Setting the Parameter Store Connection Parameters

Note: The information in this section is applicable for an app executable only.

You can use the AWS Systems Manager Parameter Store to override the property value set in your Flogo app. You do so by creating the property in the Parameter Store and assigning it the value with which to override the default value set in the app. You can create a standalone property or a hierarchy (group) in which your property resides.

Before you beginThis document assumes that you have an AWS account and the Parameter Store and are familiar with its use. Refer to the AWS documentation for more information on the Parameter Store.

To create a standalone property (without hierarchy), you simply enter the property name when creating it. To create a property within a hierarchy, enter the hierarchy in the following format when creating the property: <param_prefix>/<property_name>, where <param_prefix> is a meaningful string or hierarchy that serves as a path to the property name in Parameter Store and <property_name> is the name of the app property whose value you want to override.

For example, in dev/Timer/Message and test/Timer/Message/dev/Timer and test/Timer are the <param_prefix> which could stand for the dev and test environments respectively, and Message is the key name. During runtime, you provide the <param_prefix> value, which tells your app the location in the Parameter Store from where to access the property values.

Warning:
  • The parameter name in the Parameter Store must be identical to its counterpart (app property) in the Application Properties dialog in Flogo. If the parameter names do not match exactly, a warning message is displayed, and the app uses the default value that you configured for the property in Flogo.

  • A single app property, for example Message, is looked up by your app as either Message or <param_prefix>/Message in the Parameter Store. An app property within a hierarchy such as x.y.z is looked up as x/y/z or <param_prefix>/x/y/z in the Parameter Store. Note that the dot in the hierarchy is represented by a forward slash (/) in the Parameter Store.

After you have configured the app properties in the Parameter Store, you need to set the environment variable FLOGO_APP_PROPS_AWS, with the Parameter Store connection parameters for your app to connect to the Parameter Store. When you set the environment variable, it triggers your app to run, which connects to the Parameter Store using the Parameter Store connection parameters you provided and pulls the app property values from the param_prefix location you set by matching the app property name with the param_name. Hence, the property names must be identical to the app property names defined in the Environmental Controls tab on the Data Plane.

You can set the FLOGO_APP_PROPS_AWS environment variable by manually entering the values as a JSON string on the Engine Variables list on the Environmental Controls tab on the Data Plane.

If your Container is Not running on ECS or EKS

If the container in which your app resides is running external to ECS, you must enter the values for access_key_id and secret_access_key parameters when setting the FLOGO_APP_PROPS_AWS environment variable.

Entering the Parameter Store Values as a JSON string

To enter the Parameter Store connection parameters as a JSON string, enter the parameters and their value using the comma delimiter. The following example illustrates how to set the values as JSON strings. This would be run from the location where your app resides:

FLOGO_APP_PROPS_AWS="{"access_key_id":"SECRET:XXXXXXXXXXXXX",
"secret_access_key":"SECRET:XXXXXXXXXXX",
"region":"us-west-2",
"param_prefix":"/MyFlogoApp/Dev/",
"session_token": "IQoJARACGgw3NzcyODEwMjI2NDUiDI7FCJ5x2omxOgQsXyrfAiJaG9ETAVORjAmDvWkwZnbPInKElfW3
DK7dd5kEU5Dsr4tGv0bck7fTJX8CXEr8xh5GkRbWIhPxoodaM+6/fB52XgQH8hmQ5IzigfJRJtq6VkaYg
Jha7zaPhH0Yeb0y+bBFp1km5LwjZMpmWmhWy4/pc359mgdVCe9Xf2g6/kctLtQJHeiYxHEzYO/krZi1Xb
kXTRI1tCMzHas0gp4bpk4ViUBLVljlFgZT3lFOgIO+fxil3fjjuTEg/ndSX7JtmKI="}

Where /MyFlogoApp/Dev/ is the param_prefix (path to the properties) and SECRET is the encrypted version of the key or key_id obtained from the Parameter Store.

This connects to the Parameter Store, pulls the values for the properties, and overrides the default values that were set in the app.

For a description of the parameters, see Parameter Store Connection Parameters.

If your Container is running on ECS or EKS

In case your Flogo apps are running in ECS and intend to use the EC2 instance credentials, set use_iam_role to true. The values for access_key_id and secret_access_key are gathered from the running container. Ensure that the ECS task has permission to access the param store.

The IAM role that you use must have permissions to access one or more parameters from the AWS Systems Manager Parameter Store. The following policy must be configured for the IAM role:

{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Action":[
            "ssm:GetParamaters",
            "ssm:GetParamatersByPath",
         ],
         "Effect":"Allow",
         "Resource":"*"
      }
   ]
}

The following is an example of how to set the FLOGO_APP_PROPS_AWS environment variable when your container is running on ECS. Notice that the values for access_key_id and secret_access_key are omitted:

FLOGO_APP_PROPS_AWS="{\"use_iam_role\":true, \"region\":\"us-west-2\"}" ./Timer-darwin-amd64