Channels
#aws
Title
b
billowy-ocean-41790
10/14/2020, 9:49 PMHi! I'm trying to use AWS SecretsManager with an ECS service I'm provisioning. In the few places that receive a secret ARN, the pulumi typescript expects a
stringOutput<string>string | Output<string>new aws.secretsmanager.Secretb
billowy-army-68599
10/14/2020, 10:20 PM
Hey! can you share the code you have currently so I can visualize what you're saying
b
billowy-ocean-41790
10/14/2020, 10:23 PMI can post snippets. The main repo is not open source.
Copy code
const service = new awsx.ecs.EC2Service(ecsName, {
cluster,
desiredCount: 1,
deploymentMinimumHealthyPercent: 0,
subnets: args.vpc.privateSubnetIds,
taskDefinitionArgs: {
containers: {
[name]: {
image: imageUrl,
repositoryCredentials: {
credentialsParameter: config.privateRegistrySecretArn,
},
memory: 128,
portMappings: [],
secrets: [{ name: 'SECRETS', valueFrom: config.applicationSecretArn }],
environment: [{ name: 'ENVIRONMENT', value: config.environment }],
},
},
executionRole: executionRole,
taskRole: taskRole,
},
});Here is the ECS snippet that I’ve arrived at. In the
secretscredentialsParameterMy first pass was to create the secret using Pulumi.
Copy code
const applicationSecret = new aws.secretsmanager.Secret('app-secret', {});so in place of
config.applicationSecretArnapplicationSecret.arnpulumi.interpolateThe problem is that
applicationSecret.arnpulumi.interpolateOutput<string>credentialsParametervalueFromstringb
billowy-army-68599
10/14/2020, 10:59 PM
ah, think I'm following. It's difficult to allow things like
taskDefinitionArgsOutput[string]applyg
gentle-diamond-70147
10/15/2020, 2:31 PMThis is being tracked in https://github.com/pulumi/pulumi-awsx/issues/453 and has a couple options for workarounds in the comments there, FYI.
b
billowy-ocean-41790
10/15/2020, 3:27 PMAwesome, that link is very helpful! I was playing with apply, but hadn’t realized that it could be used at the level of the
secrets