I need to deploy the same PHP code to 3 environments on AWS Elastic beanstalk. These environments will report to different Application Names on New relic.
The newrelic license key cannot be deployed to the repository.
Please advise on strategies to achieve this.
For PHP in AWS Elastic Beanstalk you the steps are:
In the .ebextensions folder inside your Elastic BeanStalk application, create a new file named newrelic.config. Add the following content to the file:
packages:
yum:
newrelic-php5: []
rpm:
newrelic: INSERT_LINK_TO_AGENT
commands:
configure_new_relic:
command: newrelic-install install
env:
NR_INSTALL_SILENT: true
NR_INSTALL_KEY: INSERT_LICENSE_KEY
If you are using password vault you would then follow their best practices. If you are not then you may have to create a shell script to replace the license key from a secure S3 bucket.
Put your license key in a secure S3 bucket. Then use a Bash script similar to:
#!/bin/bash
password=$(aws ssm get-parameters --region us-east-1 --names MySecureLicenseKey --with-decryption --query Parameters[0].Value)
# code to replace INSERT_LICENSE_KEY - need to update the path to where you have it land
sed 's/INSERT_LICENSE_KEY/$password/g' /etc/newrelic/newrelic.config
Inspired by: https://aws.amazon.com/blogs/mt/use-parameter-store-to-securely-access-secrets-and-config-data-in-aws-codedeploy/