In AWS elastic beanstalk i want to deploy .war file, I'm using solution stack with Tomcat 9, to make my application work correctly i need to start this .war file with parameters(db password/user, db url etc.), how to configure Tomcat to start my artifact with these parameters by using .ebextensions?
Like this:
java -Ddatasource.dialect=$DB_DIALECT \
-Ddatasource.url=$DB_URL \
-Ddatasource.username=$DB_USERNAME \
-Ddatasource.password=$DB_PASSWORD \
-jar applicatin.war
You could use the commands feature but then you'd have to put the env vars for your db in there which wouldn't be as secure as it could be.
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customize-containers-ec2.html This example comes from the above link.
commands:
python_install:
command: myscript.py
cwd: /home/ec2-user
env:
myvarname: myvarvalue
test: "[ -x /usr/bin/python ]"
It might look like this for you;
commands:
db_cmd:
command: java -Ddatasource.dialect=$DB_DIALECT \
-Ddatasource.url=$DB_URL \
-Ddatasource.username=$DB_USERNAME \
-Ddatasource.password=$DB_PASSWORD \
-jar applicatin.war
cwd: /home/ec2-user
env:
DB_DIALECT: myvarvalue
DB_USERNAME: xxx
DB_PASSWORD: xxx
I would put the commands into a script though and call it like this;
commands:
db_cmd:
command: ./db.sh
cwd: /home/ec2-user
In the script I would add some calls to secrets manager to get the secrets you need. I only added one example of getting code from secrets manager but you'd need to get all three, of course.
#!/bin/bash
export DB_DIALECT=$(aws secretsmanager get-secret-value --secret-id dbdialect --region us-east-1 | jq -r '.SecretString' | jq -r '.your_secret_key')
java -Ddatasource.dialect=$DB_DIALECT \
-Ddatasource.url=$DB_URL \
-Ddatasource.username=$DB_USERNAME \
-Ddatasource.password=$DB_PASSWORD \
-jar applicatin.war