AWS cdk Fargate task definition with python - how to use add_container(secrets=[Mapping[str, Secret]])?

Question

I'm writing AWS Fargate task definition in python as in https://docs.aws.amazon.com/cdk/api/latest/python/aws_cdk.aws_ecs/FargateTaskDefinition.html?highlight=fargatetaskdefinition

I'd like to add database secrets to Fargate, but I got confused on the secrets (Optional[Mapping[str, Secret]]) as it's not clear how the secrets should be passed to this parameter. I tried using dictionary but got jsii.errors.JSIIError: Expected object reference.

Has anyone used this, and could tell me how the 'Mapping' works?

Thanks!

score 0 · Answer 1 · answered Mar 31 '21 at 16:25

Just ran into this problem and figured out what it was looking for. It wants a dictionary format with the name of the environment variable(a.k.a. name of the secret) as the key(str) and an IParameter as the value(Secret).

# Create Task definition
task_def = _ecs.FargateTaskDefinition(
    self, 
    "task definition", 
    cpu=256, 
    memory_limit_mib=1024
    )

# Create StringParameter
parameter = _ssm.StringParameter.from_secure_string_parameter_attributes(
    self, 
    id="blah", 
    version=1, 
    parameter_name="/Fully/Qualified/Name"
    )
    
secret_object = _ecs.Secret.from_ssm_parameter(parameter)
container = task_def.add_container(
    "container",                  
    image=_ecs.ContainerImage.from_ecr_repository(repo, "latest-test"),                                       
    secrets={
        "var name": secret_object,
        ...
    }                    
)

Relavent documentation links: [StringParameter][1] [ECS Secret][2]

[1]: https://docs.aws.amazon.com/cdk/api/latest/python/aws_cdk.aws_ssm/StringParameter.html [2]: https://docs.aws.amazon.com/cdk/api/latest/python/aws_cdk.aws_ecs/Secret.htm

AWS cdk Fargate task definition with python - how to use add_container(secrets=[Mapping[str, Secret]])?

1 Answers1