How to use dynamic key for `parameter-store` in AWS CodeBuild spec file?

Question

I have a buildspec.yml file in my CodeBuild that I want to read values out of EC2 Systems Manager Parameter Store. CodeBuild supports doing this via the parameter-store attribute in your spec file.

Problem is, I can't figure out how to use enviornment Variables that are set BEFORE the buidlspec executes.

Here is an example:

version: 0.2
env:
  variables:    
    RUNTIME: "nodejs8.10"
  #parameter-store vars are in the format /[stage]/[repo]/[branch]/[eyecatcher]/key
  parameter-store: #see https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html#build-spec-ref-syntax
    LAMBDA_EXECUTION_ROLE_ARN: "/${STAGE}/deep-link/${BRANCH}/GetUri/lambdaExecutionRoleArn"
    ENV_SAMPLE_KEY: "/${STAGE}/deep-link/${BRANCH}/GetUri/key1"

phases:
  install:
    commands:  
      ...

As you can see I'm doing the AWS best practice for name-spacing the EC2 Systems Manager Parameter Store keys. I want to re-use this build spec for all my stages, so hard coding is not an option. The vars I use in the Value string are populated as EnvironmentVariables in my CodeBuild project - so they are available before the spec runs.

How do I dynamically populate the Value of the parameter-store Keys with something that is not hard coded?

Subin Mathew Subin Mathew · Accepted Answer · 2020-02-15T00:51:28

This variable expansion is now supported in CodeBuild for parameter-store use case. You can define any environment variable in your buildspec and have that referenced in the path to fetch the parameter store.

version: 0.2
env:
  variables:
    stage: PRE_PROD
  parameter-store:
    encryptedVar: CodeBuild-$stage
phases:
  build:
    commands:
      - echo $encryptedVar

How to use dynamic key for `parameter-store` in AWS CodeBuild spec file?

3 Answers