I am trying to load a task definition to AWS ECS. I have played around with AWS Secrets Manager and that seems to be working without any issues providing the right ARNs, however it looks like AWS Systems Manager Parameter Store is struggling.
Here are the IAM policies associated with the ECS task execution role:
"Action": [
"ssm:GetParameter",
"secretsmanager:GetSecretValue",
"kms:Decrypt",
],
and here is the resource:
{
"Name": "/dev/db/host",
"Type": "String",
"LastModifiedDate": "...",
"LastModifiedUser": "...",
"Version": 2,
"Tier": "Standard",
"Policies": [],
"DataType": "text"
},
"secrets": [
{
"name": "DB_HOST",
"valueFrom": "aws:ssm:eu-west-1:1234567890:parameter/dev/db/host"
},
...
]
the ECS service returns the very vague validation error:
An error occurred (ClientException) when calling the RegisterTaskDefinition operation: The Systems Manager parameter name specified for secret DB_HOST is invalid. The parameter name can be up to 2048 characters and include the following letters and symbols: a-zA-Z0-9_.-,
the JSON file is valid. I am not sure what I am missing here.
Thanks for the answers, Peter.
You are missing arn: prefix from the valueFrom value, please use: "valueFrom": "arn:aws:ssm:eu-west-1:1234567890:parameter/dev/db/host".
I hope this will help.