AWS Parameter Store
From version 23.1, Seqera Platform Enterprise can fetch configuration values from the AWS Parameter Store.
TOWER_DB_USER, TOWER_DB_PASSWORD, and TOWER_DB_URL values must be specified using environment variables during initial Seqera Enterprise deployment in a new environment. A new installation will fail if DB values are only defined in tower.yml or the AWS Parameter Store.
After the database has been created, these values can be added to AWS Parameter Store entries and removed from your environment variables.
Configuration values not supported in AWS Parameter Store
Due to the order of operations when deploying Seqera Enterprise, some configuration values can only be retrieved from environment variables (tower.env). The following configuration values are not supported by AWS Parameter Store and must be set as environment variables:
Environment variable | Description | Value |
|---|---|---|
| The user account to access your database. If you are using an external database, you must create this user manually. For installation in a new environment, this value must be set as an environment variable. | Default: |
| The user password to access your database. If you are using an external database, you must create this password manually. For installation in a new environment, this value must be set as an environment variable. | Default: |
| The URL to access your database. For installation in a new environment, this value must be set as an environment variable. | Example: |
| Application name. To run multiple instances of the same Seqera account, each instance must have a unique name, e.g., | Default: |
| Set | Default: |
| A comma-separated list of execution backends to enable. At least one is required. |
|
| Set to | Default: |
Configure Seqera to use AWS Parameter Store values
To enable Seqera use AWS Parameter Store values:
- Grant AWS Parameter Store permissions to your Seqera host instance.
- Add
TOWER_ENABLE_AWS_SSM=truein thetower.envconfiguration file. - Create individual parameters in the AWS Parameter Store (see below).
- Start your Seqera instance and confirm the following entries appear in the backend container log:
[main] - INFO i.m.context.DefaultBeanContext - Reading bootstrap environment configuration
[main] - INFO i.m.d.c.c.DistributedPropertySourceLocator - Resolved 2 configuration sources from client: compositeConfigurationClient(AWS Parameter Store)
Create configuration values in AWS Parameter Store
Store Seqera configuration values as individual parameters in the AWS Parameter Store.
The default application name is tower-app. To deploy multiple instances from the same Seqera Enterprise account, set a custom application name for each instance with the micronaut.application.name value in your tower.yml configuration file.
We recommend storing sensitive values, such as database passwords, as SecureString-type parameters. These parameters require additional IAM KMS key permissions to be decrypted.
Seqera does not support StringList parameters. Configuration parameters with multiple values can be created as comma-separated lists of String type.
To create Seqera configuration parameters in AWS Parameter Store, do the following:
- Navigate to the Parameter Store from the AWS Systems Manager Service console.
- From the My parameters tab, select Create parameter and populate as follows:
| Field | Description |
|---|---|
| Name | Use the format /config/<application_name>/<cfg_path>. <cfg_path> follows the tower.yml nesting hierarchy. See the configuration overview for specific paths.Example: /config/tower-app/mail.smtp.password : <your_smtp_password> |
| Description | (Optional) Description for the parameter. |
| Tier | Select Standard. |
| Type | Use SecureString for sensitive values like passwords and tokens. Use String for everything else. |
| Data type | Select text. |
| Value | Enter a plain text value (this is the configuration value used in Seqera). |