Create Taskdefinition

Unfortunately for tasks that use the Fargate launch type it is only supported to inject the full contents of a secret as an environment variable. Specifying a specific JSON key or version is not supported at this time. This limitation is being discussed on the link aws/containers-roadmap#385 Due the limitation on Fargate Launch Type, In regards of using ImportValue function on Cloudformation, you can import an value for example: ValueFrom: !ImportValue "Secretexport" *On my case, Secretexport is the Secret ARN And then you will need to parse the value, for example on the entrypoint: - "export MyPWD=$(echo ${passwordfromsm} | jq -r '.password')"
maiconrocha · Jun 22, 2020 · f94e5c4 · f94e5c4
1 parent c5acba8
commit f94e5c4
Showing 1 changed file with 30 additions and 0 deletions.
diff --git a/cfn/taskdefinition b/cfn/taskdefinition
@@ -0,0 +1,30 @@
+AWSTemplateFormatVersion: 2010-09-09
+Resources:
+  taskdefinition: 
+    Type: AWS::ECS::TaskDefinition
+    Properties: 
+      RequiresCompatibilities:
+        - "EC2"
+        - "FARGATE"
+      ExecutionRoleArn: "arn:aws:iam::XXXXXXXX:role/ecsTaskExecutionRole"
+      NetworkMode: "awsvpc"
+      Cpu: 256
+      Memory: 512
+      ContainerDefinitions:      
+        - 
+          Name: "busybox"
+          Image: "stedolan/jq"
+          EntryPoint: 
+            - "sh"
+            - "-c"
+            - "export MyPWD=$(echo ${passwordfromsm} | jq -r '.password')"
+          Secrets:
+            - Name: passwordfromsm
+              ValueFrom: !ImportValue "Secretexport"          
+          Essential: true
+          LogConfiguration:
+            LogDriver: awslogs
+            Options:
+              awslogs-region: ap-southeast-2
+              awslogs-group: secretlog
+              awslogs-stream-prefix: se