How to inject value from AWS parameter store through CloudFormation in ECS ContainerDefinitions
I'm creating a cloud formation code to build ECS cluster. Where I need to fetch some values from AWS parameter store. I don't find any example code sample for the same. Look like 'ValueFrom' in cloudFormation don't support!!
Can anyone confirm?
Following I'm trying to use:
ContainerDefinitions:
- Name: !Ref ServiceName
Image: !Ref Image
PortMappings:
- ContainerPort: !Ref ContainerPort
Environment:
- Name: DB_HOST
Value: arn:aws:ssm:us-east-2:111111111111:parameter/dev/rds/DB_HOST
- Name: DB_PASSWORD
Value: arn:aws:ssm:us-east-2:111111111111:parameter/dev/rds/DB_PASSWORD
- Name: DB_PORT
Value: 5432
In the above case, CloudFormation codes executed without error but it's treated DB_HOST and DB_PASSWORD as simple/direct text don't take form parameter store, check the screenshot highlighted:
So it only works for DB_PORT and doesn't work for DB_HOST and DB_PASSWORD until I manually change 'value' (highlighted in the screenshot) to 'valueFrom' like below picture:
Basically I'd like to use 'valueFrom' option through CloudFormation !!
I also tried:
Environment:
- Name: DB_HOST
ValueFrom: arn:aws:ssm:us-east-2:111111111111:parameter/dev/rds/DB_HOST
But it's not supported by cloud formation and through error !!
You shoudn't be using Environment for that. Instead there is dedicated section called Secrets.
Using this section you can pass your secrets to the containers. For example:
Secrets:
- Name: DB_HOST
ValueFrom: arn:aws:ssm:us-east-2:111111111111:parameter/dev/rds/DB_HOST