2.1.0 • Published 4 years ago

@etrigan/config-driver-ssm v2.1.0

Weekly downloads
35
License
MIT
Repository
github
Last release
4 years ago

Etrigan AWS SSM Parameter Store Config Driver

Allows Etrigan config to load values from AWS Parameter store

Example

import { loadConfig, getConfigRecords, registerDriver } from '@etrigan/config'
import { parameterStoreConfigDriver } from '@etrigan/config-driver-ssm'

registerDriver(parameterStoreConfigDriver)

const config = loadConfig<Config>({
    values: await getConfigRecords('ssm:///my-app/dev param1,param2 region=ap-southeast-2'),
    validateConfig: {
        val: 'required-string',
        secret: 'required-string',
    },
})

Creating keys

Configuration parameters for all environments and applications can be managed using the EC2 Management Console, Systems Manager Console, aws ssm CLI interface.

All parameters have a forward-slash separated prefix followed by a key name. We use the prefix to denote environment and application name, and the key name is interpreted by the application.

E.g. ///

The key name should be in lower-camel case, as per typical Javascript naming.

Loading keys

When an application starts, it should use the Etrigan library to connect to the Parameter Store and read all configuration keys for a given prefix. Etrigan can be configured to read the desired prefix with the following environment variable:

CONFIG_DRIVER="ssm:///<environment>/<application>/ region=ap-southeast-2"

IAM Policies

Permissions to keys are assigned using string matching against the full key name (including prefix).

Encryption via KMS

Configuration secrets (such as service account passwords) can be encrypted at rest using KMS Encryption Keys.

Validating values

Keys can be fetched from SSM using aws ssm get parameters-by-path:

Result

aws ssm get-parameters-by-path --path '/dev/app-name/' --region ap-southeast-2

{
  "Parameters": [
    {
      "Version": 1,
      "Type": "String",
      "Name": "/dev/app-name/someConfigKey",
      "Value": "Config value"
    },
    {
      "Version": 1,
      "Type": "String",
      "Name": "/dev/the-west/anotherConfigKey",
      "Value": "Config value 2"
    },
    [...]
  ]
}
2.1.0

4 years ago

2.0.1

4 years ago

2.0.0

4 years ago

1.0.0

5 years ago

0.2.0

5 years ago

0.1.1

5 years ago

0.1.0

5 years ago