Last active
July 27, 2023 16:18
-
-
Save andrewodri/9906d0c7fe8f779f454a356530f2ea1e to your computer and use it in GitHub Desktop.
Get and set SSM parameters from Bash and/or .env
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # set_parameter() { aws ssm put-parameter --overwrite --name "${1}" --value "${2}" --type String --query "''" --output text; } | |
| # set_secure_parameter() { aws ssm put-parameter --overwrite --name "${1}" --value "${2}" --type SecureString --query "''" --output text; } | |
| set_parameter() { aws ssm put-parameter --overwrite --query "''" --output text --cli-input-json '{"Name":"'${1}'","Value":"'$(echo -ne "${2}" | perl -pe 's/(\\(\\\\)*)/$1$1/g; s/(?!\\)(["\x00-\x1f])/sprintf("\\u%04x",ord($1))/eg;')'","Type": "String"}'; } | |
| set_secure_parameter() { aws ssm put-parameter --overwrite --query "''" --output text --cli-input-json '{"Name":"'${1}'","Value":"'$(echo -ne "${2}" | perl -pe 's/(\\(\\\\)*)/$1$1/g; s/(?!\\)(["\x00-\x1f])/sprintf("\\u%04x",ord($1))/eg;')'","Type": "SecureString"}'; } | |
| if [[ "${1}" = "-h" || "${1}" = "--help" || ( -z "${1}" && -z "${2}" ) ]] | |
| then | |
| echo -e 'Example usage:\n ./dotenv-to-ssm.sh [INPUT_FILE] [SSM_PARAMETER_PREFIX]' | |
| exit 0 | |
| fi | |
| INPUT_FILE="${1}" | |
| SSM_PARAMETER_PREFIX="$(echo "${2}" | sed -E 's/^\/?/\//g; s/\/?$/\//g;')" | |
| while IFS="" read -r LINE || [ -n "${LINE}" ] | |
| do | |
| MATCHES=$(echo "${LINE}" | perl -ne 'print if s/^([^#][\w\d_]+)\s*=\s*(['"\"'"']?)((?:(?=(\\?))\4.)*)(\2)/\1\n\3/') | |
| if [[ ! -z "${MATCHES}" ]] | |
| then | |
| IFS=$'\n' RESULT=(${MATCHES}) | |
| if [[ "${RESULT[0]}" =~ _(KEY|PASS|PASSWORD|SALT|SECRET|USER|USERNAME)$ ]] | |
| then | |
| set_secure_parameter "${SSM_PARAMETER_PREFIX}${RESULT[0]}" "${RESULT[1]}" | |
| echo "Parameter (SecureString): '${SSM_PARAMETER_PREFIX}${RESULT[0]}' defined as '${RESULT[1]}'" | |
| else | |
| set_parameter "${SSM_PARAMETER_PREFIX}${RESULT[0]}" "${RESULT[1]}" | |
| echo "Parameter (String): '${SSM_PARAMETER_PREFIX}${RESULT[0]}' defined as '${RESULT[1]}'" | |
| fi | |
| fi | |
| done < "${INPUT_FILE}" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| get_parameters_by_path() { aws ssm get-parameters-by-path --with-decryption --path "${1}" --query "Parameters[*].[join('=', [Name, Value])]" --output text; } | |
| if [[ "${1}" = "-h" || "${1}" = "--help" || ( -z "${1}" && -z "${2}" ) ]] | |
| then | |
| echo -e 'Example usage:\n ./ssm-to-dotenv.sh [OUTPUT_FILE] [SSM_PARAMETER_PREFIX]' | |
| exit 0 | |
| fi | |
| OUTPUT_FILE="${1}" | |
| SSM_PARAMETER_PREFIX="$(echo "${2}" | sed -E 's/^\/?/\//g; s/\/?$/\//g;')" | |
| :> "${OUTPUT_FILE}" | |
| get_parameters_by_path "${SSM_PARAMETER_PREFIX}" | | |
| while IFS="" read -r LINE || [ -n "${LINE}" ] | |
| do | |
| ESCAPED_KEY_AND_VALUE="$(echo "${LINE}" | sed -E "s/${SSM_PARAMETER_PREFIX//\//\\/}([0-9A-Za-z_]+)=(.+)$/\1='\2'/g; s/\'([^$])/\\\'\1/g; s/\\\'/\'/1;")" | |
| echo "${ESCAPED_KEY_AND_VALUE}" >> "${OUTPUT_FILE}" | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Note that the write the parameters to SSM,
perlis required. This is becauseseddoes not support positive look-aheads, most development systems will have perl installed, and I am too lazy to find a better alternative at this point.For reading
.envfiles into a bash script, use this handy little guy: