1

So I am using ghcr as my container registry and having some images there. Trying to deploying those image using aws ecs and task definitions through terraform. In task definition, I have specified the image url and repository credentials. To access my image, I need to provide my ghcr username and token. I have stored my ghcr username and token as json object, in aws secret manager and aws ssm paraters as well.

{username: xxx,password: xxx}

If I use aws secret manager key arn as credentialsParameter, it works. If I use aws ssm parameter arn there, it is giving error. How to use ssm parameter which has text as above json object in credentialsParameter ? Is there is anyway or workaround to do that ? or I should use only secret manager key arn.

jagguk
  • 11
  • 4
  • Interestingly, the [AWS documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-repositorycredentials.html) only mentions "secret" for this field, while the [Terraform documentation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition) mentions both "secret" and "systems manager parameter". Can you provide the full error message you're getting? – Jordan Jul 21 '21 at 00:26
  • When I use ssm parameter arn, this is the error I get Error: ClientException: The repository credentials parameter specified for container 'xxxxx' is invalid. Parameter names can include up to 255 (uppercase and lowercase), numbers, hyphens, and underscores are allowed. Spaces are not allowed. – jagguk Jul 21 '21 at 06:13
  • 1
    Interesting. I would say to try using the parameter name instead of its ARN, but that wouldn't work for most cases either since the parameter name usually has `/` in it since it's like a path, and that error message suggests `/` wouldn't be allowed. You might want to open an issue on the [Terraform AWS provider GitHub](https://github.com/hashicorp/terraform-provider-aws/issues/new?assignees=&labels=&template=Bug_Report.md). Alternatively, if you have an AWS support plan, give them the request ID to check for the specific issue. – Jordan Jul 21 '21 at 19:31

0 Answers0