Difference between revisions of "How can I pass secrets or sensitive information securely to containers in an Amazon ECS task?"

• https://aws.amazon.com/premiumsupport/knowledge-center/ecs-data-security-container-task/
• aws ssm put-parameter --type SecureString
• aws secretsmanager create-secret

 {
 "Version": "2012-10-17",
 "Statement": [
   {
     "Sid": "",
     "Effect": "Allow",
     "Principal": {
       "Service": "ecs-tasks.amazonaws.com"
     },
     "Action": "sts:AssumeRole"
   }
 ]
}

secrets =
aws ssm put-parameter
Terraform resource: aws_ssm_parameter

Related

• Terraform Secrets Manager
• AWS Secrets Manager
• AWS Systems Manager Parameter Store
• valueFrom

secrets = [ { name = "YOUR_NAME" valueFrom = "${var.yourvar}" == "" ? "arn:aws:ssm:${var.aws_region}:${data.aws_caller_identity.current.account_id}:parameter/YOUR_PARAMETER${upper(var.env)}_YOUR_PASSWORD" : "arn:aws:ssm:${var.aws_region}:${data.aws_caller_identity.current.account_id}:parameter/YOUR_SECOND_PASSWORD" } ],

See also

• aws_caller_identity
• container_definitions =, memory =, volumesFrom =, entrypoint =, command =, cpu =, essential =
• Secrets: Kubernetes secrets, ansible-vault, Hashicorp Vault, AWS Secrets Manager, Google Secret Manager, git-crypt, SOPS: Secrets OPerationS, Google Cloud Secret Manager