[{"data":1,"prerenderedAt":77},["ShallowReactive",2],{"pattern-cdk-fargate-secrets-manager":3},{"id":4,"title":5,"architectureURL":6,"cleanup":7,"contributors":13,"deploy":15,"description":19,"extension":20,"framework":21,"gitHub":22,"highlight":6,"introBox":31,"language":36,"level":37,"meta":38,"patternArch":39,"resources":52,"s3URL":6,"services":70,"stem":71,"testing":72,"videoId":30,"__hash__":76},"patterns\u002Fpatterns\u002Fcdk-fargate-secrets-manager.json","Secrets Manager with AWS Fargate",null,{"headline":8,"text":9},"Cleanup",[10,11,12],"1. Delete the stack: \u003Ccode>npx cdk destroy\u003C\u002Fcode>.","2. Confirm the stack has been deleted: \u003Ccode>aws cloudformation list-stacks --query \"StackSummaries[?contains(StackName,'STACK_NAME')].StackStatus\"\u003C\u002Fcode>.","3. You see a message confirming DELETE_COMPLETE.",[14],"content\u002Fcontributors\u002Fabdul-ahad-khan.json",{"text":16},[17,18],"npm install","cdk deploy","Use AWS Secrets Manager to inject secrets into AWS Fargate Containers.","json","AWS CDK",{"template":23,"payloads":28},{"projectFolder":24,"repoURL":25,"templateURL":26,"templateFile":27},"fargate-secretsmanager","https:\u002F\u002Fgithub.com\u002Faws-samples\u002Fserverless-patterns\u002Ftree\u002Fmain\u002Ffargate-secretsmanager","serverless-patterns\u002Ffargate-secretsmanager","src\u002Ffargate_secretsmanager_stack.py",[29],{"headline":30,"payloadURL":30},"",{"headline":32,"text":33},"How it works",[34,35],"This pattern creates an Amazon ECS Cluster, ECS Task Definition, AWS Fargate Container, and AWS Secrets Manager instance, along with associated roles.","Secrets Manager generates a random secret and injects this into the container upon start-up as environment variable. The container is spun up when a Fargate task is run in an existing VPC in the user's AWS account via a CLI command in the testing section. For the roles: A task execution role is created for logging to CloudWatch and for accessing the secrets (the policy for the secrets is added by default). An 'empty' (policy-less) default task role is also created along with Task Definition creation. The Task Definition does not display any hard-coded values for secrets in the console; rather, it displays the ARN of the Secret for which it retrieves the password from via its IAM role.","Python","200",{},{"icon1":40,"icon2":45,"line1":49},{"x":41,"y":42,"service":43,"label":44},20,50,"fargate","AWS Fargate",{"x":46,"y":42,"service":47,"label":48},80,"secretsmanager","Secrets Manager",{"from":50,"to":51},"icon1","icon2",{"headline":53,"bullets":54},"Additional resources",[55,58,61,64,67],{"text":56,"link":57},"AWS Secrets Manager","https:\u002F\u002Faws.amazon.com\u002Fsecrets-manager\u002F",{"text":59,"link":60},"Amazon ECS Workshop: Get started with ECS and Fargate","https:\u002F\u002Fecsworkshop.com\u002F",{"text":62,"link":63},"Amazon ECS: Specifying sensitive data","https:\u002F\u002Fdocs.aws.amazon.com\u002FAmazonECS\u002Flatest\u002Fdeveloperguide\u002Fspecifying-sensitive-data.html",{"text":65,"link":66},"Tutorial: Walkthrough on passing in secret data to container","https:\u002F\u002Fdocs.aws.amazon.com\u002FAmazonECS\u002Flatest\u002Fdeveloperguide\u002Fspecifying-sensitive-data-tutorial.html",{"text":68,"link":69},"AWS Premium Support - How to securely pass secrets to a container in Amazon ECS","https:\u002F\u002Faws.amazon.com\u002Fpremiumsupport\u002Fknowledge-center\u002Fecs-data-security-container-task\u002F",{"from":43,"to":47},"patterns\u002Fcdk-fargate-secrets-manager",{"headline":73,"text":74},"Testing",[75],"See testing in the README.md file in the repo","hymS-xZ9hh3PLY2CtN-KQq2sAkC50VdbMzQILLdFsho",1779359723888]