EnvironmentFile
- class aws_cdk.aws_ecs.EnvironmentFile
Bases:
object
Constructs for types of environment files.
- ExampleMetadata:
infused
Example:
# secret: secretsmanager.Secret # db_secret: secretsmanager.Secret # parameter: ssm.StringParameter # task_definition: ecs.TaskDefinition # s3_bucket: s3.Bucket new_container = task_definition.add_container("container", image=ecs.ContainerImage.from_registry("amazon/amazon-ecs-sample"), memory_limit_mi_b=1024, environment={ # clear text, not for sensitive data "STAGE": "prod"}, environment_files=[ # list of environment files hosted either on local disk or S3 ecs.EnvironmentFile.from_asset("./demo-env-file.env"), ecs.EnvironmentFile.from_bucket(s3_bucket, "assets/demo-env-file.env")], secrets={ # Retrieved from AWS Secrets Manager or AWS Systems Manager Parameter Store at container start-up. "SECRET": ecs.Secret.from_secrets_manager(secret), "DB_PASSWORD": ecs.Secret.from_secrets_manager(db_secret, "password"), # Reference a specific JSON field, (requires platform version 1.4.0 or later for Fargate tasks) "API_KEY": ecs.Secret.from_secrets_manager_version(secret, ecs.SecretVersionInfo(version_id="12345"), "apiKey"), # Reference a specific version of the secret by its version id or version stage (requires platform version 1.4.0 or later for Fargate tasks) "PARAMETER": ecs.Secret.from_ssm_parameter(parameter)} ) new_container.add_environment("QUEUE_NAME", "MyQueue") new_container.add_secret("API_KEY", ecs.Secret.from_secrets_manager(secret)) new_container.add_secret("DB_PASSWORD", ecs.Secret.from_secrets_manager(secret, "password"))
Methods
- abstract bind(scope)
Called when the container is initialized to allow this object to bind to the stack.
- Parameters:
scope (
Construct
) – The binding scope.- Return type:
Static Methods
- classmethod from_asset(path, *, deploy_time=None, readers=None, source_kms_key=None, asset_hash=None, asset_hash_type=None, bundling=None, exclude=None, follow_symlinks=None, ignore_mode=None)
Loads the environment file from a local disk path.
- Parameters:
path (
str
) – Local disk path.deploy_time (
Optional
[bool
]) – Whether or not the asset needs to exist beyond deployment time; i.e. are copied over to a different location and not needed afterwards. Setting this property to true has an impact on the lifecycle of the asset, because we will assume that it is safe to delete after the CloudFormation deployment succeeds. For example, Lambda Function assets are copied over to Lambda during deployment. Therefore, it is not necessary to store the asset in S3, so we consider those deployTime assets. Default: falsereaders (
Optional
[Sequence
[IGrantable
]]) – A list of principals that should be able to read this asset from S3. You can useasset.grantRead(principal)
to grant read permissions later. Default: - No principals that can read file asset.source_kms_key (
Optional
[IKey
]) – The ARN of the KMS key used to encrypt the handler code. Default: - the default server-side encryption with Amazon S3 managed keys(SSE-S3) key will be used.asset_hash (
Optional
[str
]) – Specify a custom hash for this asset. IfassetHashType
is set it must be set toAssetHashType.CUSTOM
. For consistency, this custom hash will be SHA256 hashed and encoded as hex. The resulting hash will be the asset hash. NOTE: the hash is used in order to identify a specific revision of the asset, and used for optimizing and caching deployment activities related to this asset such as packaging, uploading to Amazon S3, etc. If you chose to customize the hash, you will need to make sure it is updated every time the asset changes, or otherwise it is possible that some deployments will not be invalidated. Default: - based onassetHashType
asset_hash_type (
Optional
[AssetHashType
]) – Specifies the type of hash to calculate for this asset. IfassetHash
is configured, this option must beundefined
orAssetHashType.CUSTOM
. Default: - the default isAssetHashType.SOURCE
, but ifassetHash
is explicitly specified this value defaults toAssetHashType.CUSTOM
.bundling (
Union
[BundlingOptions
,Dict
[str
,Any
],None
]) – Bundle the asset by executing a command in a Docker container or a custom bundling provider. The asset path will be mounted at/asset-input
. The Docker container is responsible for putting content at/asset-output
. The content at/asset-output
will be zipped and used as the final asset. Default: - uploaded as-is to S3 if the asset is a regular file or a .zip file, archived into a .zip file and uploaded to S3 otherwiseexclude (
Optional
[Sequence
[str
]]) – File paths matching the patterns will be excluded. SeeignoreMode
to set the matching behavior. Has no effect on Assets bundled using thebundling
property. Default: - nothing is excludedfollow_symlinks (
Optional
[SymlinkFollowMode
]) – A strategy for how to handle symlinks. Default: SymlinkFollowMode.NEVERignore_mode (
Optional
[IgnoreMode
]) – The ignore behavior to use forexclude
patterns. Default: IgnoreMode.GLOB
- Return type:
- classmethod from_bucket(bucket, key, object_version=None)
Loads the environment file from an S3 bucket.
- Parameters:
bucket (
IBucket
) – The S3 bucket.key (
str
) – The object key.object_version (
Optional
[str
]) – Optional S3 object version.
- Return type:
- Returns:
S3EnvironmentFile
associated with the specified S3 object.