aws-batch-alpha: Parameter Store secrets not supported in new version #26339

jacob-swanson · 2023-07-12T22:08:00Z

Describe the bug

The older version of aws-batch-alpha allowed for secrets to be defined using either Secrets Manager or Parameter Store.

In the old JobDefinition construct, secrets was defined as:

readonly secrets?: {
    [key: string]: ecs.Secret;
};

Which works with either Secrets Manager or Parameter Store.

But the new EcsContainerDefinitionProps defines secrets as

readonly secrets?: {
    [envVarName: string]: secretsmanager.ISecret;
};

Which is just Secrets Manager.

Expected Behavior

I should be able to create a job definition using secrets from either Secrets Manager or Parameter Store.

Current Behavior

Job definitions cannot use secrets from parameter store.

Reproduction Steps

Snippet of old, working code:

new batch.JobDefinition(this, "JobDefinition", {
    container: {
        secrets: {
            ENVAR_NAME: ecs.Secret.fromSsmParameter(ssm.StringParameter.fromStringParameterName(this, "StringParameter", "stringParameterName"))
        }
    }
})

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.87.0 (build 9fca790)

Framework Version

No response

Node.js Version

v18.16.1

OS

Pop!_OS 22.04 LTS

Language

Typescript

Language Version

No response

Other information

No response

The text was updated successfully, but these errors were encountered:

peterwoodworth · 2023-07-12T22:47:41Z

Yep, looks like this is the case. @comcalvi something to take a look at, not sure how you would like to go about this.

comcalvi · 2023-07-13T17:45:50Z

ah, I missed that it could also be parameter store

…6373) ECS Containers can take both Secrets Manager Secrets and SSM parameters. Currently, only Secrets manager is supported. Closes #26339. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

github-actions · 2023-07-18T09:11:42Z

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

…s#26373) ECS Containers can take both Secrets Manager Secrets and SSM parameters. Currently, only Secrets manager is supported. Closes aws#26339. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

jacob-swanson added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jul 12, 2023

github-actions bot added the @aws-cdk/aws-batch Related to AWS Batch label Jul 12, 2023

peterwoodworth added p1 effort/small Small work item – less than a day of effort and removed needs-triage This issue or PR still needs to be triaged. labels Jul 12, 2023

peterwoodworth assigned comcalvi Jul 12, 2023

comcalvi mentioned this issue Jul 14, 2023

fix(batch): SSM parameters can't be used as ECS Container secrets #26373

Merged

mergify bot closed this as completed in #26373 Jul 18, 2023

github-actions bot mentioned this issue Aug 1, 2023

Monthly PRs metrics report - July 2023 #26582

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

aws-batch-alpha: Parameter Store secrets not supported in new version #26339

aws-batch-alpha: Parameter Store secrets not supported in new version #26339

jacob-swanson commented Jul 12, 2023

peterwoodworth commented Jul 12, 2023

comcalvi commented Jul 13, 2023

github-actions bot commented Jul 18, 2023