re: 3 ways to handle secrets in AWS ECS tasks VIEW POST


You should be using data to fetch the full arn, not relying on parsing.

data "aws_ssm_parameter" "app_database_password" {
  name = "blog/DATABASE_PASSWORD"

The reason you do this is because you cannot create an expandable JSON template file in terraform. The way you reference the variable is:

    "secrets": [
        "name": "NAME_YOUR_ENV_VAR",
        "valueFrom": "${data.aws_ssm_parameter.app_database_password.arn}"

This is much cleaner and then you don't need to be passing around account, region, etc. You declare this much higher up.

code of conduct - report abuse