Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

alfrednutile's avatar

Best Practice using on-demand queues from Amazon and .env files

We have an app on an EC2 that uses SQS for the queue. When the queue gets x number of jobs it spins up a number of EC2 images (workers the call it) to start taking jobs out of the queue. We are dealing with 2 workflow issues, updating the queue workers and updating all the .env files. And we have two "solutions" but want to see if others have ideas or what we might be missing.

Problem 1

How to update all the Queue Workers (EC2 calls them workers cause they are not being used for Web) when pushing to Prod or Stage

Solution

When we deploy to Production, or Stage the script (Envoy) puts the Main Site (the one the users use) into maintenance mode. Then it gets updated eg latest git latest composer install.

After that the script calls the the workers (those workers might have jobs in the queue and there may only be 1 worker or 10) and runs the same updates on them (git and composer). Since AWS has an API that will allows us to know what workers exist if any we should be able to run the scripts on them via ssh.

Problem 2

We have an .env file with settings so each time a developer adds a setting they have to go to the other servers (dev, stage and prod) and add them there as well as tell the other developers to add them to their local (since the .env file is not in git). And on the EC2 image we use for the workers that needs an update as well. All repos are private that we use for git btw.

Solution

We start to better use the one variable APP_ENV='foo' and then set the settings (hard coded) into app/config/queue.php app/config/mail.php etc. These are all private git repos. Each developer has the same local environment using homestead.

0 likes
3 replies
jimmy.puckett's avatar

@alfrednutile, we use AWS with auto scaling groups for several of our projects, and we did it a little differently that you are...

We have Jenkins build new servers using packer with fresh OS updates and fresh code upon commits to the repo, and then save off the server as an AMI to s3 buckets. Then we spin up new workers with the latest AMI behind the LB, and shut the old ones down. We have worked very hard to not have a situation where an update forces a core change that an old worker would not be able to process jobs in the queue during this update window. This allows us to do rolling updates throughout the day.

We have actually gone as far as disabling ssh all together, so there is no remote management of the servers--you have to script out the changes to the OS. We are using Chef to bake the servers.

We have this all working with several L4 projects, and are looking into the best way to do this with an L5 project that we are starting in a few weeks, and our current plan is to have Jenkins drop the .env file on the server before writing it off as an AMI. We already have AMI's for each of our environments, so this works for us.

The reason that we are staying with .env's over just coding the sensitive variables in the config//whatever.php file, is that we actually have the a Jenkins server that belongs to & lives in each of our clients VPC's at AWS, so they are the only ones that have the production & sandbox credentials that gets baked into the AMI, so we never have those permissions.

I hope that idea may be of help to you.

As a side note, we are actually, moving all of this to Docker, as our build process is taking a little longer than we want to bake an entire AMI for each commit, so we are going to be spinning off smaller Docker containers, so that maybe something that you consider too.

alfrednutile's avatar

@jimmy.puckett thanks! I will take this back to the group and talk about it. We were going docker too but backed off as we work to meet a release date coming up. Also Amazon is releasing a container service soon that might make it easier than the ElasticBeanstalk / RDS setup we spent a week on.

jimmy.puckett's avatar

Ya, we have been "playing" with docker, but was not overly interested in it for "production" until AWS announced the container service. Now we are moving that direction. Since all of our servers were already scripted out to build with Chef, we just have to make some slight changes with our deployment steps, and then have packer spit out the containers.

Please or to participate in this conversation.