Reputation: 386
How to inject *all* secrets into an ECS task using CDK
I'm using AWS-CDK to deploy an ECS cluster, and I'd like to add secrets from the Secrets Manager. The secret is a large JSON blob with many key/value pairs. I'm including the secrets in my task definition using the following in my task definition:
secrets: {
FOO: Secret.fromSecretsManager(mySecret, 'FOO'),
BAR: Secret.fromSecretsManager(mySecret, 'BAR'),
BAZ: Secret.fromSecretsManager(mySecret, 'BAZ'),
...
}
This works fine, but I have to manually add every single secret key to this task definition, which is starting to get unwieldy.
Is it possible to dynamically inject all key/value pairs that are defined in a given secret?
Upvotes: 2
Views: 1089
Answers (1)
Reputation: 11531
CDK doesn't know what fields your secret has, and the task definition has to have each secret specified explicitly.
So your only solution, besides modifying the structure of the Secret (sounds like you could do with multiple secrets), would be to pass the whole JSON string to the container and have it parse it out.
Upvotes: 2
Related Questions
- Create secrets in AWS Secrets Manager
- How to access Secret Manager secrets with ECS task?
- Set Secret with Key in AWS Fargate Task from SecretsManager with CDK .NET
- ECS task unable to pull secrets or registry auth
- Concatenate AWS Secrets in aws-cdk for ECS container
- Using secrets from AWS Secrets Manager in a CDK stack using ECS + Fargate
- How to inject secrets to ecs task definitions using aws-cdk
- AWS CDK - Possible to access individual (JSON) value within a Secrets Manager secret when specifying secrets for a container?
- Managing secrets with aws cli register task definition
- How to set up secrets in ECS task definition for container environment variable?