AWS CDK Failing on Retrieve Parameter Store Values

Question

I have a CDK Typescript project for deploying 3 services on AWS Fargate.
The cdk is going well but I ran into an issue with Parameter Store.
Some values such as the DB Host and Port, I am saving those to Parameter store when the database is created.
In order to use those values in my code, I need to retrieve them from Parameter store and set them as a Secret in my task definition.

However, when I run the following code

```
        const ssmParameter = ssm.StringParameter.fromStringParameterName(scope, `${environmentName}-${serviceConfig.serviceName}-${parameterStoreName}`, parameterStoreName);
        console.log("ssmParameter:", ssmParameter);

containerSecretsMap.set(parameterStoreKey, ecs.Secret.fromSsmParameter(ssmParameter));
```

I get this error on the ssm.StringParameter.fromStringParameterName section:

```
    ❌ Deployment failed: Error [ValidationError]: Unable to fetch parameters [/test/db_host,/test/db_portn] from parameter store for this account.
    at Request.extractError (/usr/local/Cellar/aws-cdk/2.140.0/libexec/lib/node_modules/aws-cdk/lib/index.js:387:46692)
    at Request.callListeners (/usr/local/Cellar/aws-cdk/2.140.0/libexec/lib/node_modules/aws-cdk/lib/index.js:387:91600)
    at Request.emit (/usr/local/Cellar/aws-cdk/2.140.0/libexec/lib/node_modules/aws-cdk/lib/index.js:387:91048)
    at Request.emit (/usr/local/Cellar/aws-cdk/2.140.0/libexec/lib/node_modules/aws-cdk/lib/index.js:387:199651)
    at Request.transition (/usr/local/Cellar/aws-cdk/2.140.0/libexec/lib/node_modules/aws-cdk/lib/index.js:387:193203)
    at AcceptorStateMachine.runTo (/usr/local/Cellar/aws-cdk/2.140.0/libexec/lib/node_modules/aws-cdk/lib/index.js:387:158075)
    at /usr/local/Cellar/aws-cdk/2.140.0/libexec/lib/node_modules/aws-cdk/lib/index.js:387:158405
    at Request. (/usr/local/Cellar/aws-cdk/2.140.0/libexec/lib/node_modules/aws-cdk/lib/index.js:387:193495)
    at Request. (/usr/local/Cellar/aws-cdk/2.140.0/libexec/lib/node_modules/aws-cdk/lib/index.js:387:199726)
    at Request.callListeners (/usr/local/Cellar/aws-cdk/2.140.0/libexec/lib/node_modules/aws-cdk/lib/index.js:387:91768) {
  code: 'ValidationError',
  time: 2024-05-09T23:33:21.166Z,
  requestId: '6afaa422-d023-4d5b-884f-f65494f56223',
  statusCode: 400,
  retryable: false,
```

Again, I want to add parameters to the parameter store when assets are created and then reference those in my Task definition for fargate.
This error appears when I run cdk deploy

Any assistance in solving this would be greatly appreciated.

Answer

Hello.

Judging from the documentation below, the code itself seems to be correct.  
https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs.Secret.html#static-fromwbrssmwbrparameterparameter

It may not be very relevant, but why not try passing the parameters directly as shown below?  
```
ecs.Secret.fromSsmParameter(ssm.StringParameter.fromStringParameterName(this, 'Parameter', parameterStoreName)
```

By the way, is it correct that DB passwords etc. are stored in Systems Manager Parameter Store rather than Secrets Manager?

AWS CDK Failing on Retrieve Parameter Store Values

관련 콘텐츠