Setting the Parameter Store Connection Parameters
You can use the AWS Systems Manager Parameter Store to override the property value set in your Flogo app. You do so by creating the property in the Parameter Store and assigning it the value with which to override the default value set in the app. You can create a standalone property or a hierarchy (group) in which your property resides.
<param_prefix>/<property_name>
, where
<param_prefix>
is a meaningful string or hierarchy that serves as a path to the property name in Parameter Store and
<property_name>
is the name of the app property whose value you want to override. dev/Timer/Message
and
test/Timer/Message
/dev/Timer
and
test/Timer
are the
<param_prefix>
which could stand for the dev and test environments respectively, and
Message
is the key name. During runtime, you provide the
<param_prefix>
value, which tells your app the location in the Parameter Store from where to access the property values.
- A single app property, for example,
Message
, is looked up by your app as eitherMessage
or<param_prefix>/Message
in the Parameter Store. An app property within a hierarchy such asx.y.z
is looked up asx/y/z
or<param_prefix>/x/y/z
in the Parameter Store. Note that the dot in the hierarchy is represented by a forward slash (/) in the Parameter Store. - The parameter name in the Parameter Store must be identical to its counterpart (app property) in the Application Properties dialog in Flogo. If the parameter names do not match exactly, a warning message is displayed, and the app uses the default value that you configured for the property in Flogo.
After you have configured the app properties in the Parameter Store, you need to set the environment variable,
FLOGO_APP_PROPS_AWS
, with the Parameter Store connection parameters for your app to connect to the Parameter Store. When you set the environment variable, it triggers your app to run, which connects to the Parameter Store using the Parameter Store connection parameters you provided and pulls the app property values from the
param_prefix
location you set by matching the app property name with the
param_name
. Hence, the property names must be identical to the app property names defined in the
Application Properties dialog in
Flogo.
You can set the
FLOGO_APP_PROPS_AWS
environment variable by manually placing the properties in a file and using the file as input to the
FLOGO_APP_PROPS_AWS
environment variable.
If your Container is Not running on ECS or EKS
If the container in which your app resides is running external to ECS, you must enter the values for
access_key_id
and
secret_access_key
parameters when setting the
FLOGO_APP_PROPS_AWS
environment variable.
Setting the Parameter Store values using a file
To set the parameter values in a file, create a
.json
file, for example,
aws_config.json
containing the parameter values. Here is an example:
{
"access_key_id": "SECRET:b0UaK3bTyD9wN+ZJkmlKRmojhAv+",
"param_prefix": "/MyFlogoApp/dev/", "secret_access_key": "SECRET:b0UaK3bTyD9wN+ZJkmlKRmojhAv+",
"region": "us-west-2",
"session_token":"SECRET:1UBrEIezye8W1mmx7NLAiQzopmp58kUa02XdpmxYqVvkGKUrdN+wgCeH3mxZ"
}
Place the
aws_config.json
file in the same directory, which contains your app binary.
Run the following from the location where your app binary resides to set the
FLOGO_APP_PROPS_AWS
environment variable. For example, to use the
aws_config.json
file from the example above, run:
FLOGO_APP_PROPS_AWS=aws_config.json ./<app_binary_name>
This connects to the Parameter Store, pulls the overridden app properties values from the Parameter Store, and runs your app with those values.
If your Container is running on ECS or EKS
In case your Flogo apps are running in ECS and intend to use the EC2 instance credentials, set
use_iam_role
to
true
. The values for
access_key_id
and
secret_access_key
are gathered from the running container. Ensure that the ECS task has permission to access the param store.
The IAM role that you use must have permissions to access the parameters from the AWS Systems Manager Parameter Store. The following policy must be configured for the IAM role:
{ "Version":"2012-10-17", "Statement":[ { "Action":[ "ssm:GetParamaters", "ssm:GetParamatersByPath", ], "Effect":"Allow", "Resource":"*" } ] }
The following is an example of how to set the
FLOGO_APP_PROPS_AWS
environment variable when your container is running on ECS. Notice that the values for
access_key_id
and
secret_access_key
are omitted:
FLOGO_APP_PROPS_AWS="{\"use_iam_role\":true, \"region\":\"us-west-2\"}" ./Timer-darwin-amd64