MEM*_*ark 9 amazon-web-services aws-secrets-manager aws-cdk
我正在使用 CDK 在 AWS 中设置 Fargate 服务
const albFargateService = new ecs_patterns.ApplicationLoadBalancedFargateService(
this,
'FargateService',
{
vpc: ...,
taskImageOptions: {
image: ...,
containerPort: ...,
secrets: {
MY_ENV_VAR: Secret.fromSecretsManager(
**ISecret**,
'fieldWithinTheSecret'
),
}
}
}
)
给定秘密名称,我该如何获取ISecret实例?
我已经查看了AWS.SecretsManagerAWS SDK,但它只返回字符串。
Abi*_*ash 11
CDK 版本 2 的更新版本您可以使用以下任一方式引用机密并使用
以下代码片段Secret.fromSecretNameV2()检索特定的机密值Secret.secretValueFromJson('keyname').toString();
const appSecret = Secret.fromSecretNameV2(this,'app-secret',"secret-name");
const value1 = appSecret.secretValueFromJson('KeyName1').toString();
const value2 = appSecret.secretValueFromJson('KeyName2').toString();
最好的是,您可以在任何地方(例如 Cognito Secrets)使用此秘密值,并且它不会在云形成堆栈中对秘密值进行硬编码。相反,它将使用令牌,并在部署时将其解析为值。
Currently there is no Secret.fromSecretName-method. Assuming that you are using an existing secret, you should use the Secret.fromSecretArn-method.
Note that if you use a KMS key, you should use the Secret.fromSecretAttributes-method as described at Get a value from AWS secrets manager.
import * as ecs from "@aws-cdk/aws-ecs";
import * as ecs_patterns from "@aws-cdk/aws-ecs-patterns";
import * as secretsmanager from "@aws-cdk/aws-secretsmanager";
const mySecret = secretsmanager.Secret.fromSecretArn(this, "mySecret", "arn:aws:secretsmanager:<region>:<account-id-number>:secret:<secret-name>-<random-6-characters>");
const albFargateService = new ecs_patterns.ApplicationLoadBalancedFargateService(
this,
'FargateService',
{
vpc: ...,
taskImageOptions: {
image: ...,
containerPort: ...,
secrets: {
MY_ENV_VAR: ecs.Secret.fromSecretsManager(mySecret),
}
}
}
);
| 归档时间: |
|
| 查看次数: |
21779 次 |
| 最近记录: |