Last active
September 6, 2024 14:14
-
-
Save bek9/ace387c23c29b5818f6c3c908843b251 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Default values | |
| ENV_FILE=".env" | |
| SSM_PREFIX="/webapp/" | |
| OVERWRITE=false | |
| SPECIFIED_KEYS=() | |
| IGNORE=( | |
| "STAGE" | |
| "REVISION" | |
| "AWS_ACCESS_KEY_ID" | |
| "AWS_SECRET_ACCESS_KEY" | |
| ) | |
| SECURE=( | |
| "DATABASE_URL" | |
| "DJANGO_SECRET_KEY" | |
| ) | |
| # Usage function to display help | |
| usage() { | |
| echo "Usage: $0 [-f ENV_FILE] [--force] [--secure key1,key2,...] [--ignore key1,key2,...] [--keys key1,key2,...]" | |
| echo " -f ENV_FILE: Specify the .env file to upload (default: .env)" | |
| echo " --force: Overwrite existing parameters in Parameter Store" | |
| echo " --keys: Comma-separated list of specific keys to save; if omitted, all keys are saved" | |
| echo " --ignore: Comma-separated list of keys to ignore" | |
| echo " --secure: Comma-separated list of additional keys to store as SecureString" | |
| exit 1 | |
| } | |
| # Parse options | |
| while [[ "$#" -gt 0 ]]; do | |
| case $1 in | |
| -f) ENV_FILE="$2"; shift ;; | |
| --force) OVERWRITE=true ;; | |
| --keys) IFS=',' read -r -a SPECIFIED_KEYS <<< "$2"; shift ;; | |
| --ignore) IFS=',' read -r -a ADDITIONAL_IGNORE <<< "$2"; IGNORE+=("${ADDITIONAL_IGNORE[@]}"); shift ;; | |
| --secure) IFS=',' read -r -a ADDITIONAL_SECURE <<< "$2"; SECURE+=("${ADDITIONAL_SECURE[@]}"); shift ;; | |
| *) usage ;; | |
| esac | |
| shift | |
| done | |
| # Extract the suffix from the ENV_FILE name | |
| if [[ "$ENV_FILE" =~ \.env\.(.*) ]]; then | |
| ENV_SUFFIX="${BASH_REMATCH[1]}" | |
| SSM_PREFIX="${SSM_PREFIX}${ENV_SUFFIX}/" | |
| fi | |
| # Function to check if a key is in the specified list | |
| is_key_in_list() { | |
| local key=$1 | |
| shift | |
| local list=("$@") | |
| for item in "${list[@]}"; do | |
| if [[ "$item" == "$key" ]]; then | |
| return 0 | |
| fi | |
| done | |
| return 1 | |
| } | |
| # Loop through each line in the .env file | |
| while IFS= read -r line | |
| do | |
| # Skip empty lines and comments | |
| if [[ ! -z "$line" && ! "$line" =~ ^# ]]; then | |
| # Extract the key and value | |
| KEY=$(echo "$line" | cut -d '=' -f 1) | |
| VALUE=$(echo "$line" | cut -d '=' -f 2-) | |
| # Check if SPECIFIED_KEYS is not empty and if the KEY is not in the list, skip it | |
| if [[ ${#SPECIFIED_KEYS[@]} -gt 0 ]]; then | |
| is_key_in_list "$KEY" "${SPECIFIED_KEYS[@]}" | |
| if [[ $? -ne 0 ]]; then | |
| continue | |
| fi | |
| fi | |
| # Check if the key should be ignored | |
| is_key_in_list "$KEY" "${IGNORE[@]}" | |
| if [[ $? -eq 0 ]]; then | |
| echo "Skipping $KEY as it is in the ignore list" | |
| continue | |
| fi | |
| # Skip if VALUE is empty | |
| if [[ -z "$VALUE" ]]; then | |
| echo "Skipping $KEY as its value is empty" | |
| continue | |
| fi | |
| # Determine if the key should be a SecureString | |
| PARAM_TYPE="String" | |
| is_key_in_list "$KEY" "${SECURE[@]}" | |
| if [[ $? -eq 0 ]]; then | |
| PARAM_TYPE="SecureString" | |
| fi | |
| echo "Trying to put parameter: ${SSM_PREFIX}${KEY} with value: $VALUE (Type: $PARAM_TYPE)" | |
| # Build the put-parameter command | |
| CMD="aws ssm put-parameter --name \"${SSM_PREFIX}${KEY}\" --value \"$VALUE\" --type \"$PARAM_TYPE\"" | |
| # Add overwrite flag if --force is set | |
| if [ "$OVERWRITE" = true ]; then | |
| CMD="${CMD} --overwrite" | |
| fi | |
| # Execute the command | |
| eval $CMD | |
| fi | |
| done < "$ENV_FILE" | |
| echo "Finished uploading $ENV_FILE to SSM Parameter Store." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment