I've got simple app as AWS ECS. Now I want to integrate it with database (AWS RDS).
The problem is - I need to pass the RDS credentials to my docker image, eg. as environment variable in a secure way.
After some research, I found two ways:
- AWS Secrets Manager
- AWS System Manager Parameter Store
But... both of them are paid.
As a Free Tier User, for my simple app, I would rather not to pay for ONLY 'storing secrets'. So... Is there any other secure and recommended way to pass sensitive data to docker application hosted on ECS ?
System Manager Parameter Store requires 'Customer Managed Key' which also costs 1$/month.
This is not the case. This is only required if you want to use your own CMK. If not, then you can use default CMK provided by the AWS which is free:
SecureString data is encrypted and decrypted using a AWS Key Management Service (KMS) key. You can use either a default KMS key provided by AWS or create and use your own customer master key (CMK).
Also in the free tier, you have 20,000 api requests each month:
AWS Free Tier includes 20,000 free AWS Key Management Service requests each month.