No matter how much time and effort we spend on application security, it is always less. But simple workflows for things like secret management, key...
For further actions, you may consider blocking this person and/or reporting abuse
You should be using data to fetch the full arn, not relying on parsing.
The reason you do this is because you cannot create an expandable JSON template file in terraform. The way you reference the variable is:
This is much cleaner and then you don't need to be passing around account, region, etc. You declare this much higher up.
@sagarjauhari , this is a very good article. Just one question, how are these variables referenced by the application itself? Like how can I pass the values of these variables to my config file. With your example, it seems like the secrets are exposed to the container but how are we going to reference them in the application code itself.
Good question. If you follow one of these approaches, your docker application would be able access these variables in the environment. If it is a python app, you can do
os.getenv()
or for golangvalue, exists := os.LookupEnv(key)
@sagarjauhari worth read!!!
check it out github.com/Bharathkumarraju/ECS_Pa...
What happens if a a value changes in the secrets manager?
Should a redeployment be forced manually on the ECS task to pick up the new value?