Difference between revisions of "How can I pass secrets or sensitive information securely to containers in an Amazon ECS task?"
Jump to navigation
Jump to search
| Line 25: | Line 25: | ||
{ | { | ||
name = "YOUR_NAME" | name = "YOUR_NAME" | ||
| − | valueFrom = "${var.yourvar}" == "" ? "arn:aws:ssm:${var.aws_region}:${data. | + | valueFrom = "${var.yourvar}" == "" ? "arn:aws:ssm:${var.aws_region}:${data.aws_caller_identity.current.account_id}:parameter/YOUR_PARAMETER${upper(var.env)}_YOUR_PASSWORD" : "arn:aws:ssm:${var.aws_region}:${data.aws_caller_identity.current.account_id}:parameter/YOUR_SECOND_PASSWORD" |
} | } | ||
], | ], | ||
Revision as of 13:59, 12 May 2023
- https://aws.amazon.com/premiumsupport/knowledge-center/ecs-data-security-container-task/
aws ssm put-parameter --type SecureStringaws secretsmanager create-secret
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "ecs-tasks.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
secrets = aws ssm put-parameter Terraform resource: aws_ssm_parameter
Related
secrets = [
{
name = "YOUR_NAME"
valueFrom = "${var.yourvar}" == "" ? "arn:aws:ssm:${var.aws_region}:${data.aws_caller_identity.current.account_id}:parameter/YOUR_PARAMETER${upper(var.env)}_YOUR_PASSWORD" : "arn:aws:ssm:${var.aws_region}:${data.aws_caller_identity.current.account_id}:parameter/YOUR_SECOND_PASSWORD"
}
],
See also
Advertising:
