I am trying to pass in SSL certificate to AWS SSM parameter store the SSL certificate is password protected as well
my question is how do i retrieve this as a certificate file inside the containers in ECS? I do know how to use SSM parameter store to store secret environment variables BUT how do i use it to create a secret file to a location on containers? We have a string and a file here, how does SSM manage files?
Thanks
I'm not aware of a way to create a file from SSM, but I expect your ENTRYPOINT in the Docker container could handle this logic
Task Definition Snippet
{
"containerDefinitions": [{
"secrets": [{
"name": "MY_SSM_CERT_FILE",
"valueFrom": "arn:aws:secretsmanager:region:aws_account_id:secret:MY_SSM_CERT_FILE"
},
{
"name": "MY_SSM_CERT_FILE_LOCATION",
"valueFrom": "arn:aws:secretsmanager:region:aws_account_id:secret:MY_SSM_CERT_FILE_LOCATION"
}]
}]
}
entrypoint.sh
echo "$MY_SSM_CERT_FILE" >> $MY_SSM_CERT_FILE_LOCATION
// Run rest of the logic for application
Dockerfile
FROM ubuntu:16.04
COPY ./entrypoint.sh .entrypoint.sh
ENTRYPOINT ["./entrypoint.sh"]