add Parameter Store as an alternative to AppConfig

silinternational · Feb 19, 2025 · da43150 · da43150
1 parent 6a6b030
commit da43150
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 15 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -47,7 +47,7 @@ COPY dockerbuild/config/* $SSP_PATH/config/
 COPY dockerbuild/ssp-overrides/sp-php.patch sp-php.patch
 RUN patch /data/vendor/simplesamlphp/simplesamlphp/modules/saml/src/Auth/Source/SP.php sp-php.patch
 
-ADD https://github.com/silinternational/config-shim/releases/download/v1.1.0/config-shim.gz config-shim.gz
+ADD https://github.com/silinternational/config-shim/releases/download/v1.2.0/config-shim.gz config-shim.gz
 RUN gzip -d config-shim.gz && chmod 755 config-shim && mv config-shim /usr/local/bin
 
 # Set permissions for cache directory. Corresponds to the `cachedir` setting in config.php.

diff --git a/README.md b/README.md
@@ -11,24 +11,30 @@ must be installed.
 [Make](https://www.gnu.org/software/make) is optional but simplifies the build process.
 
 ## Configuration
+
 By default, configuration is read from environment variables. These are documented
-in the `local.env.dist` file. Optionally, you can define configuration in AWS AppConfig.
+in the `local.env.dist` file. Optionally, you can define configuration in AWS Systems Manager.
 To do this, set the following environment variables to point to the configuration in
 AWS:
 
 * `AWS_REGION` - the AWS region in use
-* `APP_ID` - the application ID or name
-* `CONFIG_ID` - the configuration profile ID or name
-* `ENV_ID` - the environment ID or name
+* `APP_ID` - AppConfig application ID or name
+* `CONFIG_ID` - AppConfig configuration profile ID or name
+* `ENV_ID` - AppConfig environment ID or name
+* `PARAMETER_STORE_PATH` - Parameter Store base path for this app, e.g. "/idp-pw-api/idp-name/prod"
 
 In addition, the AWS API requires authentication. It is best to use an access role
 such as an [ECS Task Role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html).
 If that is not an option, you can specify an access token using the `AWS_ACCESS_KEY_ID` and
 `AWS_SECRET_ACCESS_KEY` variables.
 
-The content of the configuration profile takes the form of a typical .env file, using
-`#` for comments and `=` for variable assignment. Any variables read from AppConfig
-will overwrite variables set in the execution environment.
+If `PARAMETER_STORE_PATH` is given, AWS Parameter Store will be used. Each parameter in AWS Parameter
+Store is set as an environment variable in the execution environment.
+
+If `PARAMETER_STORE_PATH` is not given but the AppConfig variables are, AWS AppConfig will be used.
+The content of the AppConfig configuration profile takes the form of a typical .env file, using `#`
+for comments and `=` for variable assignment. Any variables read from AppConfig will overwrite variables
+set in the execution environment.
 
 ### SimpleSAMLphp Metadata
 

diff --git a/dockerbuild/run.sh b/dockerbuild/run.sh
@@ -20,14 +20,12 @@ cd /data
 cat /etc/*release | grep PRETTY
 php -v | head -n 1
 
-if [[ -z "${APP_ID}" ]]; then
-  apache2ctl -k start -D FOREGROUND
+if [[ $PARAMETER_STORE_PATH ]]; then
+  config-shim --path $PARAMETER_STORE_PATH apache2ctl -k start -D FOREGROUND
+elif [[ $APP_ID ]]; then
+  config-shim --app $APP_ID --config $CONFIG_ID --env $ENV_ID apache2ctl -k start -D FOREGROUND
 else
-  if [[ -z "${STRATEGY_ID}" ]]; then
-    config-shim --app $APP_ID --config $CONFIG_ID --env $ENV_ID apache2ctl -k start -D FOREGROUND
-  else 
-    config-shim -u --strategy $STRATEGY_ID --app $APP_ID --config $CONFIG_ID --env $ENV_ID apache2ctl -k start -D FOREGROUND
-  fi
+  apache2ctl -k start -D FOREGROUND
 fi
 
 # endless loop with a wait is needed for the trap to work