使用AWS SSM Run Command的环境变量 [英] Environment variables with AWS SSM Run Command

问题描述

我将AWS SSM Run Command与AWS-RunShellScript文档结合使用，以在AWS Linux 1实例上运行脚本.该脚本的一部分包括使用环境变量.当我自己运行脚本时，一切都很好.但是，当我使用SSM运行脚本时，它看不到环境变量.该变量需要传递给Python脚本.我最初一直尝试os.environ ['VARIABLE']无效.

I am using AWS SSM Run Command with the AWS-RunShellScript document to run a script on an AWS Linux 1 instance. Part of the script includes using an environment variable. When I run the script myself, everything is fine. But when I run the script with SSM, it can't see the environment variable. This variable needs to be passed to a Python script. I had originally been trying os.environ['VARIABLE'] to no effect.

我知道AWS SSM使用root特权，因此我在导出行到根〜/.bashrc文件中放置了一行，但仍然看不到该变量.我自己运行时，root用户可以看到它.AWS SSM是否不可能使用环境变量，或者我没有正确导出它?如果不可能，我将尝试使用AWS KMS来存储我的变量.

I know that AWS SSM uses root privileges and so I have put a line exporting the variable in the root ~/.bashrc file, yet it still can not see the variable. The root user can see it when I run it myself. Is it not possible for AWS SSM to use environment variables, or am I not exporting it correctly? If it is not possible, I'll try using AWS KMS instead to store my variable.

〜/.bashrc

export VARIABLE="VALUE"

script.sh

script.sh

"$VARIABLE"

安全性很重要，因此为什么我不想只将变量存储在脚本中.

Security is important, hence why I don't want to just store the variable in the script.

推荐答案

SSM不会打开实际的SSH会话，因此传递环境变量将不起作用.在接收请求并处理它们的盒子上运行的守护程序是必不可少的.这是一个非常基本的产品:它不支持SSH附带的任何标准功能，例如SCP，端口转发，隧道传输，环境变量的传递等.将值传递给脚本的另一种方法是:将其存储在AWS 系统管理器参数存储，然后让脚本从商店中提取变量.
您需要更新您的实例角色权限，以访问运行您的脚本访问存储的值的 ssm:GetParameters .

SSM does not open an actual SSH session so passing environment variables won't work. It's essential a daemon running on the box that's taking your requests and processing them. It's a very basic product: it doesn't support any of the standard features that come with SSH such as SCP, port forwarding, tunneling, passing of env variables etc. An alternative way of passing a value you need to a script would be to store it in AWS Systems Manager Parameter Store, and have your script pull the variable from the store.
You'll need to update your instance role permissions to have access to ssm:GetParameters for the script you run to access the value stored.

这篇关于使用AWS SSM Run Command的环境变量的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！