Accessing environment variables in AWS Beanstalk ebextensions
Master System Design with Codemia
Enhance your system design skills with over 120 practice problems, detailed solutions, and hands-on exercises.
Introduction
In Elastic Beanstalk, environment variables can be defined through .ebextensions, but where and how you read them depends on what is consuming them. Your application can usually read them as normal process environment variables. Deployment-time shell commands often need a platform-aware way to retrieve the same values reliably.
Define Environment Variables in .ebextensions
A common pattern is to set them with option_settings.
Place that in a file such as .ebextensions/01-environment.config at the root of the application bundle.
This tells Elastic Beanstalk to create application environment properties for the running environment.
Access Them in the Application
Once set, your app usually reads them through the normal runtime environment.
For Python:
For Node.js:
That is the simplest and most common use case.
Access Them During Deployment-Time Commands
The trickier part is accessing those values inside .ebextensions commands or scripts. A reliable platform-aware tool is get-config.
You can query a specific variable inside a shell command:
This is better than assuming every deployment shell has the exact same exported environment behavior across platform versions.
Understand the Two Contexts
It helps to separate the two places environment variables matter:
- runtime application process
- deployment/configuration scripts
The variable may exist in both contexts, but the access pattern is not always identical. Many Beanstalk problems come from assuming that because the app can read a variable, a shell command in .ebextensions can read it the same way without using Beanstalk's tooling.
Avoid Storing Secrets Directly in Source
Although .ebextensions can define environment properties, it is usually a poor place to hard-code secrets because the configuration is often stored in version control. For secrets, use a safer source such as Parameter Store or Secrets Manager and inject them through a controlled deployment path.
That keeps .ebextensions focused on environment wiring rather than becoming a secret-storage file.
Prefer Clear Ownership of Configuration
A deployment is easier to operate when each variable has one clear source of truth. If some values come from .ebextensions, others from console overrides, and others from scripts, debugging becomes harder because the effective runtime configuration is spread across too many places.
Debug the Active Environment, Not the File Alone
A .config file can look correct in source control and still not be the effective runtime configuration if deployment packaging, environment overrides, or later configuration layers changed the final result. When debugging, verify the running environment in addition to reading the .ebextensions file itself.
That is why environment-variable debugging on Beanstalk is really a deployment-state problem as much as a YAML problem.
Common Pitfalls
- Defining variables in
.ebextensionsbut forgetting that the application still reads them through the normal process environment. - Assuming deployment-time shell commands see the same environment shape without using
get-config. - Putting secrets directly into version-controlled
.ebextensionsfiles. - Misplacing
.ebextensionsfiles so Elastic Beanstalk never processes them. - Mixing runtime app configuration and deployment-script logic without understanding which context is being debugged.
Summary
- Use
.ebextensionsoption_settingsto define environment properties for Elastic Beanstalk. - Application code usually reads those variables through the normal runtime environment.
- Deployment-time scripts should use
/opt/elasticbeanstalk/bin/get-config environmentfor reliable access. - Keep secrets out of committed
.ebextensionsfiles. - Most confusion comes from mixing application runtime access with deployment-time shell access.

