sceptre
This is how I'm resolving runtime AWS values #1178
Replies: 7 comments
-
|
@ngfgrant, I just wanted to make this known to the community. Should we close it now? |
Beta Was this translation helpful? Give feedback.
-
|
Hey @jeshan - no please keep it open. I will definitely want to incorporate this at some point soon! |
Beta Was this translation helpful? Give feedback.
-
|
Nice @jeshan, definitely worthy of being a core resolver :) |
Beta Was this translation helpful? Give feedback.
-
|
The new model will be to not actually have any "core" resolvers. All hooks and resolvers will be treated equally. Now we have the new GitHub org I've set up some hook and resolver templates https://github.com/Sceptre/sceptre-resolver-template. Instructions on how to use the template are here https://github.com/Sceptre/project/wiki/sceptre-resolver-template. If you would like we'd be delight to host this resolver on this GitHub org which might help other discover and contribute? Either way - nice work |
Beta Was this translation helpful? Give feedback.
-
Understood.
Totally fine with me. So I should transfer it like the following? What else do you need me to do? |
Beta Was this translation helpful? Give feedback.
-
|
probably a slightly easier method would be to create a new repo in You can name the resolver as you wish and then clone the repo locally. simply copy and paste the single resolver file across into |
Beta Was this translation helpful? Give feedback.
-
Now that I think of it deeper; my current setup is releasing via AWS CodeBuild. Since, it was my repo I'd check every change before releasing. How is this going to work for us if I'll transfer the ownership to Sceptre org? Also, note that it needs my personal PyPI credentials as well.
That link doesn't work for the rest of us; I'm not part of the org so I don't see the org's templates. The correct link is: https://github.com/Sceptre/sceptre-resolver-template/generate By the way, this new template feature commits the file again in a new repository. This means that git history from the template project is not retained. (not important for us in this issue) |
Beta Was this translation helpful? Give feedback.
-
From time to time, I need to get some dynamic (runtime) value from AWS. A common use case is getting secure strings from Systems Manager. But there are other use cases, like getting current user role, looking for a certain EC2 instance, etc. The common way that people are solving is by creating a PyPI package for each resolver.
I'm thinking that there will be many more like this and such solutions won't scale. So, I wondered what if we could resolve anything in AWS using only 1 resolver?
So I created the
sceptre-aws-resolverhttps://github.com/jeshan/sceptre-aws-resolver
It works with any API in AWS. It leverages the existing connection manager so that you're sure it's running in the correct environment.
Examples on how you can use it:
!aws sts::get_caller_identityYou'll probably want to filter the output. You do that by writing a JMESpath query:
!aws sts::get_caller_identity::::UserIdA couple more:
!aws ssm::get_parameter::'Name':'your-param-name'::Parameter.Value!aws ssm::get_parameter::'Name':'your-secret-param','WithDecryption':True::Parameter.ValueI just released this a few minutes ago. So, I appreciate your feedback on this.
Not sure if this is a brilliant or terribly stupid idea. Let me know what you think!
Beta Was this translation helpful? Give feedback.
All reactions