ALB config file dynamic at deployment for AWS Elastic Beanstalk

Question

Linux 2. I already have an Elastic Beanstalk environment set up and working. I am switching from Classical Load Balancer to an Application Load Balancer. My problem is I want one deployment that will change the ALB security group depending on if I am deploying in nonProd or Prod.

If I place this hardcoded config file in .ebextensions, everything works. Of course this would not work if I moved to production.

option_settings:
  aws:elbv2:listener:443:
    ListenerEnabled: 'true'
    Protocol: HTTPS
    SSLCertificateArns:   arn:aws:acm:xxx
    SSLPolicy: ELBSecurityPolicy-TLS-1-2-Ext-2018-06
  aws:elbv2:loadbalancer:
     ManagedSecurityGroup: "sg-0nonProd"
     SecurityGroups: "sg-0nonProd"

I have tried about 100 things to get this to work. This is my latest attempt, which of course seems like it should work in my mind.

My understanding of the order of operation:

...
commands
.platform/hooks/prebuild
container_commands
.platform/hooks/predeploy
...

I have a shell script in .platform/hooks/prebuild that figures out what environment we are in, then copies the code to two locations (since I don't know for sure what is going on) /var/app/staging/. and /var/app/staging/.ebextensions

The prebuild shell script looks like this:

#!/bin/bash
echo "PRE SHOULD SEE PREChecking S3 bucket exists for elb prebuild..."  

                                                                                                                                                                                                                       
S3_CHECK=$(aws s3 ls "s3://ice-prod-secure-store" 2>&1)                                                                                                                                                 
                                                                                                                                                                                                  
if [ $? != 0 ]                                                                                                                                                                                                                                
    then  
    echo "Bucket DOES NOT Exist.  nonprod "
    aws s3 cp s3://nonProd-secure-store/apps/zzelbLogging-nonprod.config /var/app/staging/zzalb2_config_file.config
   aws s3 cp s3://nonProd-secure-store/apps/zzelbLogging-nonprod.config /var/app/staging/.ebextensions/zzalb2_config_file.config
else                                                                                                                                                                                                                                         
    echo "Bucket exists. Prod"
    aws s3 cp s3://prod-secure-store/apps/zzelbLogging-nonprod.config /var/app/staging/zzalb2_config_file.config
fi     
echo "PRE PRE DONE DONE Checking S3 bucket exists for elb..."

The log shows that it ran

2022/10/07 10:05:21.372843 [INFO] Running command .platform/hooks/prebuild/1_elbsetup.sh
2022/10/07 10:05:23.346791 [INFO] PRE SHOULD SEE PREChecking S3 bucket exists for elb prebuild...
Bucket DOES NOT Exist.  nonprod 
Completed 375 Bytes/375 Bytes (4.8 KiB/s) with 1 file(s) remaining
download: s3://nonProd-secure-store/apps/zzelbLogging-nonprod.config to ./zzalb2_config_file.config
Completed 375 Bytes/375 Bytes (7.4 KiB/s) with 1 file(s) remaining
download: s3://nonProd-secure-store/apps/zzelbLogging-nonprod.config to .ebextensions/zzalb2_config_file.config
PRE PRE DONE DONE Checking S3 bucket exists for elb...

But that config file is never used during the creation. So where should that file go? Is there an easier way to do this?

ALB config file dynamic at deployment for AWS Elastic Beanstalk

0 Answers0