You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It throws an error when trying to run ecs-cli local up with a Task Definition that retrieves data from AWS Secrets Manager
Description
Which specific command was run?
ecs-cli local create --task-def-remote my-task-definition --output docker-compose.ecs-local.yml --force
ecs-cli local up
Which version of the CLI you are using? (Run: ecs-cli --version) ecs-cli version 1.21.0 (bb0b8f0)
Which version of Go are you using? (Run: go version) Command go not found
What platform are you using to run ECS CLI commands? (E.g. Linux, macOS, Windows) Linux version 5.4.0-1029-aws (buildd@lcy01-amd64-022) (gcc version 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04)) #30-Ubuntu SMP Tue Oct 20 10:06:38 UTC 2020
Execute the docker-compose and have a container running
Observed Behavior
+ ecs-cli configure --region us-east-1 --cluster my-cluster
INFO[0000] Saved ECS CLI cluster configuration default.
+ ecs-cli local create --task-def-remote my-taskdefinition --output docker-compose.ecs-local.yml --force
INFO[0000] Reading task definition from my-taskdefinition:16
INFO[0000] Task Definition network mode is ignored when running containers locally. Tasks will be run in the ecs-local-network. networkMode=awsvpc
WARN[0000] awslogs log driver is ignored when running locally. Tasks will default to json-file instead. This can be changed in your compose override file.
INFO[0000] Successfully wrote docker-compose.ecs-local.yml
INFO[0000] Successfully wrote docker-compose.ecs-local.override.yml
+ ecs-cli local up
INFO[0000] The network ecs-local-network already exists
INFO[0000] The amazon-ecs-local-container-endpoints container already exists with ID a06557edbe0667a01a0be4a9e7269999d2cbe902c6a7894e09a11ef6eb308fb6
INFO[0000] Started container with ID a06557edbe0667a01a0be4a9e7269999d2cbe902c6a7894e09a11ef6eb308fb6
FATA[0000] Failed to decrypt secret due to
failed to retrieve decrypted secret from arn:aws:secretsmanager:us-east-1:*****:secret:my-namespace/my-app-*****:MY_FIRST_ENV:: due to ValidationException:Invalid name. Must be a valid name containing alphanumeric characters, or any of the following: -/_+=.@!
status code: 400, request id: 74d64845-e54b-4ab5-a007-119dafe8edb4: ValidationException: Invalid name. Must be a valid name containing alphanumeric characters, or any of the following: -/_+=.@!
status code: 400, request id: 74d64845-e54b-4ab5-a007-119dafe8edb4
I was unable to find where the invalid characters are. One of my hypothesis would be that somehow a required permission is not being given to the IAM role and therefore it is unable to retrieve the value and fails validation but if that is the case I am not sure which one it should be and I've tried to allow all Secrets Manager's permissions without success.
If I hardcode label values, then it works but not with Secrets Manager.
Am I missing anything obvious here? Any clues on this are highly appreciated!
The text was updated successfully, but these errors were encountered:
After looking through the source code it seems like it cannot handle references to a specific field in a secret, it can only fetch the whole secret value.
Summary
It throws an error when trying to run
ecs-cli local up
with a Task Definition that retrieves data from AWS Secrets ManagerDescription
Which version of the CLI you are using? (Run:
ecs-cli --version
)ecs-cli version 1.21.0 (bb0b8f0)
Which version of Go are you using? (Run:
go version
)Command go not found
What platform are you using to run ECS CLI commands? (E.g. Linux, macOS, Windows)
Linux version 5.4.0-1029-aws (buildd@lcy01-amd64-022) (gcc version 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04)) #30-Ubuntu SMP Tue Oct 20 10:06:38 UTC 2020
Config files
ecs-params.yml
N/A
~/.ecs/config
Expected Behavior
Execute the
docker-compose
and have a container runningObserved Behavior
I was unable to find where the invalid characters are. One of my hypothesis would be that somehow a required permission is not being given to the IAM role and therefore it is unable to retrieve the value and fails validation but if that is the case I am not sure which one it should be and I've tried to allow all Secrets Manager's permissions without success.
If I hardcode label values, then it works but not with Secrets Manager.
Am I missing anything obvious here? Any clues on this are highly appreciated!
The text was updated successfully, but these errors were encountered: