ECS with secrets manager to environment variables

Question

I need to put in a ECS container some secrets manager. I'd like to you share me some code in terrafrom or a little explanation about how to do it on AWS console.

This is my code to make my secret manager.

resource "aws_secretsmanager_secret" "my_secret" {
  name = "ecs-auth-secret"
  description = ""
}

resource "aws_secretsmanager_secret_version" "my_secret_version" {
  secret_id     = aws_secretsmanager_secret.my_secret.id
  secret_string = jsonencode({
    "DB_DIALECT"            : "postgres",
  })
}

resource "aws_secretsmanager_secret_policy" "secret_access_policy" {
  secret_arn = aws_secretsmanager_secret.my_secret.arn

  policy = jsonencode({
    "Version": "2012-10-17",
    "Statement": [
      {
        "Sid": "AllowAccessToSecret",
        "Effect": "Allow",
        "Principal": {
          "AWS": "arn:myrole"
        }
        "Action": [
          "secretsmanager:GetSecretValue",
          "secretsmanager:ListSecrets"
        ],
        "Resource": "*"
      }
    ]
  })
}

I'm trying to do one link between ECS container and once secrets manager.

Answer 1

I could do it. The problem was into how I wrote every variable in ECS container. I just put complete arn and I should must put complete arn + :VAR_NAME::.

{
  "containerDefinitions": [{
    "secrets": [{
      "name": "environment_variable_name",
      "valueFrom": "arn:aws:secretsmanager:region:aws_account_id:secret:appauthexample-AbCdEf:VAR_NAME::"
    }]
  }]
}