Using Route53 as a Key Value Store in GitHub Actions
doug.shYou all do know that AWS SSM Parameter Store exists, right? It’s literally a KV store explicitly for this purpose. Parameters are scoped by path, versioned, are have optional encryption at rest.
Like you’re using the AWS cli! It’s one call to https://docs.aws.amazon.com/cli/latest/reference/ssm/get-par... away.
It even has built in Ansible support https://docs.ansible.com/ansible/latest/collections/amazon/a... and can values can be rendered in Cloudformation templates natively.
Too hard? Maybe try Chamber https://github.com/segmentio/chamber It has support for multiple backends and can render secrets in lots of different formats.
Ha! This is a novel idea for KV storage. Even reasonably secure if it's the private hosted zone used in the post.
I wonder if you used the public zone option and did the nslookup as specified if you'd run into wrong or empty state while it propagates (assuming you need the value shortly after it's stored). Either way, using the awscli would pull it write away so it wouldn't matter.
Anyway, cool idea!
Very hacky -- in both a good sense and a bad sense.
Seems like there are tons of SaaS & cloud service offerings which could be overloaded to do this. Eg, why not just use resource Tags in AWS? they are key/value pairs. Or, why not put your key-values in a json file and store them as a GitHub workflow artifact? etc......
You are crazy! You have my admirations.
Yep.