Secret

class aws_cdk.aws_apprunner_alpha.Secret

Bases: object

(experimental) A secret environment variable.

Stability:

experimental

ExampleMetadata:

infused

Example:

import aws_cdk.aws_secretsmanager as secretsmanager
import aws_cdk.aws_ssm as ssm

# stack: Stack


secret = secretsmanager.Secret(stack, "Secret")
parameter = ssm.StringParameter.from_secure_string_parameter_attributes(stack, "Parameter",
    parameter_name="/name",
    version=1
)

service = apprunner.Service(stack, "Service",
    source=apprunner.Source.from_ecr_public(
        image_configuration=apprunner.ImageConfiguration(
            port=8000,
            environment_secrets={
                "SECRET": apprunner.Secret.from_secrets_manager(secret),
                "PARAMETER": apprunner.Secret.from_ssm_parameter(parameter),
                "SECRET_ID": apprunner.Secret.from_secrets_manager_version(secret, version_id="version-id"),
                "SECRET_STAGE": apprunner.Secret.from_secrets_manager_version(secret, version_stage="version-stage")
            }
        ),
        image_identifier="public.ecr.aws/aws-containers/hello-app-runner:latest"
    )
)

service.add_secret("LATER_SECRET", apprunner.Secret.from_secrets_manager(secret, "field"))
Stability:

experimental

Methods

abstract grant_read(grantee)

(experimental) Grants reading the secret to a principal.

Parameters:

grantee (IGrantable) –

Stability:

experimental

Return type:

Grant

Attributes

arn

(experimental) The ARN of the secret.

Stability:

experimental

has_field

(experimental) Whether this secret uses a specific JSON field.

Stability:

experimental

Static Methods

classmethod from_secrets_manager(secret, field=None)

(experimental) Creates a environment variable value from a secret stored in AWS Secrets Manager.

Parameters:

  • secret (ISecret) – the secret stored in AWS Secrets Manager.

  • field (Optional[str]) – the name of the field with the value that you want to set as the environment variable value. Only values in JSON format are supported. If you do not specify a JSON field, then the full content of the secret is used.

Stability:

experimental

Return type:

Secret

classmethod from_secrets_manager_version(secret, version_info, field=None)

(experimental) Creates a environment variable value from a secret stored in AWS Secrets Manager.

Parameters:

  • secret (ISecret) – the secret stored in AWS Secrets Manager.

  • version_info (Union[SecretVersionInfo, Dict[str, Any]]) – the version information to reference the secret.

  • field (Optional[str]) – the name of the field with the value that you want to set as the environment variable value. Only values in JSON format are supported. If you do not specify a JSON field, then the full content of the secret is used.

Stability:

experimental

Return type:

Secret

classmethod from_ssm_parameter(parameter)

(experimental) Creates an environment variable value from a parameter stored in AWS Systems Manager Parameter Store.

Parameters:

parameter (IParameter) –

Stability:

experimental

Return type:

Secret