Setting the Parameter Store Connection Parameters

You can use the AWS Systems Manager Parameter Store to override the property value set in your Flogo app. You do so by creating the property in the Parameter Store and assigning it the value with which to override the default value set in the app. You can create a standalone property or a hierarchy (group) in which your property resides.

Prerequisites

This document assumes that you have an AWS account and the Parameter Store and are familiar with its use. Refer to the AWS documentation for more information on the Parameter Store.
To create a standalone property (without hierarchy), you simply enter the property name when creating it. To create a property within a hierarchy enter the hierarchy in the following format when creating the property: <param_prefix>/<property_name> where <param_prefix> is a meaningful string or hierarchy that serves as a path to the property name in Parameter Store and <property_name> is the name of the application property whose value you want to override. For example, in dev/Timer/Message and test/Timer/Message /dev/Timer and test/Timer are the <param_prefix> which could stand for the dev and test environments and Message is the key name. During runtime, you provide the <param_prefix> value which tells your app the location in Parameter Store from where to access the property values.
Important: The parameter name in Parameter Store must be identical to its counterpart (application property) in the Application Properties dialog in TIBCO Cloud Integration- Flogo (PAYG). If the parameter names do not match exactly, you will receive a warning message and the app will use the default value that you configured for the property in TIBCO Cloud Integration- Flogo (PAYG).
Important: A single application property, for example Message, will be looked up by your app as either Message or <param_prefix>/Message in Parameter Store. An application property within a hierarchy such as x.y.z will be looked up as x/y/z or <param_prefix>/x/y/z in Parameter Store. Note that the dot in the hierarchy is represented by a forward slash (/) in the Parameter Store.

After you have configured the application properties in the Parameter Store, you need to set the environment variable, FLOGO_APP_PROPS_AWS with the Parameter Store connection parameters in order for your app to connect to the Parameter Store. When you set the environment variable, it triggers your app to run, which connects to the Parameter Store using the Parameter Store connection parameters you provided and pulls the app property values from the param_prefix location you set by matching the application property name with the param_name. Hence, it is mandatory for the property names to be identical to the application property names defined in the Application Properties dialog in TIBCO Cloud Integration- Flogo (PAYG).

You can set the FLOGO_APP_PROPS_AWS environment variable either by manually entering the values as a JSON string on the command line or placing the properties in a file and using the file as input to the FLOGO_APP_PROPS_AWS environment variable.

If your Container is Not Running on ECS or EKS

If the container in which your app resides is running external to ECS, you must enter the values for access_key_id and secret_access_key parameters when setting the FLOGO_APP_PROPS_AWS environment variable.

Entering the Parameter Store Values as a JSON String

To enter the Parameter Store connection parameters as a JSON string, enter the parameters and their value using the comma delimiter. The following example illustrates how to set the values as JSON strings. This would be run from the location where your app resides:

FLOGO_APP_PROPS_AWS="{"access_key_id":"SECRET:XXXXXXXXXXXXX","secret_access_key":"SECRET:XXXXXXXXXXX","region":"us-west-2","param_prefix":"/MyFlogoApp/Dev/"}"
where /MyFlogoApp/Dev/ is the param_prefix (path to the properties) and SECRET is the encrypted version of the key or key_id obtained from the Parameter Store.

This will connect to the Parameter Store and pull the values for the properties and override their default values that were set in the app.

Refer to Parameter Store Connection Parameters section for a description of the parameters.

Setting the Parameter Store Values Using a File

To set the parameter values in a file, create a .json file, for example, aws_config.json containing the parameter values. Here's an example:
{
    "access_key_id": "SECRET:b0UaK3bTyD9wN+ZJkmlKRmojhAv+",
    "param_prefix": "/MyFlogoApp/dev/",
    "secret_access_key": "SECRET:b0UaK3bTyD9wN+ZJkmlKRmojhAv+",
    "region": "us-west-2",
}

Place the aws_config.json file in the same directory which contains your application binary.

You would then run the following from the location where your app binary resides to set the FLOGO_APP_PROPS_AWS environment variable. For example, to use the aws_config.json file from the example above, run:
FLOGO_APP_PROPS_AWS=aws_config.json ./<app_binary_name>

This will connect to the Parameter Store to pull the overridden application properties values from the Parameter Store and run your app with those values.

If your Container is Running on ECS or EKS

In case your Flogo apps are running in ECS and intend to leverage the EC2 instance credentials, set use_iam_role to true . The values for access_key_id and secret_access_key will be gathered from the running container. Ensure that the ECS task has the permission to access the param store.

The IAM role that you use must have permissions to access parameter(s) from the AWS Systems Manager Parameter Store. The following policy must be configured for IAM role:

{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Action":[
            "ssm:GetParamaters",
            "ssm:GetParamatersByPath",
         ],
         "Effect":"Allow",
         "Resource":"*"
      }
   ]
}

The following is an example of how to set the FLOGO_APP_PROPS_AWS environment variable when your container is running on ECS. Notice that the values for access_key_id and secret_access_key are omitted:

FLOGO_APP_PROPS_AWS="{\"use_iam_role\":true, \"region\":\"us-west-2\"}" ./Timer-darwin-amd64