DEV Community

Shuichi
Shuichi

Posted on

Using Secrets Manager or SSM Parameters by both ECS and local machine

Goal

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html

Amazon ECS enables you to inject sensitive data into your containers by storing your sensitive data in either AWS Secrets Manager secrets or AWS Systems Manager Parameter Store parameters and then referencing them in your container definition. This feature is supported by tasks using both the EC2 and Fargate launch types.

It is useful to inject parameters into containers on ECS.
I also want to use this method for containers on a local machine too.
Because I am often running containers on a local machine when debugging.

How to

Example

Inject parameter named ServiceSettings Into a container on a local machine from Secret Manager or SSM Parameter Store.

Precondition

AWS CLI is installed.

Shell

When using Secret Manager.

setting=`aws secretsmanager get-secret-value --secret-id ServiceSetting --output text --query 'SecretString'`

docker run -it \
    -e  SERVICE_SETTING=$setting \
  ...
Enter fullscreen mode Exit fullscreen mode

The point is to use the "--output text" option.

When using SSM Parameter Store

setting=`aws ssm get-parameter --name ServiceSetting --with-decryption --output text --query Parameter.Value | tr -d ' \n'`

docker run -it \
    -e  SERVICE_SETTING=$setting \
  ...
Enter fullscreen mode Exit fullscreen mode

The point is to use the "tr" to delete spaces and newlines.
And use the "--with-decryption" option when parameters are encrypted.

Result

ECS and a local machine no longer need to change the way environment variables are captured in the application code.

Discussion (0)