Created
July 25, 2020 15:42
-
-
Save michaelfecher/40b7b4b04ec02baadba95b16de3a0815 to your computer and use it in GitHub Desktop.
Blogpost: ECS Fargate Passing secrets: DB credentials import in CDK
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // file: lib/db-credentials-stack.ts | |
| import { ISecret, Secret } from "@aws-cdk/aws-secretsmanager"; | |
| import * as cdk from "@aws-cdk/core"; | |
| export interface DBCredentials { | |
| username: ISecret; | |
| password: ISecret; | |
| } | |
| export class DbCredentialsStack extends cdk.Stack { | |
| readonly dbCredentials: { username: ISecret; password: ISecret }; | |
| constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) { | |
| super(scope, id, props); | |
| const secretUsername = Secret.fromSecretArn( | |
| this, | |
| "BackendPersistenceUsername", | |
| // replace the ARN with your actual one for your username secret | |
| `arn:aws:secretsmanager:${this.region}:${this.account}:secret:prod/backend/rds/username-<UNIQUE_ID>` | |
| ); | |
| const secretPassword = Secret.fromSecretArn( | |
| this, | |
| "BackendPersistencePassword", | |
| // replace the ARN with your actual one for your password secret | |
| `arn:aws:secretsmanager:${this.region}:${this.account}:secret:prod/backend/rds/password-<UNIQUE_ID>` | |
| ); | |
| this.dbCredentials = { | |
| username: secretUsername, | |
| password: secretPassword, | |
| }; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment