Setting the Parameter Store Connection Parameters
You can use the AWS Systems Manager Parameter Store to override the property value set in your Flogo app. You do so by creating the property in the Parameter Store and assigning it the value with which to override the default value set in the app. You can create a standalone property or a hierarchy (group) in which your property resides.
To create a standalone property (without hierarchy), you simply enter the property name when creating it. To create a property within a hierarchy, enter the hierarchy in the following format when creating the property:
<param_prefix>/<property_name>
, where
<param_prefix>
is a meaningful string or hierarchy that serves as a path to the property name in Parameter Store and
<property_name>
is the name of the app property whose value you want to override.
For example, in
dev/Timer/Message
and
test/Timer/Message
/dev/Timer
and
test/Timer
are the
<param_prefix>
which could stand for the dev and test environments respectively, and
Message
is the key name. During runtime, you provide the
<param_prefix>
value, which tells your app the location in the Parameter Store from where to access the property values.
-
The parameter name in the Parameter Store must be identical to its counterpart (app property) in the Application Properties dialog in Flogo. If the parameter names do not match exactly, a warning message is displayed, and the app uses the default value that you configured for the property in Flogo.
-
A single app property, for example
Message
, is looked up by your app as eitherMessage
or<param_prefix>/Message
in the Parameter Store. An app property within a hierarchy such asx.y.z
is looked up asx/y/z
or<param_prefix>/x/y/z
in the Parameter Store. Note that the dot in the hierarchy is represented by a forward slash (/) in the Parameter Store.
After you have configured the app properties in the Parameter Store, you need to set the environment variable
FLOGO_APP_PROPS_AWS
, with the Parameter Store connection parameters for your app to connect to the Parameter Store. When you set the environment variable, it triggers your app to run, which connects to the Parameter Store using the Parameter Store connection parameters you provided and pulls the app property values from the
param_prefix
location you set by matching the app property name with the
param_name
. Hence, the property names must be identical to the app property names defined in the
Environmental Controls tab on the Data Plane.
You can set the
FLOGO_APP_PROPS_AWS
environment variable by manually entering the values as a JSON string on the Engine Variables list on the Environmental Controls tab on the Data Plane.
If your Container is Not running on ECS or EKS
If the container in which your app resides is running external to ECS, you must enter the values for
access_key_id
and
secret_access_key
parameters when setting the
FLOGO_APP_PROPS_AWS
environment variable.
Entering the Parameter Store Values as a JSON string
To enter the Parameter Store connection parameters as a JSON string, enter the parameters and their value using the comma delimiter. The following example illustrates how to set the values as JSON strings. This would be run from the location where your app resides:
FLOGO_APP_PROPS_AWS="{"access_key_id":"SECRET:XXXXXXXXXXXXX",
"secret_access_key":"SECRET:XXXXXXXXXXX",
"region":"us-west-2",
"param_prefix":"/MyFlogoApp/Dev/",
"session_token": "IQoJARACGgw3NzcyODEwMjI2NDUiDI7FCJ5x2omxOgQsXyrfAiJaG9ETAVORjAmDvWkwZnbPInKElfW3
DK7dd5kEU5Dsr4tGv0bck7fTJX8CXEr8xh5GkRbWIhPxoodaM+6/fB52XgQH8hmQ5IzigfJRJtq6VkaYg
Jha7zaPhH0Yeb0y+bBFp1km5LwjZMpmWmhWy4/pc359mgdVCe9Xf2g6/kctLtQJHeiYxHEzYO/krZi1Xb
kXTRI1tCMzHas0gp4bpk4ViUBLVljlFgZT3lFOgIO+fxil3fjjuTEg/ndSX7JtmKI="}
Where
/MyFlogoApp/Dev/
is the param_prefix (path to the properties) and
SECRET
is the encrypted version of the key or key_id obtained from the Parameter Store.
This connects to the Parameter Store, pulls the values for the properties, and overrides the default values that were set in the app.
For a description of the parameters, see Parameter Store Connection Parameters.
If your Container is running on ECS or EKS
In case your Flogo apps are running in ECS and intend to use the EC2 instance credentials, set
use_iam_role
to
true
. The values for
access_key_id
and
secret_access_key
are gathered from the running container. Ensure that the ECS task has permission to access the param store.
The IAM role that you use must have permissions to access one or more parameters from the AWS Systems Manager Parameter Store. The following policy must be configured for the IAM role:
{ "Version":"2012-10-17", "Statement":[ { "Action":[ "ssm:GetParamaters", "ssm:GetParamatersByPath", ], "Effect":"Allow", "Resource":"*" } ] }
The following is an example of how to set the
FLOGO_APP_PROPS_AWS
environment variable when your container is running on ECS. Notice that the values for
access_key_id
and
secret_access_key
are omitted:
FLOGO_APP_PROPS_AWS="{\"use_iam_role\":true, \"region\":\"us-west-2\"}" ./Timer-darwin-amd64