-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[aws-ecs] Allow for field prop in ecs.Secret.fromSecretsManager for Fargate launch type #10733
Comments
Unfortunately this is currently not supported by ECS for tasks that use the Fargate launch type: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data-secrets.html
|
This is why this ticket is a feature request ;) Ideally, if there are enough up votes then this may possible. I get that this is a limitation with ECS currently but that doesn't mean that this feature request is not warranted. I have numerous projects that will have to be refactored a bit to get this to work and I think that this limitation should be considered for review. Either way, I am going to have to refactor but this is not ideal for the long haul. |
FYI this is currently tracked here aws/containers-roadmap#385 |
@jogold Thank you! |
|
This is now Possible can we make that feature available? https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data-secrets.html |
See #11348 + workaround here #11341 (comment) |
Allow for using
field
values forecs.Secret.fromSecretsManager(cdkTestSecret),
for the Fargate launch type.Currently, if you try to use the
field
prop, you will see this message:Use Case
Our systems are already designed to use ENV Vars, this limitation means we need to modify the systems now to parse the json and build a way to add this into the ENV vars. Although, once inside the app, this is not as secure.
e.g. in PHP you can disable the
$_ENV
super global and force the usage ofgetenv
. I cannot do this with the current limitation and this would expose the secrets to the$_ENV
super global. This is not ideal but it's the fastest solution I can do to not break existing system.Proposed Solution
Please allow the use of
field
from the secrets manager for Fargate launch typesThis is a 🚀 Feature Request
The text was updated successfully, but these errors were encountered: