Difference between revisions of "How can I pass secrets or sensitive information securely to containers in an Amazon ECS task?"
Jump to navigation
Jump to search
(8 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
* https://aws.amazon.com/premiumsupport/knowledge-center/ecs-data-security-container-task/ | * https://aws.amazon.com/premiumsupport/knowledge-center/ecs-data-security-container-task/ | ||
+ | * <code>[[aws ssm put-parameter --type SecureString]]</code> | ||
+ | * <code>[[aws secretsmanager create-secret]]</code> | ||
− | |||
− | |||
+ | {{ecs-tasks.amazonaws.com}} | ||
− | |||
+ | {{secrets valueFrom}} | ||
− | + | * <code>[[secrets =]]</code> | |
− | + | * [[Terraform resource: aws_ssm_parameter]] | |
− | |||
== Related == | == Related == | ||
− | * [[Terraform Secrets Manager]] | + | * [[Terraform Secrets Manager]]: <code>[[aws_secretsmanager_secret]]</code> |
* [[AWS Secrets Manager]] | * [[AWS Secrets Manager]] | ||
* [[AWS Systems Manager Parameter Store]] | * [[AWS Systems Manager Parameter Store]] | ||
+ | * <code>[[valueFrom]]</code> | ||
+ | |||
+ | |||
+ | <code><nowiki> | ||
+ | secrets = [ | ||
+ | { | ||
+ | name = "YOUR_NAME" | ||
+ | valueFrom = "${var.yourvar}" == "" ? "arn:aws:ssm:${var.aws_region}:${data.aws_caller_identity.current.account_id}:parameter/YOUR_PARAMETER${upper(var.env)}_YOUR_PASSWORD" : "arn:aws:ssm:${var.aws_region}:${data.aws_caller_identity.current.account_id}:parameter/YOUR_SECOND_PASSWORD" | ||
+ | } | ||
+ | ], | ||
+ | </nowiki></code> | ||
== See also == | == See also == | ||
+ | * {{aws_caller_identity}} | ||
* {{container_definitions}} | * {{container_definitions}} | ||
* {{secrets}} | * {{secrets}} | ||
[[Category:AWS]] | [[Category:AWS]] |
Latest revision as of 11:09, 18 May 2023
- https://aws.amazon.com/premiumsupport/knowledge-center/ecs-data-security-container-task/
aws ssm put-parameter --type SecureString
aws secretsmanager create-secret
{ "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": "ecs-tasks.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }
secrets = [ { name = "YOUR_SECRET" valueFrom = "arn:aws:ssm:${var.aws_region}:${data.aws_caller_identity.current.account_id}:parameter/YOUR_PARAMETER" } ],
Related[edit]
- Terraform Secrets Manager:
aws_secretsmanager_secret
- AWS Secrets Manager
- AWS Systems Manager Parameter Store
valueFrom
secrets = [
{
name = "YOUR_NAME"
valueFrom = "${var.yourvar}" == "" ? "arn:aws:ssm:${var.aws_region}:${data.aws_caller_identity.current.account_id}:parameter/YOUR_PARAMETER${upper(var.env)}_YOUR_PASSWORD" : "arn:aws:ssm:${var.aws_region}:${data.aws_caller_identity.current.account_id}:parameter/YOUR_SECOND_PASSWORD"
}
],
See also[edit]
- aws_caller_identity
container_definitions =, memory =, volumesFrom =, entrypoint =, command =, cpu =, essential =
- Secrets: Kubernetes secrets,
ansible-vault
, Hashicorp Vault, AWS Secrets Manager, Google Secret Manager,git-crypt
, SOPS: Secrets OPerationS, Google Cloud Secret Manager, GitHub secret scanning alerts
Advertising: