I'm approacching now to aws.
I'm trying to store parameter in the Parameter Store of my EC2 instance, and I would get them for put in an environment variable in the AfterInstall step of Codedeploy. The deploy works, but I can't get the parameter anyway.
I tried to follow this tutorial https://aws.amazon.com/it/blogs/mt/use-parameter-store-to-securely-access-secrets-and-config-data-in-aws-codedeploy/.
I created the policy "ParameterStorePolicy" as follow:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ssm:DescribeParameters"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ssm:GetParameters"
],
"Resource": [
"arn:aws:ssm:us-east-2:<myId>:parameter/MySecureSQLPassword"
]
},
{
"Effect": "Allow",
"Action": [
"kms:Decrypt"
],
"Resource": "arn:aws:kms:us-east-2:<myId>:alias/aws/ssm"
}
]}
I attached the policy to the "CodeDeployServiceRole" that has also attached the "AWSCodeDeployRole".
Finally in my script "Afterinstall.sh" I wrote the following code:
cd /home/ubuntu/pypi
export PIPPO=$(aws ssm get-parameters --region us-east-2 --names
MySecureSQLPassword --with-decryption --query Parameters[0].Value)
echo $PIPPO >testPippo.txt
The result is a void testPippo.txt file.
Can anyone say me what I wrong?
Thank you
Check that the "ParameterStorePolicy" IAM policy is attached to the EC2 instance profile of the instance you are deploying to.
To confirm whether the instance has the correct permissions you can do either of the following: