| end | |
| end | |
| def print_env_vars(parameter) | |
| env_name = File.basename(parameter.name) | |
| env_value = parameter.value | |
| puts "#{env_name}=\"#{env_value}\"" | |
| end | |
| parameters { |p| print_env_vars p } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash +x | |
| # Usage: get_ssm_parameters.sh aws_region path_prefix | |
| # $1 aws_region : SSM Parameter Region (ex. ap-northeast-1) | |
| # $2 path_prefix: SSM Parameter Path prefix (ex. /app/api/staging) | |
| # IAM Policy example: | |
| # { | |
| # "Version": "", | |
| # "Statement": [{ | |
| # "Sid": "" | |
| # "Effect": "Allow" | |
| # "Action": ["ssm:GetParametersByPath]" | |
| # "Resource": "arn:aws:ssm:YOUR_REGION:YOUR_AWS_ACCOUNT_ID:parameter/app/api/staging/*" | |
| # }] | |
| # } | |
| # jq is required. | |
| if [ $# -lt 2 ]; then | |
| echo "Usage: $0 aws_region path_prefix" 1>&2 | |
| exit 1 | |
| fi | |
| readonly AWS_REGION="${1}" | |
| readonly PATH_PREFIX="${2}" | |
| # $1 nextToken | |
| get_parameters_by_path() { | |
| local nextToken="${1}" | |
| aws ssm get-parameters-by-path --region "${AWS_REGION}" \ | |
| --path "${PATH_PREFIX}" --recursive --with-decryption \ | |
| $([ -z ${nextToken} ] || echo "--next-token ${nextToken}") | |
| } | |
| # $1 parameterName | |
| # $2 parameterValue | |
| print_env_vars() { | |
| local envName=$(basename "${1}") | |
| local envValue="${2}" | |
| echo "${envName}=\"${envValue}\"" | |
| } | |
| print_parameters() { | |
| local nextToken="" | |
| while true; do | |
| responseJson=$(get_parameters_by_path "${nextToken}") | |
| declare -i parameterCount=$(echo ${responseJson} | jq -c '.Parameters[].Name' | wc -l) | |
| [ ${parameterCount} -lt 1 ] && break | |
| echo $responseJson | jq -r '.Parameters[]|[.Name,.Value] | @sh' | while read LINE; do | |
| declare -a nameAndValue=($(echo $LINE | tr -d \')) | |
| print_env_vars ${nameAndValue[@]} | |
| done | |
| nextToken=$(echo ${responseJson} | jq -r '.NextToken') | |
| if [ -z ${nextToken} ] || [[ ${nextToken} == "null" ]]; then | |
| break | |
| fi | |
| done | |
| } | |
| print_parameters |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment