diff --git a/appspec.yml b/appspec.yml index 40b877e8f..bee1617e7 100644 --- a/appspec.yml +++ b/appspec.yml @@ -14,7 +14,7 @@ hooks: runas: root AfterInstall: - location: scripts/after_install.sh - timeout: 300 + timeout: 1000 runas: root ApplicationStart: - location: scripts/application_start.sh diff --git a/cdk/lib/cdk-stack.ts b/cdk/lib/cdk-stack.ts index 4f22e1a0f..62eb3b60e 100644 --- a/cdk/lib/cdk-stack.ts +++ b/cdk/lib/cdk-stack.ts @@ -95,7 +95,9 @@ export class CdkStack extends cdk.Stack { assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com'), managedPolicies: [ iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonSSMManagedInstanceCore'), - iam.ManagedPolicy.fromAwsManagedPolicyName('service-role/AmazonEC2RoleforAWSCodeDeploy'), // Add CodeDeploy permissions + iam.ManagedPolicy.fromAwsManagedPolicyName('service-role/AmazonEC2RoleforAWSCodeDeploy'), + iam.ManagedPolicy.fromAwsManagedPolicyName('SecretsManagerReadWrite'), + iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonEC2ContainerRegistryReadOnly') ], }); @@ -168,13 +170,13 @@ export class CdkStack extends cdk.Stack { }); const dbHostParam = new ssm.StringParameter(this, 'DBHostParameter', { - parameterName: '/aws/reference/ec2/DB_HOST', + parameterName: '/polis/db-host', stringValue: db.dbInstanceEndpointAddress, description: 'SSM Parameter storing the Polis Database Host', }); const dbPortParam = new ssm.StringParameter(this, 'DBPortParameter', { - parameterName: '/aws/reference/ec2/DB_PORT', + parameterName: '/polis/db-port', stringValue: db.dbInstanceEndpointPort, description: 'SSM Parameter storing the Polis Database Port', }); diff --git a/scripts/after_install.sh b/scripts/after_install.sh index c86ba7493..58461792b 100644 --- a/scripts/after_install.sh +++ b/scripts/after_install.sh @@ -26,7 +26,7 @@ fi # --- Database Configuration --- # 1. Get Secret ARN from SSM Parameter -SECRET_ARN=$(aws ssm get-parameter --name /polis/db-secret-arn --query 'Parameter.Value' --output text) +SECRET_ARN=$(aws ssm get-parameter --name /polis/db-secret-arn --query 'Parameter.Value' --output text --region us-east-1) if [ -z "$SECRET_ARN" ]; then echo "Error: Could not retrieve DB Secret ARN from SSM Parameter /polis/db-secret-arn" @@ -36,7 +36,7 @@ fi echo "Retrieved Secret ARN from SSM Parameter: $SECRET_ARN" # 2. Retrieve Secret Value from Secrets Manager -SECRET_JSON=$(aws secretsmanager get-secret-value --secret-id "$SECRET_ARN" --query 'SecretString' --output text) +SECRET_JSON=$(aws secretsmanager get-secret-value --secret-id "$SECRET_ARN" --query 'SecretString' --output text --region us-east-1) if [ -z "$SECRET_JSON" ]; then echo "Error: Could not retrieve DB Secret from Secrets Manager using ARN: $SECRET_ARN" @@ -57,8 +57,8 @@ fi echo "Parsed DB_USER and DB_PASSWORD from Secret JSON" # 4. Get DB Host and Port from SSM Parameters (already present, but ensure correct parameter names) -DB_HOST=$(aws ssm get-parameter --name /aws/reference/ec2/DB_HOST --query 'Parameter.Value' --output text) -DB_PORT=$(aws ssm get-parameter --name /aws/reference/ec2/DB_PORT --query 'Parameter.Value' --output text) +DB_HOST=$(aws ssm get-parameter --name /polis/db-host --query 'Parameter.Value' --output text --region us-east-1) +DB_PORT=$(aws ssm get-parameter --name /polis/db-port --query 'Parameter.Value' --output text --region us-east-1) if [ -z "$DB_HOST" ] || [ -z "$DB_PORT" ]; then echo "Error: Could not retrieve DB_HOST or DB_PORT from SSM Parameters" @@ -76,7 +76,7 @@ echo "Updated DATABASE_URL in .env file" # Get the image tag from SSM (already present, but might be updated later for image tags) # IMAGE_TAG=$(aws ssm get-parameter --name /polis/image-tag --query 'Parameter.Value' --output text --with-decryption) -ECR_REPO_URI=$(aws ecr describe-repositories --repository-names polis --query 'repositories[0].repositoryUri' --output text) +ECR_REPO_URI=$(aws ecr describe-repositories --repository-names polis --query 'repositories[0].repositoryUri' --output text --region us-east-1) # Set environment variable for docker-compose (already present) # export IMAGE_TAG