Last active
December 30, 2015 15:48
-
-
Save gmr/c8966a70747ea20ab009 to your computer and use it in GitHub Desktop.
Docker entrypoint bash script that enables 12FA style environment variable configuration for apps using S3 for storage of the environment variables.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Docker Entrypoint for running an application after using AWS instance data and | |
| # the aws cli to fetch and source environment variable configuration from S3. | |
| # | |
| # tldr Required Environment Variables | |
| # | |
| # - CONFIG_S3_BUCKET: The name of the S3 bucket where the config lives | |
| # - SERVICE: The name of the service for retrieving the config | |
| # | |
| # or | |
| # | |
| # - ENVIRONMENT: Set to development to bypass AWS environment config activity | |
| # | |
| # The goal is to enable multiple environments (test, staging, prod, etc) to run | |
| # off the same docker image allowing for a single task definition in ECS, etc. | |
| # | |
| # It requires that the EC2 instances that the docker containers are running on | |
| # are tagged with a variable named "Environment" that defines which environment | |
| # for the containers. | |
| # | |
| # If ENVIRONMENT is not "development", SERVICE must be set to the service name | |
| # | |
| # The CONFIG_S3_BUCKET environment variable must be set to the S3 bucket that | |
| # the configuration data in the following path: | |
| # | |
| # /${ENVIRONMENT}/${SERVICE}/env.vars | |
| # | |
| # Which would be accessible via the following S3 URL: | |
| # | |
| # s3://${CONFIG_S3_BUCKET}/${ENVIRONMENT}/{SERVICE}/env.vars | |
| # | |
| # Requires the awscli python package/application installed | |
| # | |
| # Requires a IAM profile that has the following settings | |
| # | |
| # { | |
| # "Version": "2012-10-17", | |
| # "Statement": [{ | |
| # "Sid": "Stmt1449201368000", | |
| # "Effect": "Allow", | |
| # "Action": [ | |
| # "s3:ListBucket" | |
| # ], | |
| # "Resource": [ | |
| # "arn:aws:s3:::${CONFIG_S3_BUCKET}", | |
| # ] | |
| # }, { | |
| # "Sid": "Stmt1449201427000", | |
| # "Effect": "Allow", | |
| # "Action": [ | |
| # "s3:GetObject" | |
| # ], | |
| # "Resource": [ | |
| # "arn:aws:s3:::${CONFIG_S3_BUCKET}/*", | |
| # ] | |
| # }, { | |
| # "Effect": "Allow", | |
| # "Action": ["ec2:DescribeTags"], | |
| # "Resource": ["*"] | |
| # }] | |
| # } | |
| # | |
| # Note to bypass the AWS environment, set the ENVIRONMENT env variable set to | |
| # development. | |
| # | |
| if [ "${ENVIRONMENT}" -ne "development" ] | |
| then | |
| # Get the information required to use S3 to sync the environment variable data | |
| INSTANCE=`curl -s http://instance-data/latest/meta-data/instance-id` | |
| REGION=`curl -s http://instance-data/latest/meta-data/placement/availability-zone | rev | cut -c 2- | rev` | |
| ENVIRONMENT="`aws ec2 describe-tags --filters "Name=resource-id,Values=${INSTANCE}" "Name=key,Values=Environment" --region ${REGION} --output=text | cut -f5`" | |
| # Copy the environment variables | |
| aws s3 cp s3://${CONFIG_S3_BUCKET}/${ENVIRONMENT}/${SERVICE}/env.vars /etc/profile.d/ | |
| # Activate the environment variables for the execution of the application | |
| source /etc/profile.d/env.vars | |
| fi | |
| # Run the Docker CMD passed in | |
| exec $@ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment