Skip to content

Instantly share code, notes, and snippets.

Created July 25, 2020 15:46
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Blogpost: ECS Fargate with passing secrets - ECS Fargate Task Definition
// file: lib/backend-task-stack.ts
import * as cdk from "@aws-cdk/core";
import * as ecs from "@aws-cdk/aws-ecs";
import * as iam from "@aws-cdk/aws-iam";
import * as ecr from "@aws-cdk/aws-ecr";
import { DBCredentials } from "./db-credentials-stack";
export interface BackendStackProps extends cdk.StackProps {
backendPort: number;
dbEndpoint: string;
dbCredentials: DBCredentials;
dbHost: string;
dbPort: string;
dbName: string;
export class BackendTaskStack extends cdk.Stack {
readonly taskDefinition: ecs.TaskDefinition;
constructor(scope: cdk.Construct, id: string, props: BackendStackProps) {
super(scope, id, props);
const usernameSecret = props.dbCredentials.username;
const passwordSecret = props.dbCredentials.password;
const taskRole = new iam.Role(this, "BackendTaskRole", {
roleName: "BackendECSTaskRole",
assumedBy: new iam.ServicePrincipal(""),
managedPolicies: [
const taskDef = new ecs.FargateTaskDefinition(this, "BackendTask", {
taskRole: taskRole,
taskDef.addContainer("BackendContainer", {
image: ecs.ContainerImage.fromEcrRepository("yourEcrRepo"),
secrets: {
DB_USER: ecs.Secret.fromSecretsManager(usernameSecret),
DB_PW: ecs.Secret.fromSecretsManager(passwordSecret),
environment: {
NODE_ENV: "production",
DB_DIALECT: "postgres",
DB_HOST: props.dbHost,
DB_PORT: props.dbPort,
DB_NAME: props.dbName,
this.taskDefinition = taskDef;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment