AWS ECS - How to retrieve specific key from secret manager?

Since February 2020, ECS task definition now supports reading AWS Secrets Manager secrets from a key within a JSON object for tasks using the EC2 launch type.

You could add the following in the containerDefinitions of your task definition file

{
  "containerDefinitions": [{
    "secrets": [{
      "name": "<environment_variable_name>",
      "valueFrom": "arn:aws:secretsmanager:<region>:<account_id>:secret:<secret_name>:<json_key>::"
    }]
  }]
}

Reference: AWS ECS secret manager documentation

Using secret it is not possible and you have to do the decoding inside the program.

Generally when ECS will retrieve the secrets it will give us that in json object like {"admin":"admin","pas":"pas"} and we have to decode it programmatically.

But another alternative will be make use of the AWS System Manager parameter store [1] to store secrets and in that case ECS will give you directly actual value for it.

[1] https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html

AWS ECS - How to retrieve specific key from secret manager?

Tags:

Amazon Ecs

Aws Secrets Manager

Related

Recent Posts