billowy-ocean-41790
10/14/2020, 9:49 PMstring
rather than an Output<string>
. We'd expect it to accept string | Output<string>
, so that we can dynamically assign it from a new aws.secretsmanager.Secret
.billowy-army-68599
billowy-ocean-41790
10/14/2020, 10:23 PMconst service = new awsx.ecs.EC2Service(ecsName, {
cluster,
desiredCount: 1,
deploymentMinimumHealthyPercent: 0,
subnets: args.vpc.privateSubnetIds,
taskDefinitionArgs: {
containers: {
[name]: {
image: imageUrl,
repositoryCredentials: {
credentialsParameter: config.privateRegistrySecretArn,
},
memory: 128,
portMappings: [],
secrets: [{ name: 'SECRETS', valueFrom: config.applicationSecretArn }],
environment: [{ name: 'ENVIRONMENT', value: config.environment }],
},
},
executionRole: executionRole,
taskRole: taskRole,
},
});
secrets
list and in the credentialsParameter
, I am referencing the ARN of secrets in AWS secrets manager.const applicationSecret = new aws.secretsmanager.Secret('app-secret', {});
config.applicationSecretArn
I wanted to use applicationSecret.arn
, or if that wouldn’t work wrap it in pulumi.interpolate
.applicationSecret.arn
returns a promise, and pulumi.interpolate
returns an Output<string>
, but for both credentialsParameter
and valueFrom
the only valid type is string
.billowy-army-68599
taskDefinitionArgs
to take an output because of the upstream schema - outputs are reserved really for things now known until after compile time. I suspect there's a technical reason why we can't allow Output[string]
here (cc @white-balloon-205?) but I don't know it off the top of my head.
In any case, you should be able to achieve what you need using an apply
.gentle-diamond-70147
10/15/2020, 2:31 PMbillowy-ocean-41790
10/15/2020, 3:27 PMsecrets
key.