Environment Variables¶

Automatic import of SSM parameters¶

By default, ECS Deployer will attempt to import secrets from SSM Parameter store for you.

For information on configuring SSM Parameter Import, see the SSM Parameter Store Secrets Import section on the Settings page.

The basename of the parameter path is used as the Variable Name. The value is never read by the Deployer, as it is passed as a secret to your application.

Example

/ecsdeployer/secrets/myapp/DATABASE_URL added as DATABASE_URL
/ecsdeployer/secrets/myapp/SECRET_API_KEY added as SECRET_API_KEY

Specifying Values¶

SSM Parameter Store Reference¶

This is secure and can be used for sensitive values

environment:
  # ...
  MY_VARIABLE_NAME:
    ssm: /path/or/arn/to/ssm/or/secrets-manager/value

You can specify values as either a path to an SSM Parameter, the full ARN for an SSM Parameter, or the full ARN of a SecretsManager secret.

Insecure Values¶

Adding environment variables to your config file will keep them in plain text. This is not recommended for sensitive values.

Plain StringTemplated ValuesUnset Inherited Value

You can specify the environment variable value as any primitive type that is castable to a string. (ie: string, boolean, number)

These will be added to the task's environment as plaintext.

environment:
  PORT: 1234
  ALLOW_CLOWNS: false
  ALLOW_FUN: true
  PHASERS: stun
  GIGAWATTS: 1.21

Same as Plain String, but you can now use Templates in the value.

environment:
  APP_DEPLOYED_AT: "{{ .Date }}"
  GITHUB_REF: "{{ .Env.GITHUB_REF_NAME }}"

If you define an environment variable globally (or it is pulled from your SSM root), then you can optionally unset that variable for a specific task or service.

environment:
  SOMEVAR:
    unset: true
  SOME_OTHER_VAL: "some value"

Example¶

environment:
  PORT: 5000
  ENABLE_FUNTIME: true
  FOO: bar

  BUILD_REF_NAME: { template: "{{ .Env.GITHUB_REF_NAME }}" }

  SSM_VARIABLE: { ssm: "/path/to/some/ssm/variable" }