Setting the Parameter Store Connection Parameters
You can use the AWS Systems Manager Parameter Store to override the property value set in your Flogo app. You do so by creating the property in the Parameter Store and assigning it the value with which to override the default value set in the app. You can create a standalone property or a hierarchy (group) in which your property resides.
Prerequisites
After you have configured the application properties in the Parameter Store, you need to set the environment variable, FLOGO_APP_PROPS_AWS with the Parameter Store connection parameters in order for your app to connect to the Parameter Store. When you set the environment variable, it triggers your app to run, which connects to the Parameter Store using the Parameter Store connection parameters you provided and pulls the app property values from the param_prefix location you set by matching the application property name with the param_name. Hence, it is mandatory for the property names to be identical to the application property names defined in the Application Properties dialog in TIBCO Cloud Integration- Flogo (PAYG).
You can set the FLOGO_APP_PROPS_AWS environment variable either by manually entering the values as a JSON string on the command line or placing the properties in a file and using the file as input to the FLOGO_APP_PROPS_AWS environment variable.
If your Container is Not Running on ECS or EKS
If the container in which your app resides is running external to ECS, you must enter the values for access_key_id and secret_access_key parameters when setting the FLOGO_APP_PROPS_AWS environment variable.
Entering the Parameter Store Values as a JSON String
To enter the Parameter Store connection parameters as a JSON string, enter the parameters and their value using the comma delimiter. The following example illustrates how to set the values as JSON strings. This would be run from the location where your app resides:
FLOGO_APP_PROPS_AWS="{"access_key_id":"SECRET:XXXXXXXXXXXXX","secret_access_key":"SECRET:XXXXXXXXXXX","region":"us-west-2","param_prefix":"/MyFlogoApp/Dev/"}"where /MyFlogoApp/Dev/ is the param_prefix (path to the properties) and SECRET is the encrypted version of the key or key_id obtained from the Parameter Store.
This will connect to the Parameter Store and pull the values for the properties and override their default values that were set in the app.
Refer to Parameter Store Connection Parameters section for a description of the parameters.
Setting the Parameter Store Values Using a File
{ "access_key_id": "SECRET:b0UaK3bTyD9wN+ZJkmlKRmojhAv+", "param_prefix": "/MyFlogoApp/dev/", "secret_access_key": "SECRET:b0UaK3bTyD9wN+ZJkmlKRmojhAv+", "region": "us-west-2", }
Place the aws_config.json file in the same directory which contains your application binary.
FLOGO_APP_PROPS_AWS=aws_config.json ./<app_binary_name>
This will connect to the Parameter Store to pull the overridden application properties values from the Parameter Store and run your app with those values.
If your Container is Running on ECS or EKS
In case your Flogo apps are running in ECS and intend to leverage the EC2 instance credentials, set use_iam_role to true . The values for access_key_id and secret_access_key will be gathered from the running container. Ensure that the ECS task has the permission to access the param store.
The IAM role that you use must have permissions to access parameter(s) from the AWS Systems Manager Parameter Store. The following policy must be configured for IAM role:
{ "Version":"2012-10-17", "Statement":[ { "Action":[ "ssm:GetParamaters", "ssm:GetParamatersByPath", ], "Effect":"Allow", "Resource":"*" } ] }
The following is an example of how to set the FLOGO_APP_PROPS_AWS environment variable when your container is running on ECS. Notice that the values for access_key_id and secret_access_key are omitted:
FLOGO_APP_PROPS_AWS="{\"use_iam_role\":true, \"region\":\"us-west-2\"}" ./Timer-darwin-amd64