Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
106 lines (77 sloc) 3.57 KB
title currentMenu introduction
Environment variables
php
Define environment variables for your Bref application.

Environment variables are the perfect solution to configure the application (as recommended in the 12 factor guide).

Definition

Environment variables can be defined in template.yml.

To define an environment variable that will be available in all functions declare it in the Globals section:

# Define your global variables in the `Globals` section
Globals:
    Function:
        Environment:
            Variables:
                MY_VARIABLE: 'my value'

# Define your functions in the `Resources` section
Resources:
    # ...

To define an environment variable that will be available in a specific function declare it inside the function's properties:

Resources:
    MyFunction:
        Type: AWS::Serverless::Function
        Properties:
            # ...
            Environment:
                Variables:
                    MY_VARIABLE: 'my value'

Do not store secret values in template.yaml directly. Check out the next section to handle secrets.

Secrets

Secrets (API tokens, database passwords, etc.) should not be defined in template.yaml and committed into your git repository.

Instead you can use the SSM parameter store, a free service provided by AWS.

To create a parameter:

  • go into the SSM parameter store console and make sure you are in the same region as your application
  • click "Create parameter"
  • it is recommended to prefix the parameter name with your application name, e.g. /my-app/my-parameter
  • set the secret in "Value" and save

To import the SSM parameter into an environment variable you can use a dynamic reference: {{resolve:ssm:<parameter>:<version>}}, for example:

        Environment:
            Variables:
                MY_PARAMETER: '{{resolve:ssm:/my-app/my-parameter:1}}'

Remember to update the parameter version in template.yaml anytime you change the value of the parameter. You will need to redeploy the application as well.

An alternative: AWS Secrets Manager

As an alternative you can also store secrets in AWS Secrets Manager. This solution, while very similar to SSM, will provide:

However Secrets Manager is not free: pricing details.

Local development

When developing locally using SAM you can override environment variables via the --env-vars option:

sam local invoke <Function> --env-vars env.json

The env.json JSON file can either define environment variables for all functions using the Parameters key:

{
    "Parameters": {
        "API_KEY": "8358deb1-ffb4-4077-90d7"
    }
}

or for individual functions using the name of the function in template.yaml:

{
    "WebsiteFunction": {
        "API_KEY": "99016f5d-ab7e-4a80-9892"
    },
    "ConsoleFunction": {
        "API_KEY": "8358deb1-ffb4-4077-90d7"
    }
}
You can’t perform that action at this time.