Menu
I may be missing something obvious here, but I can't seem to find documentation about retrieving a specific key/value from a secrets manager secret for an ECS task definition.
I have a secret with an ARN like so...
arn:aws:secretsmanager:<region>:<account>:secret:LDAP_Bind_Credentials-abcd
Within this secret I have key/value pairs like so...
LDAP_BIND_USER: <ldap bind user name>
LDAP_BIND_PASSWORD: <ldap bind user password>
What I want to be able to do, is define the environment variables in my task definition LDAP_BIND_USER and LDAP_BIND_PASSWORD, and reference the appropriate key within my secret.
Is this actually possible, or am I supposed to actually do the decoding of the key/value pairs within my program?
The documentation only seems to reference the ARN of the secret itself, not the key/value pairs within the secret.
423
Since February 2020, ECS task definition now supports reading AWS Secrets Manager secrets from a key within a JSON object for tasks using the EC2 launch type.
You could add the following in the containerDefinitions of your task definition file
{
"containerDefinitions": [{
"secrets": [{
"name": "<environment_variable_name>",
"valueFrom": "arn:aws:secretsmanager:<region>:<account_id>:secret:<secret_name>:<json_key>::"
}]
}]
}
Reference: AWS ECS secret manager documentation
161
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
