Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(ecs): secret JSON key for environment variables #6435

Merged
merged 9 commits into from
Apr 6, 2020
Merged

feat(ecs): secret JSON key for environment variables #6435

merged 9 commits into from
Apr 6, 2020

Conversation

jogold
Copy link
Contributor

@jogold jogold commented Feb 25, 2020
edited
Loading

Commit message

feat(ecs): secret JSON key for environment variables

Amazon Elastic Container Service now supports reading AWS Secrets Manager secrets from a key within a JSON object.

See https://aws.amazon.com/about-aws/whats-new/2020/02/amazon-ecs-now-supports-aws-secrets-manager-version-and-json-keys/

Closes #5665

End of commit message

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: 810e93d
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: 0ec661d
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: 027071f
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: d6c3c36
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@uttarasridhar uttarasridhar added the @aws-cdk/aws-ecs Related to Amazon Elastic Container label Mar 9, 2020
@jogold jogold changed the title feat(ecs): secret JSON key for environment variables feat(ecs): secret JSON field for environment variables Mar 27, 2020
@jogold jogold changed the title feat(ecs): secret JSON field for environment variables feat(ecs): secret JSON key for environment variables Mar 27, 2020
@jogold
Copy link
Contributor Author

jogold commented Mar 27, 2020

Any update/feedback here?

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: b4537f3
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@alukach
Copy link
Contributor

alukach commented Apr 5, 2020

This is looking great and would be very useful. @eladb any thoughts on ability to get this merged?

sonofachamp
sonofachamp reviewed Apr 6, 2020
View reviewed changes
Copy link

@sonofachamp sonofachamp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall LGTM. Minor feedback regarding some extra characters in integ example and document string.

@piradeepk piradeepk assigned sonofachamp and unassigned SoManyHs and piradeepk Apr 6, 2020
@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: ef56762
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify
Copy link
Contributor

mergify bot commented Apr 6, 2020

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: 313e0bb
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: 3715c1c
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify
Copy link
Contributor

mergify bot commented Apr 6, 2020

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit 97959f6 into aws:master Apr 6, 2020
horsmand pushed a commit to horsmand/aws-cdk that referenced this pull request Apr 8, 2020
@jogold @horsmand
feat(ecs): secret JSON key for environment variables (aws#6435)
06bc158 
feat(ecs): secret JSON key for environment variables

Amazon Elastic Container Service now supports reading AWS Secrets Manager secrets from a key within a JSON object.

See https://aws.amazon.com/about-aws/whats-new/2020/02/amazon-ecs-now-supports-aws-secrets-manager-version-and-json-keys/

Closes aws#5665
@RikJansen81
Copy link

It seems this cloudformation-feature is only supported for ECS using the EC2 launch type, but not for Fargate:

aws/containers-roadmap#385 (comment)
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data-secrets.html

Perhaps an idea to add this to the docs (and review the fargate-tests in the 97959f6)?

@jogold
Copy link
Contributor Author

jogold commented Apr 16, 2020

It seems this cloudformation-feature is only supported for ECS using the EC2 launch type, but not for Fargate:

aws/containers-roadmap#385 (comment)
docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data-secrets.html

Perhaps an idea to add this to the docs (and review the fargate-tests in the 97959f6)?

You are right, see #7317

@jogold jogold deleted the ecs-secret-key-env branch April 16, 2020 11:02
@ivawzh
Copy link

ivawzh commented Apr 30, 2020

Awesome work! @jogold May I plz confirm if ecs.Secret.fromSecretsManager is going to support RDS secret autorotation?

@jogold
Copy link
Contributor Author

jogold commented Apr 30, 2020

Awesome work! @jogold May I plz confirm if ecs.Secret.fromSecretsManager is going to support RDS secret autorotation?

What do you mean exactly?

@ivawzh
Copy link

ivawzh commented Apr 30, 2020

I guess I have misunderstood the rotation feature of Secrets Manager. I thought it automatically triggers my services to update the password and redeploy the service when a secret is rotated. It seems not the case.

@picosam
Copy link

picosam commented Mar 27, 2021

I guess I have misunderstood the rotation feature of Secrets Manager. I thought it automatically triggers my services to update the password and redeploy the service when a secret is rotated. It seems not the case.

Hello, that's what I thought as well. May you explain what the case is as you found it out to be?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sonofachamp sonofachamp sonofachamp left review comments

@eladb eladb eladb approved these changes

Assignees

@sonofachamp sonofachamp

Labels
@aws-cdk/aws-ecs Related to Amazon Elastic Container
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

How to use only password of secret from RDS in ECS