Skip to main content

Integrations

You must provide all the configuration values of an integration type when creating a Target for it to work properly.

Databases#

Mysql#

SQL scripts targeting a Mysql database.

Type: mysql

Configurations:

NameDescription
MYSQL_HOSTThe Mysql database hostname. No formatting or port numbers, just the hostname.
MYSQL_PORTThe database port number
MYSQL_DBThe name of the Mysql schema
MYSQL_USERThe database username
MYSQL_PASSThe database password

Postgres#

SQL scripts targeting a Postgres database.

Type: postgres

Configurations:

NameDescription
PG_HOSTThe Postgres database hostname. No formatting or port numbers, just the hostname.
PG_PORTThe port number
PG_DBThe name of the Postgres database
PG_USERThe database username
PG_PASSThe database password

MongoDB#

Javascript MongoDB queries

Type: mongodb

Configurations:

NameDescription
MONGO_HOSTThe MondoDB instance hostname
MONGO_USERThe username
MONGO_PASSThe password

Containers#

Kubernetes#

Supported Types

Type: k8s

kubectl commands. You don't need to provide the kubectl piece of the command in the script.

Example:

--script 'get pods'

Type: k8s-exec

Bash script targeting a Pod or Deployment running in a Kubernetes cluster. You can use this type of Task to run scripts inside running containers (Pods), including local HTTP calls with curl, Rails runner or Elixir IEX commands, and many more.

The script must have the format:  deploy/{deployment_name} -- {bash_script}, where bash_script will be executed inside one of the pods of deployment_name

Example:

--script 'deploy/rails-app -- rails runner "puts User.first.to_json"'

Configuration:

NameDescription
KUBE_CONFIG_DATAA base64 encoded kubeconfig YAML file. Check this guide for instructions on how to create the config file.

AWS ECS#

Type: ecs-exec

Bash script targeting a Task running in an ECS cluster. You can use this type of Task to run scripts inside running containers (Tasks), including local HTTP calls with curl, Rails runner or Elixir IEx commands, and many more.

--script 'rails runner "puts User.first.to_json"'

Configuration:

1. ECS Service#

Attach the following IAM policy to the ECS Task. Feel free to add specific clusters or tasks to the resources to limit access to the policy.

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ssmmessages:CreateControlChannel",
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenControlChannel",
"ssmmessages:OpenDataChannel"
],
"Resource": "*"
}
]
}

Set the enable-execute-command option to true in the ECS Service.

aws ecs update-service \
--service 'my-ecs-service' \
--cluster 'my-ecs-cluster' \
--enable-execute-command

2. AWS User for Runops#

A set of AWS credentials for a user with the following IAM policy. These are the credentials we will configure as Secrets. You can add specific ECS Clusters or Tasks to the Resource object to further limit the policy.

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecs:ExecuteCommand",
"ecs:DescribeTasks"
],
"Resource": "*"
}
]
}

3. Target secrets#

NameDescription
AWS_ACCESS_KEY_IDAWS Credentials.
AWS_SECRET_KEYAWS Credentials.
ECS_CLUSTERThe name of the ECS Cluster.
ECS_TASK_IDThe ID of the ECS Task.
ECS_CONTAINERThe name of the running container of the ECS Task.

Infrastructure#

Terraform#

Plan and apply Terraform projects from a remote Git repository.

Type: terraform

Configuration:

NameDescription
REPOSITORY_URLThe ssh-formated URL of the Git repository.
DEPLOY_KEYA base64-encoded private key for ssh access to the Git repository. This key can have only read-access to the repository.
CLIENT_IDAzure Client ID.
CLIENT_SECRETAzure Client Secret.
SUBSCRIPTION_IDAzure Subscription ID.
TENANT_IDAzure Tenant ID.
AWS_ACCESS_KEY_IDAWS Access Key ID.
AWS_SECRET_ACCESS_KEYAWS Secret Key.

Cloud#

AWS#

Bash scripts targeting an AWS Account using the AWS CLI binary or python boto3 scripts.

Type: awscli

AWS CLI commands

Type: python

Python with boto3 scripts

Configuration:

NameDescription
AWS_ACCESS_KEY_IDAWS Access Key ID.
AWS_SECRET_KEYAWS Secret Key.

GCP#

NameDescription
SERVICE_ACCOUNT_KEYA base64 Google Cloud Platform service account json file.

Azure#

Azure CLI (az) access.

Type: azurecli

Configuration:

NameDescription
CLIENT_IDAzure Client ID.
CLIENT_SECRETAzure Client Secret.
SUBSCRIPTION_IDAzure Subscription ID.
TENANT_IDAzure Tenant ID.

Heroku#

Heroku CLI access.

Configuration:

NameDescription
HEROKU_API_KEYThis token is used for authentication in all other Heroku API requests, and can be regenerated at will by the user in the heroku.com web interface.

Consoles#

Elixir IEx#

You can run iEX commands with any of the containers integrations for a running Elixir application. See Kubernetes or ECS

Rails#

Run Rails console commands

You can run Rails runner with any of the containers integrations for a running Elixir application. See Kubernetes or ECS

Django#

Django admin commands

You can run Django admin commands with any of the containers integrations for a running Elixir application. See Kubernetes or ECS

Custom markup