undefined Secrets Manager Environment Variable in Fargate
0
In my container definition I am accessing a secret like so:
"secrets": [
{
"name": "APIKEY",
"valueFrom": "arn:aws:secretsmanager:us-east-1:<ACCOUNTID>:secret:APIKEY-5r1eWz"
},
]
I've verified the ARN of the secret is correct. I've verified there is a value for the secret. I've verified the Task Execution Role has access to read the secret:
{
"Action": "secretsmanager:GetSecretValue",
"Effect": "Allow",
"Resource": "arn:aws:secretsmanager:*:*:secret:*",
}
However, when I log the value in the container via console.log(process.env.APIKEY) I receive undefined. I'm baffled.
已提問 9 個月前檢視次數 250 次
1 個回答
- 最新
- 最多得票
- 最多評論
1
Did you try to add GetSecretValue permission to execution role in one of the following ways:
{
"Action": "secretsmanager:GetSecretValue",
"Effect": "Allow",
"Resource": "arn:aws:secretsmanager:Region:AccountId:secret:APIKEY-??????",
}
Or
{
"Action": "secretsmanager:GetSecretValue",
"Effect": "Allow",
"Resource": "arn:aws:secretsmanager:Region:AccountId:secret:APIKEY/*",
}
Or
{
"Action": "secretsmanager:GetSecretValue",
"Effect": "Allow",
"Resource": "*",
}
Please do not put '*' for region and account id in resource value.
Comment here how it goes.
Happy to assist further.
Abhishek
相關內容
AWS 官方已更新 1 年前- AWS 官方已更新 2 年前
- AWS 官方已更新 2 年前
- AWS 官方已更新 3 年前
Did you get a chance to try this out, comment here if you have any questions further. Would be glad to help.
I tried:
And the secret is still logging as
undefinedwhen logging the secret from the container.I just setup ECS Exec and got into a running container. When I
printenvI see the variable as it should be. It appears that something changed in my application code to cause this issue. Thank you for the help and I'll accept the answer which is useful and provides best practices.