DEV Community

AWS Community Builders profile image Yasuhiro Matsuda
Yasuhiro Matsuda for AWS Community Builders

Posted on • Edited on

TerraformでSecrets Managerに登録されたシークレット値をLambdaの環境変数に定義する

#terraform #lambda #secretsmanager #ecs

TerraformでECSのタスク定義における環境変数への設定はvalueFromを利用して実現できるが、Lambdaの環境変数に定義する方法が見当たらなかったので検証してみた。

resource "aws_ecs_task_definition" "keycloak" {
  container_definitions = jsonencode(
    [
      {
        secrets = [
          {
            name : "KeycloakSettings__AdminUser",
            valueFrom : "${var.secrets_manager_secret_arn}: KeycloakSettings__AdminUser::"
          }
        ...
        ]
      }
    ]
  )
}
Enter fullscreen mode Exit fullscreen mode

以下の通りExternal Data Sourceを利用することによって同じようなことが実現できる。

data "aws_secretsmanager_secret" "keycloak_env" {
  name = var.secrets_manager_secret_name
}

data "aws_secretsmanager_secret_version" "keycloak_env" {
  secret_id = data.aws_secretsmanager_secret.keycloak_env.id
}

data "external" "keycloak_env_secret_json" {
  program = ["echo", "${data.aws_secretsmanager_secret_version.keycloak_env.secret_string}"]
}

resource "aws_lambda_function" "keycloak" {
    environment {
    variables = {
      KeycloakSettings__AdminUser = "${data.external.keycloak_env_secret_json.result["KeycloakSettings__AdminUser"]}"
    }
  }
}
Enter fullscreen mode Exit fullscreen mode

Top comments (0)

Read next

pat6339 profile image

Best Practices for Managing Terraform State Files: A Complete Guide

Patrick Odhiambo -

emmamoinat profile image

Building Auth0 Actions in TypeScript

Emma Moinat -

rafaelherik profile image

Azure Verified Modules: Consolidated Standards for a Good IaC

Rafael Herik de Carvalho -

khanhtoandng profile image

Deploy Puppeteer and Chrome on AWS Lambda With Layers and AWS CDK

Toan Huynh -