A total beginner level question here - I am trying to deploy my mern full stack app to aws ec2 (Amazon Linux 2 ) as a side project for the first time. I was able to get the frontend static React files into the aws ec2 instance. But I am confused as to how to proceed with the backend portion. The backend (nodejs + express) uses a .env file for database connections and such. What would be the safest and/or conventional method to transfer the values in the env file to the instance?
Here are the suggestions I came across and my thoughts on them. Would appreciate some guidance.
- Since the instance platform is a Linux, I could add the variables to the .bash_profile - seems like the relatively safest and easiest option (as this is a small-scale side project app). Would the env data be immediately accessible to the backend files? or are there other steps to take afterwards? Will the vars stay afer I end the terminal session?
- Upload the env files along with the other backend file in to the instance - does not seem safe as the env file data is in clear text format and may be easily accessible
- Add the env data as 'user data' of the instance - safer than option 2 but how would I run the user data? (the aws website mentions it does not run automatically)
- Look into AWS SDKs or AWS Parameter Store
Since you are using
.envfile in the existing server, option 2 (storing it as.envfile in EC2) is the direct equivalent. This is a valid and secure design, as long as the file does not contain any secret values.If your variables do have secrets, this is another problem altogether. The "AWS way" would be SSM Parameter Store or Secrets Manager. I don't see how storing it in user data or
.bash_profilemakes it more secure.