How do I manually run scripts that require access to environment variables on my Elastic Beanstalk instance on Amazon Linux 2?

Last updated: 2021-01-20

I want to manually run scripts that require access to environment properties on my AWS Elastic Beanstalk instance on Amazon Linux 2.

Short description

You can use platform hooks to manually run scripts on Amazon Linux 2 platforms. The scripts require access to environment properties on your Elastic Beanstalk instance. To configure and run custom code on your environment instances during instance provisioning, it's a best practice to use platform hooks instead of providing files and commands in configuration files (.ebextensions).

Note: The following resolution includes two scripts that you can use across several platforms, including PHP, Python, Ruby, Amazon Corretto, Tomcat, and Node.js. The scripts allows users to source the environment properties defined in the /opt/elasticbeanstalk/deployment/env file.


1.    In your application source bundle, create a file called in both the .platform/hooks/postdeploy and .platform/confighooks/postdeploy directory. For example:

├── .platform
│   ├── hooks
│   │   ├── postdeploy
│   │   │   ├──
│   ├── confighooks
│   │   ├── postdeploy
│   │   │   ├──
|-- helloworld

2.    To allow any user on the instance to access the environment variable file, use a bash script that contains the same logic that copies the /opt/elasticbeanstalk/deployment/env file and sets 644 permissions. For example:

.platform/hooks/postdeploy/ AND .platform/confighooks/postdeploy/

#Create a copy of the environment variable file.
cp /opt/elasticbeanstalk/deployment/env /opt/elasticbeanstalk/deployment/custom_env_var

#Set permissions to the custom_env_var file so this file can be accessed by any user on the instance. You can restrict permissions as per your requirements.
chmod 644 /opt/elasticbeanstalk/deployment/custom_env_var

#Remove duplicate files upon deployment.
rm -f /opt/elasticbeanstalk/deployment/*.bak

3.    Set execution permissions on both .platform/hooks/postdeploy/ and .platform/confighooks/postdeploy/ files.

chmod +x .platform/hooks/postdeploy/
chmod +x .platform/confighooks/postdeploy/

4.    Deploy the .platform hook scripts.

5.    To avoid manually sourcing the file, add the following code to your user's ~/.bash_profile:

source <(sed -E -n 's/[^#]+/export &/ p' /opt/elasticbeanstalk/deployment/custom_env_var)

Note: Environment properties with spaces or special characters are interpreted by the Bash shell and can result in a different value.

Important: On Amazon Linux 2, all environment properties are centralized into a single file called /opt/elasticbeanstalk/deployment/env. You must use this file during Elastic Beanstalk's application deployment process only. The properties defined in /opt/elasticbeanstalk/deployment/env aren't available at the operating system level, which causes "permission denied" issues if you access these variables through manual scripts run on the instance. The /opt/elasticbeanstalk/deployment/env file has restricted permissions, and can be difficult for non-root users (for example, ec2-user) to source. For example:

[root@ip-X-X-X-X deployment]# ls -latr /opt/elasticbeanstalk/deployment/env

-r-------- 1 root root 147 Jun 17 06:23 /opt/elasticbeanstalk/deployment/env

Did this article help?

Do you need billing or technical support?