stackoom
  简体   繁体   中英

aws fargate adding a parameter for environment variables

 原文  2018-08-02 14:08:46       amazon-web-services/ amazon-cloudformation/ amazon-ecs

Question

I'm trying to automate the Cloudformation deployment of our fargate instances. I have cloudformation deploying successfully if i hard the environment variables entries but if i try to add as parameters, type string, it complains about it not being a string.

here is the parameter

"EnvVariables": { "Description": "All environment Variables for Docker to run", "Type": "String" },

In my task definition i have the following settings for the Container Definition

     "Environment": [
      {
        "Name": "JAVA_OPTS",
        "Value": "-Djdbc.url=jdbc:dbdriver://xxxx.eu-west-1.rds.amazonaws.com:xxxx/xxxxxxxxx -Djdbc.user=xxxxx -Djdbc.password=xxxxx" 
      }
    ]

If i enter the following into the parameter field via the gui

"-Djdbc.url=jdbc:dbdriver://xxxx.eu-west-1.rds.amazonaws.com:xxxx/xxxxxxxxx -Djdbc.user=xxxxx -Djdbc.password=xxxxx"

it complains about it not being a string.

How do i edit this to be accepted as a parameter?

3 answers

solution1
 5 ACCPTED  2020-05-13 01:06:32

Using the task definition (portal or JSON) you can define "secrets" inside the "containerDefinitions" section which will be retrieved from secrets manager.

Note: At the time of writing, Fargate only supports secrets that are a single value, not the JSON or key value secrets. So choose OTHER when creating the secret and just put a single text value there.

{ 
    "ipcMode": null,
    "executionRoleArn": "arn:aws:iam::##:role/roleName",
    "containerDefinitions": [
      {
         ...
        "secrets": [{
          "name": "SomeEnvVariable",
          "valueFrom": "arn:aws:secretsmanager:region:###:secret:service/secretname"
        }],
        ...
     }
    ],
    "requiresCompatibilities": [
      "FARGATE"
    ],
    "networkMode": "awsvpc",
    ...
}

Note: that execution role defined in the task needs a policy attached such as SecretsManagerReadWrite

More info in docs

solution2
 0  2018-08-06 11:04:47

I don't think you can inject dynamic environment variables. Even if it's possible, please refrain from putting password in clear text.

What I did is to store the values in secured SSM param. Then, java code can fetch values and initialise accordingly.

solution3
 0  2018-08-20 14:41:51

I got around this by using a Jinja2 Python template script and inserted the env variables using

"Environment": [
    {% for environment in td.envVariables %}
    {
      "Name": "{{environment.name}}",
      "Value": "{{environment.value}}"
    },
    {% endfor %}

This then enabled an array of env variables to be applied. The script cannot be applied directly as a cloudformation script but instead needs to be included within another shell/python script.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How do I change Grafana docker container environment variables on AWS Fargate to use a mysql database How to avoid using AWS S3 environment variables when running an R script on Fargate AWS CodeBuild cannot print parameter store environment variables Adding environment variables to imagedefinitions.json file in AWS CodeBuild AWS - Fargate - Adding EFS to Container - From AWS Console Does AWS Fargate only scale through adding AWS auto scaling to it? AWS ECS environment variables Can't define 'FARGATE' AWS Batch compute environment from CDK How to store GOOGLE_APPLICATION_CREDENTIALS in an AWS ECS environment on Fargate? Next JS serverless deployment on AWS ECS/Fargate: environment variable issue
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM