Aws-cdk: [aws-ecs] Fargate launch type now supports secretmanager parameter names

Created on 6 Nov 2020  路  2Comments  路  Source: aws/aws-cdk

As mentioned in this issue and here AWS ECS Fargate now supports fetching a specific json field in a secret.

The CDK ecs module supports specifying a field in Secret.fromSecretsManager(secret, field?) method, but if you specify a field when using the Fargate launch type then you currently get an error message that this is not supported Cannot specify secret JSON field for a task using the FARGATE launch type: 'SECRET' in container 'container'.

It would be really nice if this new ECS feature could make it into CDK quickly!

Use Case


I want to keep one secretsmanager secret with f.e 'my-container-env' and use that secret with various fields to specify my container environment for fargate tasks, instead of having to use ssm or one secret for each value.

Proposed Solution


Not sure. The resources I found dont say whether this is supported in CloudFormation too right away. If it is, maybe you could just start allowing this 'field' to be present in fargate tasks too!

Other

  • [ ] :wave: I may be able to implement this feature request
  • [ ] :warning: This feature might incur a breaking change

This is a :rocket: Feature Request

@aws-cdaws-ecs feature-request in-progress needs-triage
Source
picture fongie
👍5

Most helpful comment

Until #11348 is released, you can unblock yourself like this:

// `secret` is your secret
// `specificField` is the field to be extracted
taskDefinition.addContainer('MyContainer', {
  // ... other props ...
  secrets: {
    SECRET_SPECIFIC_FIELD: {
      arn: `${secret.secretArn}:specificField::`,
      grantRead: grantee => secret.grantRead(grantee),
    },
  },
});

(requires platform version 1.4.0)

picture jogold on 8 Nov 2020
👍4

All 2 comments

Until #11348 is released, you can unblock yourself like this:

// `secret` is your secret
// `specificField` is the field to be extracted
taskDefinition.addContainer('MyContainer', {
  // ... other props ...
  secrets: {
    SECRET_SPECIFIC_FIELD: {
      arn: `${secret.secretArn}:specificField::`,
      grantRead: grantee => secret.grantRead(grantee),
    },
  },
});

(requires platform version 1.4.0)

jogold picture jogold on 8 Nov 2020
👍4

鈿狅笍COMMENT VISIBILITY WARNING鈿狅笍

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

github-actions[bot] picture github-actions[bot] on 13 Nov 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

mirazmamun picture mirazmamun  路  3Comments
schof picture schof  路  3Comments
eladb picture eladb  路  3Comments
ababra picture ababra  路  3Comments
peterdeme picture peterdeme  路  3Comments