Passing Configs and Secrets
Configuration and Secret management in AWS
Last updated
Was this helpful?
Configuration and Secret management in AWS
Last updated
Was this helpful?
There are many ways to pass configurations to containers at run-time. Although simple to set up, using Environmental Variables can become complex if there are too many configurations, especially files and certificates.
In Kubernetes, you also have the option to populate environment variables from .
You can use an S3 Bucket to store and pass configuration to the containers:
in the Tenant and add the needed configurations in an S3 Bucket as a file.
Set the S3 Bucket name as an Environmental Variable.
Create a start-up script that defines the entry point of the container to download the file from the S3 bucket into the container, referenced by the Environmental Variable. Do this by:
Using a
command, copying the config file in S3 to a location in the container;
Running the command, parsing the file, and setting the contents as an Environment Variable.
Create a bash script with the S3 config predefined. When run, the script sets the EV.
Similar to using an S3 bucket, you can create values in an SSM parameter store (navigate to Cloud Services -> App Integration, and select the SSM Parameters tab) and set the Name of the parameter in the Environmental Variable. You then use a startup script in the AWS CLI to pull values from SSM and set them for the application in the container, either as an Environmental Variable or as a file.
Use the AWS Secrets Manager to set configs and secrets in Environmental Variables. Use a container startup script in the AWS CLI to copy secrets and set them in the appropriate format in the container.
Use the ECS Task Definition Secrets fields to set the configuration. For example::
Where X_SERVICE_TOKEN
is the Secret
defined in the JSON and VALUE_FROM
is the AWS secret ARN.
See the section.