Dak*_*ksh 7 amazon-web-services amazon-ecs aws-fargate aws-secrets-manager aws-cdk
我使用 TypeScript 定义了一个 CDK 应用程序堆栈(敏感信息在下面的代码中重新排列):
\nimport * as cdk from "@aws-cdk/core";\nimport * as ec2 from "@aws-cdk/aws-ec2";\nimport * as ecs from "@aws-cdk/aws-ecs";\nimport * as ecr from "@aws-cdk/aws-ecr";\nimport * as ecr_assets from "@aws-cdk/aws-ecr-assets";\nimport * as ecs_patterns from "@aws-cdk/aws-ecs-patterns";\nimport * as sm from "@aws-cdk/aws-secretsmanager";\n\nexport class CdkAppStack extends cdk.Stack {\n constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {\n super(scope, id, props);\n\n // Create a Docker image and upload it to the Amazon Elastic Container Registry (ECR)\n const dockerImage = new ecr_assets.DockerImageAsset(this, "ApiDockerImage", {\n directory: "/home/ec2-user/environment/node-test"\n });\n\n // Create a new VPC and NAT Gateway\n const vpc = new ec2.Vpc(this, "ApiVpc", {\n maxAzs: 3 // Default is all AZs in region\n });\n\n // Create a new Amazon Elastic Container Service (ECS) cluster\n const cluster = new ecs.Cluster(this, "ApiCluster", {\n vpc: vpc\n });\n\n // Create a load-balanced Fargate service and make it public\n new ecs_patterns.ApplicationLoadBalancedFargateService(this, "ApiFargateService", {\n cluster: cluster, // Required\n cpu: 512, // Default is 256\n desiredCount: 2, // Default is 1\n taskImageOptions: {\n image: ecs.ContainerImage.fromDockerImageAsset(dockerImage),\n containerPort: 8080,\n enableLogging: true,\n secrets: sm.Secret.fromSecretCompleteArn(this, "ImportedSecret", "arn:aws:secretsmanager:ap-south-1:762589711820:secret:/api/production/FrOibp")\n },\n memoryLimitMiB: 2048, // Default is 512\n publicLoadBalancer: true // Default is false\n });\n }\n}\n如果我从中删除密钥,则部署cdk deploy会成功,但在尝试部署时会收到此错误:secretstaskImageOptionssecrets
ec2-user:~/environment/cdk-app (master) $ cdk deploy\n\xe2\xa8\xaf Unable to compile TypeScript:\nlib/cdk-app-stack.ts:42:9 - error TS2322: Type \'ISecret\' is not assignable to type \'{ [key: string]: Secret; }\'.\n Index signature is missing in type \'ISecret\'.\n\n42 secrets: secret\n ~~~~~~~\n\nSubprocess exited with error 1\n我在尝试使用 Secrets Manager 中的机密时犯了一些错误。在 a 中引用秘密的正确方法是什么ApplicationLoadBalancedFargateService?
小智 11
这里有两个问题:
secrets是索引签名类型。因此,您应该命名您的秘密(这是将在容器中公开的环境变量)ecs.Secret是预期的(您可以从 an 创建它sm.Secret)这是一个工作版本:
new ecs_patterns.ApplicationLoadBalancedFargateService(this, "ApiFargateService", {
cluster: cluster, // Required
cpu: 512, // Default is 256
desiredCount: 2, // Default is 1
taskImageOptions: {
image: ecs.ContainerImage.fromDockerImageAsset(dockerImage),
containerPort: 8080,
enableLogging: true,
secrets: {
"MY_SECRET": ecs.Secret.fromSecretsManager( sm.Secret.fromSecretCompleteArn(this, "ImportedSecret", "arn:aws:secretsmanager:ap-south-1:762589711820:secret:/api/production/FrOibp"))
}
},
memoryLimitMiB: 2048, // Default is 512
publicLoadBalancer: true // Default is false
});
| 归档时间: |
|
| 查看次数: |
7367 次 |
| 最近记录: |