Environment Variables & Secrets

Important

Configure AWS credentials and environment variables for Copilot deployments

Overview

When deploying to AWS ECS with Copilot, you need to configure environment variables for your application to connect to AWS services like S3, SQS, and CloudWatch. This guide covers both development and production approaches.

Security Warning

Never commit AWS credentials to Git. Always add manifest files with credentials to .gitignore or use SSM Parameter Store for production deployments.

Common Issues

Region Mismatch

One common issue is when your AWS resources (S3 bucket, SQS queue) are in a different region than your deployment. For example:

  • Your ECS service deploys to ap-southeast-1
  • But your S3 bucket is in us-east-1

The SDK will fail to find the bucket. Always ensure your AWS_REGION environment variable matches the region of your AWS resources.

Missing Environment Variables

Without proper configuration, the app will run in mock mode (simulated responses). To use real AWS services, you need:

  • AWS_REGION - The AWS region (e.g., us-east-1)
  • AWS_ACCESS_KEY_ID - Your IAM access key
  • AWS_SECRET_ACCESS_KEY - Your IAM secret key
  • Service-specific variables (bucket name, queue URL, etc.)

Configuration Methods

Option 1: Plain Variables (POC Only)

For quick testing, you can put credentials directly in the manifest. This is NOT recommended for production.

copilot/frontend/manifest.yml
variables:
  HOSTNAME: "0.0.0.0"
  PORT: "3000"
  NODE_ENV: production
  # AWS Configuration
  AWS_REGION: "us-east-1"
  AWS_S3_BUCKET_NAME: "your-bucket-name"
  AWS_SQS_QUEUE_URL: "https://sqs.us-east-1.amazonaws.com/123456789/your-queue"
  AWS_CLOUDWATCH_LOG_GROUP: "your-log-group"
  # AWS Credentials (rotate these after testing!)
  AWS_ACCESS_KEY_ID: "YOUR_ACCESS_KEY"
  AWS_SECRET_ACCESS_KEY: "YOUR_SECRET_KEY"

Add to .gitignore

Add the manifest to your .gitignore to prevent committing credentials:

copilot/frontend/manifest.yml

Deploy with Plain Variables

Terminal
$copilot svc deploy -n frontend -e staging
Building your container image...
Pushing to ECR...
Deploying to ECS...
✔ Deployed frontend to staging.

Step-by-Step Deployment Process

1

1. Set up your local environment

Create a .env.local file with your AWS credentials for local development.

2

2. Configure the manifest

Add environment variables to copilot/frontend/manifest.yml

3

3. Add manifest to .gitignore

Prevent credentials from being committed to Git.

4

4. Deploy to staging

Run copilot svc deploy to build and deploy your service.

5

5. Verify the deployment

Check service status and test the demos.

Local Development (.env.local)

Create a .env.local file for local development:

.env.local
# AWS Core Configuration
AWS_REGION=us-east-1
AWS_ACCESS_KEY_ID=your_access_key_here
AWS_SECRET_ACCESS_KEY=your_secret_key_here

# S3 Demo Configuration
AWS_S3_BUCKET_NAME=your-bucket-name

# SQS Demo Configuration
AWS_SQS_QUEUE_URL=https://sqs.us-east-1.amazonaws.com/123456789/your-queue

# CloudWatch Demo Configuration
AWS_CLOUDWATCH_LOG_GROUP=your-log-group

Verifying Deployment

Check Service Status

Terminal
$copilot svc status -n frontend -e staging
Service Status
  ACTIVE 1 / 1 running tasks

Last Deployment
  Updated At    2 minutes ago
  Task Definition    arn:aws:ecs:...

View Logs

Terminal
$copilot svc logs -n frontend -e staging --since 1h

Test the Demos

Navigate to your deployment URL and go to /demos. If configured correctly, you should see "Live AWS" badges instead of "Mock Mode".

Previous
AWS Copilot
Next
Costs & Cleanup

AWS Deployment Guide — Built with Next.js