4

I have AWS Amplify Apps and currently the passwords are stored in Amplify environment variables. I am trying to use AWS secret manager to store my secrets and use it in my Amplify project

I checked AWS documentation (https://docs.aws.amazon.com/amplify/latest/userguide/environment-variables.html) they mention to enter parameter in this format(For Name, enter a parameter in the format /amplify/{your_app_id}/{your_backend_environment_name}/{your_parameter_name} ) I am not sure what is app_id, what is your_backend_environment_name and how can I use it in my Amplify project.

MJ X
  • 8,506
  • 12
  • 74
  • 99
  • You can use Amplify CLI to generate secrets. https://docs.amplify.aws/cli/function/secrets/#configuring-secret-values. Make sure to update to the latest version of Amplify CLI to get this functionality. – LuckyTuvshee Sep 01 '21 at 18:36

1 Answers1

2

Perhaps you've already found the solution, but perhaps someone would search for the same.

You need to name your secret parameter as the docs suggest:

/amplify/{your_app_id}/{your_backend_environment_name}/{your_parameter_name}

To find the {your_app_id} and {your_backend_environment_name}, you want to go to the Amplify console in AWS. Click on your application, and notice the list of environments the application deployed to. In my example, I want to set the secret for Dev.

Click on the "Action" drop-down button on the top right corner, chose "View app settings". On the right hand you'll notice the "App ARN" in the next format:

arn:aws:amplify:eu-west-1:ACCOUNT_ID:apps/sdkjhf9shdfweh

"sdkjhf9shdfweh" part is your APP ID.

If I want to set a secret name MY_SECRET I'd need to go to the parameter store and create a secret string parameter with the following name:

/amplify/sdkjhf9shdfweh/dev/MY_SECRET

Then I'll be able to access it from the build pipeline.

the Tin Man
  • 158,662
  • 42
  • 215
  • 303
Andrii Cherkasov
  • 21
  • 2
  • Please read "[How do I format my posts...](https://stackoverflow.com/help/formatting)" "[How do I format my code blocks?](https://meta.stackexchange.com/questions/22186/)" – the Tin Man Sep 28 '21 at 19:55
  • Hi! How should I access secret variables from my `amplify.yml` file? [Docs](https://docs.aws.amazon.com/amplify/latest/userguide/environment-variables.html) explain how to access normal environment variables like: `$MY_VARIABLE`, but how do I access `MY_SECRET`? – Ernesto Stifano Dec 20 '21 at 22:23
  • 3
    Hey @ErnestoStifano , Amplify exports the secrets as json strings under `process.env.secrets`. So you can access them from your build via something like `${secrets.MYSECRET}`, or `echo $secrets |jq -r -j '.MYSECRET'` – Andrii Cherkasov Dec 22 '21 at 15:34
  • @ErnestoStifano I getting this error. I did setup variables in parameter store and secret manager following this pattern `/amplify/{your_app_id}/{your_backend_environment_name}/{your_parameter_name} ` 2022-07-28T05:59:19.815Z [INFO]: SSM params {"Path":"/amplify/adfcdefa6b6hx2/test/","WithDecryption":true} 2022-07-28T05:59:19.858Z [WARNING]: !Failed to set up process.env.secrets 2022-07-28T06:00:10.900Z [INFO]: BackendEnvironment name test for app adfcdefa6b6hx2 is invalid – Eva Jul 31 '22 at 19:56
  • I created a fresh environment on Amplify and also created a parameter in SSM. Unfortunately the build process in Amplify indicates following log [WARNING]: !Failed to set up process.env.secrets Due to this, I am not able to refer any secrets configured in SSM. Any clue?? – CuriousMind Dec 16 '22 at 13:17
  • @CuriousMind Were you able to find a solution for this issue? – CurlyError Mar 28 '23 at 22:35
  • @CurlyError I was able to read the SSM parameter. But there is a known issue with SSM integration with Amplify - https://github.com/aws-amplify/amplify-hosting/issues/3258 – CuriousMind Apr 03 '23 at 11:45