Terraform - 在 ECS 容器定义中使用 SSM 参数
Terraform - Use SSM Parameters in ECS container definition
我正在使用 Terraform 部署 ECS 任务,并希望在 ECS 任务的容器定义中使用 AWS SSM 参数。
我有 3 个 SSM 参数,我想用它们来覆盖 service.json 中定义的默认属性。 (PORT, TEST_PROP_1, TEST_PROP_2)
有没有办法为容器定义环境变量提供这些 SSM 参数的 ARN?
Terraform 资源:
resource "aws_ecs_task_definition" "testapp" {
family = "testapp"
network_mode = "awsvpc"
cpu = 256
memory = 512
container_definitions = file("../modules/ecs_service/task-definitions/service.json")
requires_compatibilities = [
"FARGATE"
]
execution_role_arn = "arn:aws:iam::redacted:role/ecsTaskExecutionRole"
task_role_arn = "arn:aws:iam::redacted:role/ecsTaskExecutionRole"
}
service.json
[
{
"name": "testapp",
"image": "redacted/demoapp:latest",
"portMappings": [
{
"containerPort": 59817,
"hostPort": 59817,
"protocol": "tcp"
}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "testappLG",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "devtest"
}
},
"Environment": [
{
"Name": "PORT",
"Value": "9001"
},
{
"Name": "TEST_PROP_1",
"Value": "Override value - test prop 1"
},
{
"Name": "TEST_PROP_2",
"Value": "Override value - test prop 2"
}
]
}
]
您可以在此 Terraform 运行 中创建 SSM 参数,在这种情况下您已经有一个对它的引用,或者您可以使用 data source 查找它。出于示例目的,假设您使用数据源:
data "aws_ssm_parameter" "foo" {
name = "foo"
}
现在,我将使用 templatefile() 函数而不是 file() 函数,因此您可以在 json 中使用插值。这意味着您的 Terraform 模板中的行将更改为(传递您要在 JSON 中使用的秘密的 ARN):
container_definitions = templatefile( "../modules/ecs_service/task-definitions/service.json", {
secret1 = data.aws_ssm_parameter.foo.arn
})
最后,您的 JSON 文件需要看起来像这样,以便告诉 ECS 查找秘密并将其传递到容器中,当它创建您的任务实例时:
[
{
"name": "testapp",
"image": "redacted/demoapp:latest",
"portMappings": [
{
"containerPort": 59817,
"hostPort": 59817,
"protocol": "tcp"
}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "testappLG",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "devtest"
}
},
"secrets": [
{
"name": "MY_SECRET",
"valueFrom": "${secret1}"
}
],
"Environment": [
{
"Name": "PORT",
"Value": "9001"
},
{
"Name": "TEST_PROP_1",
"Value": "Override value - test prop 1"
},
{
"Name": "TEST_PROP_2",
"Value": "Override value - test prop 2"
}
]
}
]
我正在使用 Terraform 部署 ECS 任务,并希望在 ECS 任务的容器定义中使用 AWS SSM 参数。
我有 3 个 SSM 参数,我想用它们来覆盖 service.json 中定义的默认属性。 (PORT, TEST_PROP_1, TEST_PROP_2)
有没有办法为容器定义环境变量提供这些 SSM 参数的 ARN?
Terraform 资源:
resource "aws_ecs_task_definition" "testapp" {
family = "testapp"
network_mode = "awsvpc"
cpu = 256
memory = 512
container_definitions = file("../modules/ecs_service/task-definitions/service.json")
requires_compatibilities = [
"FARGATE"
]
execution_role_arn = "arn:aws:iam::redacted:role/ecsTaskExecutionRole"
task_role_arn = "arn:aws:iam::redacted:role/ecsTaskExecutionRole"
}
service.json
[
{
"name": "testapp",
"image": "redacted/demoapp:latest",
"portMappings": [
{
"containerPort": 59817,
"hostPort": 59817,
"protocol": "tcp"
}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "testappLG",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "devtest"
}
},
"Environment": [
{
"Name": "PORT",
"Value": "9001"
},
{
"Name": "TEST_PROP_1",
"Value": "Override value - test prop 1"
},
{
"Name": "TEST_PROP_2",
"Value": "Override value - test prop 2"
}
]
}
]
您可以在此 Terraform 运行 中创建 SSM 参数,在这种情况下您已经有一个对它的引用,或者您可以使用 data source 查找它。出于示例目的,假设您使用数据源:
data "aws_ssm_parameter" "foo" {
name = "foo"
}
现在,我将使用 templatefile() 函数而不是 file() 函数,因此您可以在 json 中使用插值。这意味着您的 Terraform 模板中的行将更改为(传递您要在 JSON 中使用的秘密的 ARN):
container_definitions = templatefile( "../modules/ecs_service/task-definitions/service.json", {
secret1 = data.aws_ssm_parameter.foo.arn
})
最后,您的 JSON 文件需要看起来像这样,以便告诉 ECS 查找秘密并将其传递到容器中,当它创建您的任务实例时:
[
{
"name": "testapp",
"image": "redacted/demoapp:latest",
"portMappings": [
{
"containerPort": 59817,
"hostPort": 59817,
"protocol": "tcp"
}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "testappLG",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "devtest"
}
},
"secrets": [
{
"name": "MY_SECRET",
"valueFrom": "${secret1}"
}
],
"Environment": [
{
"Name": "PORT",
"Value": "9001"
},
{
"Name": "TEST_PROP_1",
"Value": "Override value - test prop 1"
},
{
"Name": "TEST_PROP_2",
"Value": "Override value - test prop 2"
}
]
}
]