Having issues exporting AWS SSM parameter value to Nuxt environment variable

[nicholas5538]

Environment

Production

Reproduction

No reproduction is required.

Describe the bug

Deployment to production is successful, but I'm having some issues passing a parameter value from AWS SSM to a env file, it's undefined no matter what I do. Thus, my useAsyncData is returning an error.

Here are my codes for the amplify.yml file as well as the runtimeConfig object on my nuxt.config.ts file. Only config.githubSecret is undefined, the public githubBaseUrl is working.

Is AWS SSM not supported for deploying to production? Must I set the environment variables under the build settings on the AWS Amplify console?

Thanks in advance.

amplify.yml

version: 1
frontend:
  phases:
    preBuild:
      commands:
        - nvm install 21.5.0 && node --version
        - corepack enable pnpm
        - pnpm install --frozen-lockfile
    build:
      commands:
        - export NUXT_GITHUB_SECRET=$(aws ssm get-parameter --name "/amplify/d2zk1p9qtbvjcd/main/AMPLIFY_secrets_nuxt_GITHUB_SECRET" --with-decryption --query Parameter.Value --output text)
        - echo "NUXT_GITHUB_SECRET=$NUXT_GITHUB_SECRET" >> .env
        - pnpm run build
  artifacts:
    baseDirectory: .amplify-hosting
    files:
      - "**/*"
  cache:
    paths:
      - node_modules/**/*

nuxt.config.ts

nitro: { preset: "aws-amplify" },
runtimeConfig: {
    /// Tried with githubSecret: "", not working as well
    githubSecret: process.env.NUXT_GITHUB_SECRET,
    public: {
      githubBaseUrl: "https://api.github.com",
    },
  },

Additional context

No response

Logs

# Starting phase: build

196

2024-05-14T14:30:43.692Z [INFO]: # Executing command: export NUXT_GITHUB_SECRET=$(aws ssm get-parameter --name "/amplify/d2zk1p9qtbvjcd/main/AMPLIFY_secrets_nuxt_GITHUB_SECRET" --with-decryption --query Parameter.Value --output text)

197

2024-05-14T14:31:00.963Z [INFO]: # Executing command: echo "NUXT_GITHUB_SECRET=$NUXT_GITHUB_SECRET" >> .env

198

2024-05-14T14:31:00.969Z [INFO]: # Executing command: pnpm run build

199

2024-05-14T14:31:01.368Z [INFO]: > portfolio-vue@ build /codebuild/output/src707491585/src/portfolio-vue

[ash-p-uk]

HI, what was the solution? Currently having similar issues getting .env variables into AWS Amplify site. It looks like you've just manually added them to the amplify.yml to get them in there, but this is not mentioned in the Nuxt docs that I can see? thanks

[nicholas5538]

Hello @ash-p-uk, I managed to resolve it by removing quotation marks surrounding the parameter name.

If you're only getting a single parameter from AWS SSM, this is how the code would look like:

build:
      commands:
        - export NUXT_SSM1=$(aws ssm get-parameter --name /amplify/ssm1 --with-decryption --query Parameter.Value --output text)
        - echo "NUXT_SSM1=$NUXT_SSM1" >> .env

whereas if you're getting multiple parameters, it's much better to use aws ssm get-parameters for better optimization.

preBuild:
      commands:
        # Required to install jq as an admin user with the following command
        - sudo yum install -y jq
build:
      commands:
        - PARAMETERS=$(aws ssm get-parameters --names /amplify/ssm1 /amplify/ssm2 --with-decryption --query "Parameters[*].{Name:Name,Value:Value}")
        - export NUXT_SSM1=$(echo $PARAMETERS | jq -r '.[] | select(.Name=="/amplify/ssm1").Value')
        - export NUXT_SSM2=$(echo $PARAMETERS | jq -r '.[] | select(.Name=="/amplify/ssm2").Value')
        - |
          cat <<EOF >> .env
          NUXT_SSM1=$NUXT_SSM1
          NUXT_SSM2=$NUXT_SSM2
          EOF
        - pnpm run build

Edit: If you're not using AWS SSM to store your secrets, the alternative way is to include them in the environments tab under Amplify hosting. Albeit, I have not tried this method as I believe using AWS SSM is more secured