aws-cdk-lib.aws_ecs.SecretVersionInfo

interface SecretVersionInfo

LanguageType name
.NETAmazon.CDK.AWS.ECS.SecretVersionInfo
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsecs#SecretVersionInfo
Javasoftware.amazon.awscdk.services.ecs.SecretVersionInfo
Pythonaws_cdk.aws_ecs.SecretVersionInfo
TypeScript (source)aws-cdk-lib » aws_ecs » SecretVersionInfo

Specify the secret's version id or version stage.

Example

declare const secret: secretsmanager.Secret;
declare const dbSecret: secretsmanager.Secret;
declare const parameter: ssm.StringParameter;
declare const taskDefinition: ecs.TaskDefinition;
declare const s3Bucket: s3.Bucket;

const newContainer = taskDefinition.addContainer('container', {
  image: ecs.ContainerImage.fromRegistry("amazon/amazon-ecs-sample"),
  memoryLimitMiB: 1024,
  environment: { // clear text, not for sensitive data
    STAGE: 'prod',
  },
  environmentFiles: [ // list of environment files hosted either on local disk or S3
    ecs.EnvironmentFile.fromAsset('./demo-env-file.env'),
    ecs.EnvironmentFile.fromBucket(s3Bucket, 'assets/demo-env-file.env'),
  ],
  secrets: { // Retrieved from AWS Secrets Manager or AWS Systems Manager Parameter Store at container start-up.
    SECRET: ecs.Secret.fromSecretsManager(secret),
    DB_PASSWORD: ecs.Secret.fromSecretsManager(dbSecret, 'password'), // Reference a specific JSON field, (requires platform version 1.4.0 or later for Fargate tasks)
    API_KEY: ecs.Secret.fromSecretsManagerVersion(secret, { versionId: '12345' }, 'apiKey'), // Reference a specific version of the secret by its version id or version stage (requires platform version 1.4.0 or later for Fargate tasks)
    PARAMETER: ecs.Secret.fromSsmParameter(parameter),
  },
});
newContainer.addEnvironment('QUEUE_NAME', 'MyQueue');
newContainer.addSecret('API_KEY', ecs.Secret.fromSecretsManager(secret));
newContainer.addSecret('DB_PASSWORD', ecs.Secret.fromSecretsManager(secret, 'password'));

Properties

NameTypeDescription
versionId?stringversion id of the secret.
versionStage?stringversion stage of the secret.

versionId?

Type: string (optional, default: use default version id)

version id of the secret.


versionStage?

Type: string (optional, default: use default version stage)

version stage of the secret.