Terraform module to create a SecretManager secret and generate secrets definition to be injected in the ECS Container definition.
This module uses the recommended way of passing sensitive data from SecretManager to ECS Task without hardcoding any sensitive values in the ECS Container definition.
Usage
Passing specific keys to ECS task definition
module"secrets" {
source="exlabs/ecs-secrets-manager/aws"# We recommend pinning every module to a specific versionversion="1.1.0"name="data-pipeline-secrets"ecs_task_execution_roles=[
"ecs-task-execution-role1",
"ecs-task-execution-role2"
]
key_names=[
"STRIPE_PUBLIC_KEY",
"STRIPE_SECRET_KEY",
"STRIPE_WEBHOOK_SECRET"
]
}
resource"aws_ecs_task_definition""data_pipeline" {
#...container_definitions=jsonencode([
{
secrets = module.secrets.ecs_secrets,
#...
}
])
}
Passing the whole AWS Secret Manager secret to the ECS task as a single variable
module"secrets" {
source="exlabs/ecs-secrets-manager/aws"# We recommend pinning every module to a specific versionversion="1.1.0"name="data-pipeline-secrets"enable_secret_assigned_to_single_key=trueecs_task_execution_roles=[
"ecs-task-execution-role1",
"ecs-task-execution-role2"
]
# You can define your own key or leave it default then the key name is built based on the secret namekey_names=[
"YOUR_OWN_KEY"
]
}
resource"aws_ecs_task_definition""data_pipeline" {
#...container_definitions=jsonencode([
{
secrets = module.secrets.ecs_secrets,
#...
}
])
}
After terraform apply you have to go to the AWS Console SecretsManager dashboard, select created secret and set values by creating a key-value pair for each defined key name.