Secret

class aws_cdk.aws_ecs.Secret

Bases: object

A secret environment variable.

ExampleMetadata:

infused

Example:

# secret: secretsmanager.Secret
# parameter: ssm.StringParameter


task_definition = ecs.Ec2TaskDefinition(self, "TaskDef")
task_definition.add_container("TheContainer",
    image=ecs.ContainerImage.from_registry("example-image"),
    memory_limit_mi_b=256,
    logging=ecs.LogDrivers.firelens(
        options={},
        secret_options={ # Retrieved from AWS Secrets Manager or AWS Systems Manager Parameter Store
            "apikey": ecs.Secret.from_secrets_manager(secret),
            "host": ecs.Secret.from_ssm_parameter(parameter)}
    )
)

Methods

abstract grant_read(grantee)

Grants reading the secret to a principal.

Parameters:

grantee (IGrantable) –

Return type:

Grant

Attributes

arn

The ARN of the secret.

has_field

Whether this secret uses a specific JSON field.

Static Methods

classmethod from_secrets_manager(secret, field=None)

Creates a environment variable value from a secret stored in AWS Secrets Manager.

Parameters:

  • secret (ISecret) – the secret stored in AWS Secrets Manager.

  • field (Optional[str]) – the name of the field with the value that you want to set as the environment variable value. Only values in JSON format are supported. If you do not specify a JSON field, then the full content of the secret is used.

Return type:

Secret

classmethod from_secrets_manager_version(secret, version_info, field=None)

Creates a environment variable value from a secret stored in AWS Secrets Manager.

Parameters:

  • secret (ISecret) – the secret stored in AWS Secrets Manager.

  • version_info (Union[SecretVersionInfo, Dict[str, Any]]) – the version information to reference the secret.

  • field (Optional[str]) – the name of the field with the value that you want to set as the environment variable value. Only values in JSON format are supported. If you do not specify a JSON field, then the full content of the secret is used.

Return type:

Secret

classmethod from_ssm_parameter(parameter)

Creates an environment variable value from a parameter stored in AWS Systems Manager Parameter Store.

Parameters:

parameter (IParameter) –

Return type:

Secret