Shuichi
Posted on February 5, 2020
Goal
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html
Amazon ECS enables you to inject sensitive data into your containers by storing your sensitive data in either AWS Secrets Manager secrets or AWS Systems Manager Parameter Store parameters and then referencing them in your container definition. This feature is supported by tasks using both the EC2 and Fargate launch types.
It is useful to inject parameters into containers on ECS.
I also want to use this method for containers on a local machine too.
Because I am often running containers on a local machine when debugging.
How to
Example
Inject parameter named ServiceSettings Into a container on a local machine from Secret Manager or SSM Parameter Store.
Precondition
AWS CLI is installed.
Shell
When using Secret Manager.
setting=`aws secretsmanager get-secret-value --secret-id ServiceSetting --output text --query 'SecretString'`
docker run -it \
-e SERVICE_SETTING=$setting \
...
The point is to use the "--output text" option.
When using SSM Parameter Store
setting=`aws ssm get-parameter --name ServiceSetting --with-decryption --output text --query Parameter.Value | tr -d ' \n'`
docker run -it \
-e SERVICE_SETTING=$setting \
...
The point is to use the "tr" to delete spaces and newlines.
And use the "--with-decryption" option when parameters are encrypted.
Result
ECS and a local machine no longer need to change the way environment variables are captured in the application code.
Posted on February 5, 2020
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.