0

During the afterinstall step of a AWS application code deployment, I would like to install something as a Windows local services. I am using nssm to do so, but at some point I need to install the service using the local administrator account. Unfortunately, I cannot find a way to get the Windows password in an environment variable or using the command line in an automated way. Any idea ?

Thanks ! Emmanuel

CanardMoussant
  • 913
  • 8
  • 22

1 Answers1

1

We have solved the problem of securing Windows and related application credentials for use in install/automated processes by securing a properties file on S3, then downloading and parsing that file at instance launch time, or later in a CodeDeploy life-cycle hook.

For example in an S3 bucket called s3://credentials-example-com/example.properties:

WindowsAdminPassword=testing

You can download parse it as needed. In this example, I parse all the values to environment variables:

@echo off
rem Get credentials file from S3 and parse
echo Get credentials
if not exist c:\temp mkdir c:\temp
aws s3 cp s3://credentials-example-com/example.properties c:\temp
@echo off
FOR /F "tokens=1,2 delims==" %%G IN (c:\temp\example.properties) DO (
        echo.%%G|findstr "#" >nul 2>&1
        if errorlevel 1 (
                echo Setting %%G
                setx /m example_%%G %%H
                set example_%%G=%%H
        )
)
echo Done

There may be security implications if you parse the Windows admin password into the environment using SETX - but for your purposes if you use a simple SET the variable will only persist with the existing shell.

Rodrigo Murillo
  • 13,080
  • 2
  • 29
  • 50
  • Should work great. We store all external credentials this way. The bonus is that if the credentials change, then you just change the properties file. If it does work for you could you kindly accept the answer? Thanks – Rodrigo Murillo Apr 14 '16 at 20:25