AWS SSM Parameter Store is a way to manage your application parameters and deploy them as configuration files.

First we need to make sure to follow some key naming convention that the keys must named in a path type structure such as /root/path1/keyname1, this is done so we can easily retrieve all the parameters under /root/path1 then export keyname1 as the Apache mod_env environment key.

Example SSM Parameter entry:

path value securestring(?)

This will be written to an Apache config as:

SetEnv DBhost
SetEnv my-username
SetEnv my-password

Note: the value of DBpassword is automatically decoded from a securestring

Here is a script the will pull all those parameters and convert them into Apache config file, you can use this script during build (buildspec.yml) or deploy (appspec.yml) phase:

BYPATH="/root/dbconfigs/"                # the SSM PATH
FILE="/etc/httpd/conf.d/dbconfigs.conf"  # the mod_env confile file
NEXTTOKEN="null"                         # stores the pagination Id for SSM query

sudo yum -y install jq                   # installs the json parser

## retrieve the SSM path
JSONRESP=$(aws ssm get-parameters-by-path --path $BYPATH --with-decryption --region ap-southeast-2)

## write to the Apache config file as "SetEnv keyname1 somevalue-stored-in-ssm-under-this-key"
echo $JSONRESP | jq --compact-output --raw-output '.Parameters[] | "\(.Name) \(.Value)"' | awk -v q='"' -v p=$BYPATH '{gsub(p, "");print "SetEnv", $1, q$2q}' > $FILE

## find if theres a next page
NEXTTOKEN=$(echo $JSONRESP | jq --compact-output --raw-output '.NextToken')

## redo the same thing for each page
while [ $NEXTTOKEN != "null" ]
  JSONRESP=$(aws ssm get-parameters-by-path --path $BYPATH --with-decryption --region ap-southeast-2 --next-token $NEXTTOKEN)
  NEXTTOKEN=$(echo $JSONRESP | jq --compact-output --raw-output '.NextToken')
  echo $JSONRESP | jq --compact-output --raw-output '.Parameters[] | "\(.Name) \(.Value)"' | awk -v q='"' -v p=$BYPATH '{gsub(p, "");print "SetEnv", $1, q$2q}' >> $FILE

exit 0