Amazon-ecs-agent: AWS Parameter Store for user specific secrets

Created on 22 Feb 2019  路  3Comments  路  Source: aws/amazon-ecs-agent

Summary

I am new to the ParamStore and ECS. But it seems to me that the new task definitions can import the secrets as Environment variables as long as the task definition is static

"secrets": [
{
"name": "mysecret",
"valueFrom": "arn:aws:secretsmanager:us-east-1:123456/mysecret-AbCdEf"
}

This is fine if the Task needs to get a secret of a service account.
But what if the Task needs to get the dynamically defined secret of the actual user?

In this case, it would be nice if TaskDefintion can accept either User variables or environment variables??

"secrets": [
{
"name": "mysecret",
"valueFrom": "arn:aws:secretsmanager:us-east-1:123456/{user-variable}/{environment-variable}-AbCdEf"
}

UserVariables could be like - userID, customerID
Environment variables could be like - Dev, Test, Pre-prod, Prod

kinfeature request
Source
picture pspanchal

All 3 comments

Also how to make the basic Parameter store and secret work for AWS Batch? The Parameter Store automatic insertion of secrets as Environment variables works fine for ECS. I thought ECS and Batch were fairly similar but maybe not.

pspanchal picture pspanchal on 23 Feb 2019

Currently we do not support dynamically defined secret. We have noted it down as a feature request.

shubham2892 picture shubham2892 on 7 Mar 2019
👎2

Also, as far as I know secrets are only available on ECS. Please refer to Batch documentation for more information.

shubham2892 picture shubham2892 on 7 Mar 2019
👎5
Was this page helpful?
0 / 5 - 0 ratings

Related issues

flowirtz picture flowirtz  路  5Comments
AbelGuti picture AbelGuti  路  5Comments
sparrc picture sparrc  路  4Comments
devotox picture devotox  路  3Comments
acmcelwee picture acmcelwee  路  4Comments