AWS SSM Buildkite Plugin
🔑 Injects AWS SSM Parameter Store parameters as environment variables into your build step.
Based on previous work by zacharymctague, Linktree, and Seek.
The plugin requires the
ssm:GetParameters IAM permission for the parameters you specify. If the values are SecureStrings, it will also require
kms:Decrypt on the corresponding KMS key.
Example
Add the following to your
pipeline.yml:
steps:
- command: echo "Param One equals \$PARAMETER_ONE"
plugins:
- aws-ssm#v1.1.0:
parameters:
PARAMETER_ONE: /my/parameter
PARAMETER_TWO: /my/other/parameter
Configuration
parameters (Required, object)
- Specify a dictionary of
key: valuepairs to inject as environment variables, where the key is the name of the environment variable to be set, and the value is the AWS SSM parameter path.
Limitations
Parameter Store can hold multi-line values, but only the first line will be stored in the target ENV variable. If multi-line values are required, the recommended approach is to store the value base64 encoded and decode it in your scripts:
steps:
- command: ./decode-param"
plugins:
- aws-ssm#v1.1.0:
parameters:
PARAMETER_BASE64: /my/parameter
To decode:
$ cat ./decode-param
#!/bin/sh
PARAMETER="$(echo $PARAMETER_BASE64 | base64 -d)"
echo "Param equals: ${PARAMETER}"
Developing
To run testing, shellchecks and plugin linting use use
bk run with the Buildkite CLI.
bk run
Or if you want to run just the tests, you can use the docker Plugin Tester:
docker run --rm -ti -v "${PWD}":/plugin buildkite/plugin-tester:latest
Contributing
- Fork the repo
- Make the changes
- Run the tests
- Commit and push your changes
- Send a pull request