re: Where do you keep credentials for your Lambda functions? VIEW POST

re: I use a similar setup for my containers running in Fargate. I added a piece to my docker run script that grabs the SSM parameters and saves them as...

But then they are exposed to all apps with the Fargate execution space. Security now has to move away from the OS container and towards the app itself.


What do you mean by "exposed to all apps with the Fargate execution space?" Each application has its own image, with its own run script (bash). The run script makes the request to AWS SSM and sets the environment variables before it starts the application. The secrets are only available in the container OS. The app can only read them.

code of conduct - report abuse