By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS CDK Failing on Retrieve Parameter Store Values

0

I have a CDK Typescript project for deploying 3 services on AWS Fargate. The cdk is going well but I ran into an issue with Parameter Store. Some values such as the DB Host and Port, I am saving those to Parameter store when the database is created. In order to use those values in my code, I need to retrieve them from Parameter store and set them as a Secret in my task definition.

However, when I run the following code

        const ssmParameter = ssm.StringParameter.fromStringParameterName(scope, `${environmentName}-${serviceConfig.serviceName}-${parameterStoreName}`, parameterStoreName);
        console.log("ssmParameter:", ssmParameter);

        containerSecretsMap.set(parameterStoreKey, ecs.Secret.fromSsmParameter(ssmParameter));

I get this error on the ssm.StringParameter.fromStringParameterName section:

    ❌ Deployment failed: Error [ValidationError]: Unable to fetch parameters [/test/db_host,/test/db_portn] from parameter store for this account.
    at Request.extractError (/usr/local/Cellar/aws-cdk/2.140.0/libexec/lib/node_modules/aws-cdk/lib/index.js:387:46692)
    at Request.callListeners (/usr/local/Cellar/aws-cdk/2.140.0/libexec/lib/node_modules/aws-cdk/lib/index.js:387:91600)
    at Request.emit (/usr/local/Cellar/aws-cdk/2.140.0/libexec/lib/node_modules/aws-cdk/lib/index.js:387:91048)
    at Request.emit (/usr/local/Cellar/aws-cdk/2.140.0/libexec/lib/node_modules/aws-cdk/lib/index.js:387:199651)
    at Request.transition (/usr/local/Cellar/aws-cdk/2.140.0/libexec/lib/node_modules/aws-cdk/lib/index.js:387:193203)
    at AcceptorStateMachine.runTo (/usr/local/Cellar/aws-cdk/2.140.0/libexec/lib/node_modules/aws-cdk/lib/index.js:387:158075)
    at /usr/local/Cellar/aws-cdk/2.140.0/libexec/lib/node_modules/aws-cdk/lib/index.js:387:158405
    at Request.<anonymous> (/usr/local/Cellar/aws-cdk/2.140.0/libexec/lib/node_modules/aws-cdk/lib/index.js:387:193495)
    at Request.<anonymous> (/usr/local/Cellar/aws-cdk/2.140.0/libexec/lib/node_modules/aws-cdk/lib/index.js:387:199726)
    at Request.callListeners (/usr/local/Cellar/aws-cdk/2.140.0/libexec/lib/node_modules/aws-cdk/lib/index.js:387:91768) {
  code: 'ValidationError',
  time: 2024-05-09T23:33:21.166Z,
  requestId: '6afaa422-d023-4d5b-884f-f65494f56223',
  statusCode: 400,
  retryable: false,

Again, I want to add parameters to the parameter store when assets are created and then reference those in my Task definition for fargate. This error appears when I run cdk deploy

Any assistance in solving this would be greatly appreciated.

Topics
ServerlessContainersInfrastructure as CodeManagement & GovernanceAWS Cloud Development Kit (CDK)
Tags
AWS FargateInfrastructure as CodeParameter StoreAWS Cloud Development Kit (CDK)
Language
English
Damien Gallagher
asked 17 days ago194 views
1 Answer
0

Hello.

Judging from the documentation below, the code itself seems to be correct.
https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs.Secret.html#static-fromwbrssmwbrparameterparameter

It may not be very relevant, but why not try passing the parameters directly as shown below?

ecs.Secret.fromSsmParameter(ssm.StringParameter.fromStringParameterName(this, 'Parameter', parameterStoreName)

By the way, is it correct that DB passwords etc. are stored in Systems Manager Parameter Store rather than Secrets Manager?

profile picture
EXPERT
Riku_Kobayashi
answered 17 days ago
profile picture
EXPERT
Osvaldo Marte
reviewed 3 days ago
  • Damien Gallagher
    15 days ago

    Hi Riku - I tried this and unfortunately the same outcome. I am storing the DB credentials such as username and password in Secrets Manager but appreciate the call out

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content