Provide environment variables to elastic beanstalk docker deployment

4
votes

I have a Dockerfile that pulls a private repo from github, by using a user Access Token: 

ARG DEPLOYMENT_TOKEN
RUN git clone https://$DEPLOYMENT_TOKEN:x-oauth-basic@github.com/company-org/api.git /tmpapp/

Now when I am creating a new app, and environment in elastic beanstalk, how can I provide elastic beanstalk with that access token when it first tries to build the docker image and deploy?

Can this be passed to the eb cli command eb create?

eb create --envvars DEPLOYMENT_TOKEN=$DEPLOYMENT_TOKEN

then when the app tries to create the environment and deploy, it will include the environment variable so that it will be able to pull from the private repo when building the docker image?

I know that eb setenv allows you to set an environment variable post successful deployment, but I want to do this for the docker build process.

I don't want to put the access token inside the Dockerrun file by using the environment key in the container descriptions.

{
  "containerDefinitions": [
    {
      "name": "myContainer",
      "image": "something",
      "environment": [
        {
          "name": "MY_DB_PASSWORD",
          "value": "password"
        }
      ],

Because that means that information is available to anyone, and anyway I'm not even sure that will work.

I also considered .ebextensions, and am looking into that now.

1
amazon-web-servicesdockeramazon-elastic-beanstalk
Yes, it should work but why don't you simply give it a try and see what happensdkarchmer
@dkarchmer I did, but the biggest issue I find is, if I am going providing build time args that I then reference in the Dockerfile, I need to be able to provide those build time arguments. The Dockerrunfile, doesn't really have any documentation, and from what I have seen doesn't have any option to include build argumentsuser1658296
You may want to avoid building this way. Instead, simply put all your code in the same place as the dockerfile and have EB deploy release everything. This way, your dockerfile just needs ADD or COPY to move files into the imagedkarchmer
Maybe the build args is just too sensitive when hardcoded to the Dockerfile itselfAditya Kresna Permana

1 Answers

0
votes

AWS has an article on this:

Microservices Service Discovery

I found couple more resources which may be of interest in configuring Service Discovery.

  1. Using S3.
  2. Using Consul in ECS.
    1. Although this post describes a way for a container to use Consul to make DNS queries to discover other services - you can also use Consul as a K/V store to store secret information.