Secret
- class aws_cdk.aws_ecs.Secret
Bases:
object
A secret environment variable.
- ExampleMetadata:
infused
Example:
# secret: secretsmanager.Secret # db_secret: secretsmanager.Secret # parameter: ssm.StringParameter # task_definition: ecs.TaskDefinition # s3_bucket: s3.Bucket new_container = task_definition.add_container("container", image=ecs.ContainerImage.from_registry("amazon/amazon-ecs-sample"), memory_limit_mi_b=1024, environment={ # clear text, not for sensitive data "STAGE": "prod"}, environment_files=[ # list of environment files hosted either on local disk or S3 ecs.EnvironmentFile.from_asset("./demo-env-file.env"), ecs.EnvironmentFile.from_bucket(s3_bucket, "assets/demo-env-file.env")], secrets={ # Retrieved from AWS Secrets Manager or AWS Systems Manager Parameter Store at container start-up. "SECRET": ecs.Secret.from_secrets_manager(secret), "DB_PASSWORD": ecs.Secret.from_secrets_manager(db_secret, "password"), # Reference a specific JSON field, (requires platform version 1.4.0 or later for Fargate tasks) "API_KEY": ecs.Secret.from_secrets_manager_version(secret, ecs.SecretVersionInfo(version_id="12345"), "apiKey"), # Reference a specific version of the secret by its version id or version stage (requires platform version 1.4.0 or later for Fargate tasks) "PARAMETER": ecs.Secret.from_ssm_parameter(parameter)} ) new_container.add_environment("QUEUE_NAME", "MyQueue")
Methods
- abstract grant_read(grantee)
Grants reading the secret to a principal.
- Parameters:
grantee (
IGrantable
)- Return type:
Attributes
- arn
The ARN of the secret.
- has_field
Whether this secret uses a specific JSON field.
Static Methods
- classmethod from_secrets_manager(secret, field=None)
Creates a environment variable value from a secret stored in AWS Secrets Manager.
- Parameters:
secret (
ISecret
) – the secret stored in AWS Secrets Manager.field (
Optional
[str
]) – the name of the field with the value that you want to set as the environment variable value. Only values in JSON format are supported. If you do not specify a JSON field, then the full content of the secret is used.
- Return type:
- classmethod from_secrets_manager_version(secret, version_info, field=None)
Creates a environment variable value from a secret stored in AWS Secrets Manager.
- Parameters:
secret (
ISecret
) – the secret stored in AWS Secrets Manager.version_info (
Union
[SecretVersionInfo
,Dict
[str
,Any
]]) – the version information to reference the secret.field (
Optional
[str
]) – the name of the field with the value that you want to set as the environment variable value. Only values in JSON format are supported. If you do not specify a JSON field, then the full content of the secret is used.
- Return type:
- classmethod from_ssm_parameter(parameter)
Creates an environment variable value from a parameter stored in AWS Systems Manager Parameter Store.
- Parameters:
parameter (
IParameter
)- Return type: