DomainlessCredentialSpec
- class aws_cdk.aws_ecs.DomainlessCredentialSpec(file_location)
Bases:
CredentialSpecCredential specification for domainless gMSA.
- ExampleMetadata:
infused
Example:
# Make sure the task definition's execution role has permissions to read from the S3 bucket or SSM parameter where the CredSpec file is stored. # bucket: s3.Bucket # task_definition: ecs.TaskDefinition # Domainless gMSA container from a S3 bucket object. task_definition.add_container("gmsa-domainless-container", image=ecs.ContainerImage.from_registry("amazon/amazon-ecs-sample"), cpu=128, memory_limit_mi_b=256, credential_specs=[ecs.DomainlessCredentialSpec.from_s3_bucket(bucket, "credSpec")] )
- Parameters:
file_location (
str) – Location or ARN from where to retrieve the CredSpec file.
Methods
- bind()
Called when the container is initialized to allow this object to bind to the stack.
- Return type:
Attributes
- file_location
Location or ARN from where to retrieve the CredSpec file.
- prefix_id
Prefix string based on the type of CredSpec.
Static Methods
- classmethod arn_for_s3_object(bucket, key)
Helper method to generate the ARN for a S3 object.
Used to avoid duplication of logic in derived classes.
- Parameters:
bucket (
IBucket) –key (
str) –
- Return type:
str
- classmethod arn_for_ssm_parameter(parameter)
Helper method to generate the ARN for a SSM parameter.
Used to avoid duplication of logic in derived classes.
- Parameters:
parameter (
IParameter) –- Return type:
str
- classmethod from_s3_bucket(bucket, key)
Loads the CredSpec from a S3 bucket object.
- Parameters:
bucket (
IBucket) – The S3 bucket.key (
str) – The object key.
- Return type:
- Returns:
CredSpec with it’s locations set to the S3 object’s ARN.
- classmethod from_ssm_parameter(parameter)
Loads the CredSpec from a SSM parameter.
- Parameters:
parameter (
IParameter) – The SSM parameter.- Return type:
- Returns:
CredSpec with it’s locations set to the SSM parameter’s ARN.