0

Im using ECS with Fargate and trying to access my Secret Manager secrets, but when I spin up my task, they just arent there.

Since the secret is a list of secret variables, will it be evaluated as if it was a .env file? What I'm missing ?

Im trying this way:

Im my task definition container: (My secret name has a slash "/")

"secrets": [{
    "name": "ecs-fretegestao/main-api",
    "valueFrom": "arn:aws:secretsmanager:<my-region>:<my-acc>:secret:ecs-fretegestao/main-api-4qTFqP"
}]

My vpc and subnets have the secretsmanager endpoint:

com.amazonaws.us-east-1.secretsmanager

And my task execution role has access to everything.

Sasquatch
  • 87
  • 1
  • 2
  • 7

1 Answers1

1

Since the secret is a list of secret variables, will it be evaluated as if it was a .env file? What I'm missing ?

No, it won't be evaluated at all. It's unclear what you are expecting it to do here.

This: "name": "ecs-fretegestao/main-api", tells ECS to create an environment variable inside the container named ecs-fretegestao/main-api (it's really weird to have a / in an environment variable name by the way). That environment variable will have the value of the secret in it. The secret value will be whatever this ARN identifies: arn:aws:secretsmanager:<my-region>:<my-acc>:secret:ecs-fretegestao/main-api-4qTFqP. If that ARN identifies a list, then the environment variable will contain a list.

Mark B
  • 183,023
  • 24
  • 297
  • 295
  • Hey, you again! Thx for the answer. I figured that out. I thought the list would work as a .env file, but I do need to get the varaibles programatically, so Im using env file from s3 now. – Sasquatch Dec 06 '22 at 14:42