I'm trying to automate the Cloudformation deployment of our fargate instances. I have cloudformation deploying successfully if i hard the environment variables entries but if i try to add as parameters, type string, it complains about it not being a string.
here is the parameter
"EnvVariables": { "Description": "All environment Variables for Docker to run", "Type": "String" },
In my task definition i have the following settings for the Container Definition
"Environment": [
{
"Name": "JAVA_OPTS",
"Value": "-Djdbc.url=jdbc:dbdriver://xxxx.eu-west-1.rds.amazonaws.com:xxxx/xxxxxxxxx -Djdbc.user=xxxxx -Djdbc.password=xxxxx"
}
]
If i enter the following into the parameter field via the gui
"-Djdbc.url=jdbc:dbdriver://xxxx.eu-west-1.rds.amazonaws.com:xxxx/xxxxxxxxx -Djdbc.user=xxxxx -Djdbc.password=xxxxx"
it complains about it not being a string.
How do i edit this to be accepted as a parameter?
Using the task definition (portal or JSON) you can define "secrets"
inside the "containerDefinitions"
section which will be retrieved from secrets manager.
Note: At the time of writing, Fargate only supports secrets that are a single value, not the JSON or key value secrets. So choose OTHER when creating the secret and just put a single text value there.
{
"ipcMode": null,
"executionRoleArn": "arn:aws:iam::##:role/roleName",
"containerDefinitions": [
{
...
"secrets": [{
"name": "SomeEnvVariable",
"valueFrom": "arn:aws:secretsmanager:region:###:secret:service/secretname"
}],
...
}
],
"requiresCompatibilities": [
"FARGATE"
],
"networkMode": "awsvpc",
...
}
Note: that execution role defined in the task needs a policy attached such as SecretsManagerReadWrite