class Secret
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.ECS.Secret |
 Java | software.amazon.awscdk.services.ecs.Secret |
 Python | aws_cdk.aws_ecs.Secret |
 TypeScript (source) | @aws-cdk/aws-ecs » Secret |
A secret environment variable.
Example
declare const secret: secretsmanager.Secret;
declare const dbSecret: secretsmanager.Secret;
declare const parameter: ssm.StringParameter;
declare const taskDefinition: ecs.TaskDefinition;
declare const s3Bucket: s3.Bucket;
const newContainer = taskDefinition.addContainer('container', {
image: ecs.ContainerImage.fromRegistry("amazon/amazon-ecs-sample"),
memoryLimitMiB: 1024,
environment: { // clear text, not for sensitive data
STAGE: 'prod',
},
environmentFiles: [ // list of environment files hosted either on local disk or S3
ecs.EnvironmentFile.fromAsset('./demo-env-file.env'),
ecs.EnvironmentFile.fromBucket(s3Bucket, 'assets/demo-env-file.env'),
],
secrets: { // Retrieved from AWS Secrets Manager or AWS Systems Manager Parameter Store at container start-up.
SECRET: ecs.Secret.fromSecretsManager(secret),
DB_PASSWORD: ecs.Secret.fromSecretsManager(dbSecret, 'password'), // Reference a specific JSON field, (requires platform version 1.4.0 or later for Fargate tasks)
API_KEY: ecs.Secret.fromSecretsManagerVersion(secret, { versionId: '12345' }, 'apiKey'), // Reference a specific version of the secret by its version id or version stage (requires platform version 1.4.0 or later for Fargate tasks)
PARAMETER: ecs.Secret.fromSsmParameter(parameter),
},
});
newContainer.addEnvironment('QUEUE_NAME', 'MyQueue');
Initializer
new Secret()
Properties
| Name | Type | Description |
|---|---|---|
| arn | string | The ARN of the secret. |
| has | boolean | Whether this secret uses a specific JSON field. |
arn
Type:
string
The ARN of the secret.
hasField?
Type:
boolean
(optional)
Whether this secret uses a specific JSON field.
Methods
| Name | Description |
|---|---|
| grant | Grants reading the secret to a principal. |
| static from | Creates a environment variable value from a secret stored in AWS Secrets Manager. |
| static from | Creates a environment variable value from a secret stored in AWS Secrets Manager. |
| static from | Creates an environment variable value from a parameter stored in AWS Systems Manager Parameter Store. |
grantRead(grantee)
public grantRead(grantee: IGrantable): Grant
Parameters
- grantee
IGrantable
Returns
Grants reading the secret to a principal.
static fromSecretsManager(secret, field?)
public static fromSecretsManager(secret: ISecret, field?: string): Secret
Parameters
- secret
ISecret— the secret stored in AWS Secrets Manager. - field
string— the name of the field with the value that you want to set as the environment variable value.
Returns
Creates a environment variable value from a secret stored in AWS Secrets Manager.
static fromSecretsManagerVersion(secret, versionInfo, field?)
public static fromSecretsManagerVersion(secret: ISecret, versionInfo: SecretVersionInfo, field?: string): Secret
Parameters
- secret
ISecret— the secret stored in AWS Secrets Manager. - versionInfo
Secret— the version information to reference the secret.Version Info - field
string— the name of the field with the value that you want to set as the environment variable value.
Returns
Creates a environment variable value from a secret stored in AWS Secrets Manager.
static fromSsmParameter(parameter)
public static fromSsmParameter(parameter: IParameter): Secret
Parameters
- parameter
IParameter
Returns
Creates an environment variable value from a parameter stored in AWS Systems Manager Parameter Store.