Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support secret for ecs fargate task definition #1478

Closed
mouyigang opened this issue Jan 3, 2019 · 6 comments · Fixed by #2994
Closed

Support secret for ecs fargate task definition #1478

mouyigang opened this issue Jan 3, 2019 · 6 comments · Fixed by #2994
Labels
@aws-cdk/aws-ecs Related to Amazon Elastic Container feature-request A feature should be added or improved. good first issue Related to contributions. See CONTRIBUTING.md pr/blocked This PR cannot be merged or reviewed, because it is blocked for some reason.

Comments

@mouyigang
Copy link

I couldn't find a way to specify secret for task definition like this:

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html

Will this be supported?

Thanks,
Andy
@rix0rrr
Copy link
Contributor

rix0rrr commented Jan 4, 2019

It will be at some point, but as you correctly noted it isn't right now.

You can use the CloudFormation layer override mechanism to access CloudFormation capabilities that aren't exposed in our classes right now.

@rix0rrr rix0rrr added good first issue Related to contributions. See CONTRIBUTING.md feature-request A feature should be added or improved. @aws-cdk/aws-ecs Related to Amazon Elastic Container gap labels Jan 4, 2019
@BDQ
Copy link
Contributor

BDQ commented Jan 4, 2019

I looked into this, but it appear the secrets key isn't supported by Cloudformation yet, as per:

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinitions.html

So there's nothing that can be done via CDK until that's available?

@rix0rrr
Copy link
Contributor

rix0rrr commented Jan 4, 2019

Oh in that case, yes, it needs to be available in CloudFormation first.

@rix0rrr rix0rrr added the pr/blocked This PR cannot be merged or reviewed, because it is blocked for some reason. label Jan 4, 2019
@mouyigang
Copy link
Author

Not sure if console actually work it out without cloudformation or not, but it support secret:
screen shot 2019-01-04 at 15 09 46

@cynicaljoy
Copy link

The request to support secrets from CloudFormation is being tracked on the containers roadmap: aws/containers-roadmap#97

@ScottBrenner
Copy link

CloudFormation added support for secrets in ECS task definitions! aws/containers-roadmap#97 (comment)

jogold added a commit to jogold/aws-cdk that referenced this issue Jun 21, 2019
@jogold
feat(ecs): support secret environment variables
146f13e 
Add a union class to treat environment variable values whether they are given as clear text, from
a SSM parameter or a secret.

Closes aws#1478

BREAKING CHANGE: `environment` in `ecs.ContainerDefinition` now takes an object whose values are of
`ecs.EnvironmentValue` type.
@jogold jogold mentioned this issue Jun 21, 2019
Merged
4 tasks
johnwatsonncr pushed a commit to johnwatsonncr/aws-cdk that referenced this issue Jul 17, 2019
@john-watson-ppl
Support secret for ecs fargate task definition aws#1478
073b49c 
* added secrets array to ContainerDefinitionOptions
* added secrets to renderContainerDefinition method
johnwatsonncr pushed a commit to johnwatsonncr/aws-cdk that referenced this issue Jul 17, 2019
@john-watson-ppl
Support secret for ecs fargate task definition aws#1478
45c7e5d 
* added secrets array to ContainerDefinitionOptions
* added secrets to renderContainerDefinition method
johnwatsonncr pushed a commit to johnwatsonncr/aws-cdk that referenced this issue Jul 17, 2019
@john-watson-ppl
feat(ecs): Support secret for ecs fargate (aws#1478)
60ecffe 
ECS container definition can be configured with secrets as per
cloud formation specification
@johnwatsonncr johnwatsonncr mentioned this issue Jul 17, 2019
Closed
@nmussy nmussy mentioned this issue Jul 19, 2019
Closed
5 tasks
eladb pushed a commit that referenced this issue Jul 29, 2019
@jogold
feat(ecs): support secret environment variables (#2994)
bc233fa 
Add support for runtime secrets in containers by adding a union class to treat secret environment
variable values whether they are pulled from a SSM parameter or a AWS Secrets secret.

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html

Closes #1478
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-ecs Related to Amazon Elastic Container feature-request A feature should be added or improved. good first issue Related to contributions. See CONTRIBUTING.md pr/blocked This PR cannot be merged or reviewed, because it is blocked for some reason.
Projects
None yet
Milestone
No milestone
5 participants
@BDQ @cynicaljoy @ScottBrenner @rix0rrr @mouyigang