如何通过用户数据在 EC2 实例上设置环境变量 [英] How to set Environment Variables on EC2 instance via User Data
问题描述
我正在尝试使用 EC2s 用户数据设置环境变量,但我所做的一切似乎都不起作用
这是我尝试过的用户数据脚本
<块引用>#!/bin/bashecho "export HOST_URL=checkEmai-LoadBala-ICHJ82KG5C7P-23235232.us-east-1.elb.amazonaws.com" >>/env.sh源/env.sh还有一个:
<块引用>#!/bin/bashecho "#!/bin/bash" >>/env.shecho "export HOST_URL=checkEmai-LoadBala-ICHJ82KG5C7P-67323523.us-east-1.elb.amazonaws.com" >>/env.shchmod +x/env.sh/env.sh他们都什么都不做,如果我登录并发出命令 source/env.sh 或 /env.sh 它可以工作.所以这一定是我想要做的被禁止的事情.
这是 /var/log/cloud-init-output.log 使用 -e -x
+ echo 'export HOST_URL=checkEmai-LoadBala-ICHJ82KG5C7P-2141709021.us-east-1.elb.amazonaws.com'+ 源/env.sh++ 导出 HOST_URL=checkEmai-LoadBala-ICHJ82KG5C7P-2141709022.us-east-1.elb.amazonaws.com++ HOST_URL=checkEmai-LoadBala-ICHJ82KG5C7P-2141709022.us-east-1.elb.amazonaws.com仍然,echo $HOST_URL 是空的
根据要求,完整的 UserData 脚本
<块引用>#!/bin/bash设置 -e -xecho "export HOST_URL=checkEmai-LoadBala-ICHJ82KG5C7P-2141709021.us-east-1.elb.amazonaws.com" >>/env.sh源/env.sh/startup.sh 暂存 2649为 EC2 实例定义环境变量的一种更可配置的方法是使用 Systems Manager Parameter Store.这种方法将使管理大量 EC2 实例的不同参数变得更加容易,两者都使用 AWS KMS 加密以及纯文本.它还允许在 EC2 实例级别发生最小变化的情况下更改参数值.步骤如下.
- 在 EC2 Systems Manager 参数中定义字符串参数(使用 KMS 加密或未加密)存储.
- 在 EC2 承担的 IAM 角色中,授予访问参数存储所需的权限.
- 使用 EC2 系统管理器的 AWS CLI 命令,使用 Get-Parameter 或 Get-Parameters AWS CLI 命令和 根据需要控制命令输出.
例如使用 Get-Parameter 命令检索 db_connection_string 参数(未加密).
export DB_CONNECTION=$(aws --region=us-east-2 ssm get-parameter --name 'db_connection' --query 'Value')注意:有关设置 AWS KMS 密钥、定义加密字符串、管理 IAM 策略的更多详细信息以及等,请参考以下文章.
I am trying to set environment variables with EC2s user data, but nothing i do seems to work
here are the User data scripts i tried
#!/bin/bash echo "export HOST_URL=checkEmai-LoadBala-ICHJ82KG5C7P-23235232.us-east-1.elb.amazonaws.com" >> /env.sh source /env.sh
And another:
#!/bin/bash echo "#!/bin/bash" >> /env.sh echo "export HOST_URL=checkEmai-LoadBala-ICHJ82KG5C7P-67323523.us-east-1.elb.amazonaws.com" >> /env.sh chmod +x /env.sh /env.sh
They both do absolutly nothing, and if i log in and issue the command source /env.sh or /env.sh it works. so this must be something forbidden that i am trying to do.
Here is the output from /var/log/cloud-init-output.log using -e -x
+ echo 'export HOST_URL=checkEmai-LoadBala-ICHJ82KG5C7P-2141709021.us-east-1.elb.amazonaws.com' + source /env.sh ++ export HOST_URL=checkEmai-LoadBala-ICHJ82KG5C7P-2141709022.us-east-1.elb.amazonaws.com ++ HOST_URL=checkEmai-LoadBala-ICHJ82KG5C7P-2141709022.us-east-1.elb.amazonaws.com
Still, echo $HOST_URL is empty
As requested, the full UserData script
#!/bin/bash set -e -x echo "export HOST_URL=checkEmai-LoadBala-ICHJ82KG5C7P-2141709021.us-east-1.elb.amazonaws.com" >> /env.sh source /env.sh /startup.sh staging 2649
One of the more configurable approach to define environment variables for EC2 instances, is to use Systems Manager Parameter Store. This approach will make it easier to manage different parameters for large number of EC2 instances, both encrypted using AWS KMS as well as in plain text. It will also allows to change the parameter values with minimal changes in EC2 instance level. The steps are as follows.
- Define string parameters (Encrypted with KMS or Unencrypted) in EC2 Systems Manager Parameter Store.
- In the IAM role EC2 assumes, give required permission to access the parameter store.
- Using the AWS CLI commands for EC2 System Manager, read the parameters and export to environment variables in User Data section using Get-Parameter or Get-Parameters AWS CLI commands and controlling command output as required.
e.g Using Get-Parameter command to retrieve db_connection_string parameter(Unencrypted).
export DB_CONNECTION=$(aws --region=us-east-2 ssm get-parameter --name 'db_connection' --query 'Value')
Note: For more details in setting up AWS KMS Keys, defining encrypted strings, managing IAM policies & etc., refer the following articles.
- Securing Application Secrets with EC2 Parameter Store
- Simple Secrets Management via AWS’ EC2 Parameter Store
这篇关于如何通过用户数据在 EC2 实例上设置环境变量的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
