ci: add env from secrets

template.yml

@@ -46,7 +46,6 @@ Resources:
           Type: HttpApi
           Properties:
             ApiId: !Ref Api
-      Policies:
       Policies:
         - AWSSecretsManagerGetSecretValuePolicy:
             SecretArn: !Sub 'arn:aws:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:stori*'
@@ -106,13 +105,27 @@ Resources:
               BuildCommand: "pip install -r requirements.txt"
               StartCommand: "python server.py"
               Port: 8080
+              RuntimeEnvironmentVariables:
+                -
+                  Name: SERVER_PORT
+                  Value: 8080
+                -
+                  Name: STAGE
+                  Value: !Ref Stage
+                -
+                  Name: BUCKET_NAME
+                  Value: !Ref BucketName
+                -
+                  Name: SECRET_NAME
+                  Value: !Ref SecretName
               RuntimeEnvironmentSecrets:
                 -
                   Name: app-runner-secrets
-                  Value: "arn:aws:secretsmanager:us-west-2:339713191966:secret:stori-app-runner-secrets-6Zk2vI"
+                  Value: "arn:aws:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:stori-app-runner-secrets-6Zk2vI"
       InstanceConfiguration:
         Cpu: 1 vCPU
         Memory: 2 GB
+        InstanceRoleArn: !Sub "arn:aws:iam::${AWS::AccountId}:role/stori-instance-role-app-runner-${Stage}"
 
 Outputs:
   ApiUrl: