AppConfig Client Configuration

IAM role that you would be using to fetch the configuration details must have permissions to access configurations from AWS AppConfig. For the same, Following policy must be configured for IAM role:

{
 "Version": "2012-10-17",
 "Statement": [
   { 
    "Sid": "VisualEditor0",
    "Effect": "Allow",
    "Action": [         
      "appconfig:GetLatestConfiguration",
      "appconfig:StartConfigurationSession",
      "appconfig:ListApplications",
      "appconfig:GetApplication",
      "appconfig:ListEnvironments",
      "appconfig:GetEnvironment",
      "appconfig:ListConfigurationProfiles",
      "appconfig:GetConfigurationProfile",
      "appconfig:GetConfiguration",
      "appconfig:ListDeployments",             
      "appconfig:GetDeployment"
     ],
     "Resource": "*"
    }
  ]
}

To connect to the AWS Systems Manager AppConfig, provide below configuration at runtime.

Property Name	Required	Data Type	Description
FLOGO_APP_PROPS_AWS_APPCONFIG	Yes	Boolean	Set this as True to enable the AWS AppConfig support feature.
AWS_APPCONFIG_PROFILE_NAME	Yes	String	This is name of the configuration profile created while defining the properties in AppConfig.
AWS_APPCONFIG_ENV_NAME	Yes	String	This is name of the environment provided while creating application in the AppConfig.
AWS_APPCONFIG_APP_IDENTIFIER_NAME	No	String	Set app identifier name for AWS AppConfig. If the name is not set, it takes the name as that of your Flogo app. It is required only if your AWS AppConfig app identifier name does not match with the Flogo app name.
AWS_APPCONFIG_REGION	No	String	Select AWS region where your Appconfig is located. This field is not required when your app binary (executable) is running on AWS EC2 instance in the same region as that of your AppConfig region. For all other cases, you must set the region.
AWS_APPCONFIG_ACCESS_KEY_ID	No	String	If the access key ID is not provided, it is picked up by following the AWS default credentials provider chain. For flogo app deployment on TCI, you must provide this value.
AWS_APPCONFIG_SECRET_ACCESS_KEY	No	String	If the secret access key is not provided, it is picked up by following the AWS default credentials provider chain. For flogo app deployment on TCI, you must provide this value.
AWS_APPCONFIG_SESSION_TOKEN	No	String	Set this if you want to use your session token for AWS AppConfig API calls.
AWS_APPCONFIG_ASSUMEDROLE_ARN	No	String	Set the assume role ARN if you want to use assumed role to fetch the values from AWS AppConfig.

Tip: For sensitive fields such as ACCESS_KEY_ID, SECRET_ACCESS_KEY, and SESSION_TOKEN an encrypted value can be provided in this configuration. See the Encrypting Password Values section for information on how to encrypt a string.

Note: The encrypted value must be prefixed with SECRET: For example, SECRET:b0UaK3bTyD9wN+ZJkmlKRmojhAv+