search

aws-samples / serverless-patterns

Serverless patterns. Learn more at the website: https://serverlessland.com/patterns.
https://serverlessland.com
Other
1.58k stars 924 forks source link

New pattern submission: Fargate to SecretsManager #300

Closed abdulahad95 closed 2 years ago

abdulahad95 commented 2 years ago

To submit a template to the Serverless Patterns Collection, submit an issue with the following information.

To learn more about submitting a pattern, read the publishing guidelines page.

Use the model template located at https://github.com/aws-samples/serverless-patterns/tree/main/_pattern-model to set up a README, template and any associated code.

Description (mid-length e.g. "Create a Lambda function that sends events to EventBridge.")

Use AWS Secrets Manager to securely inject secrets into AWS Fargate Containers

Language: (optional e.g. "Python", if you have a Lambda function in your example)

Python

YouTube videoId (optional e.g. "VI79XQW4dIM")

Framework (currently we support SAM or CDK)

CDK

Services from/to (e.g. "Lambda to EventBridge)

Fargate to SecretsManager

Description (this must include a throughout explanation of the pattern together with details of IAM permissioning)

This pattern creates an Amazon ECS Cluster, ECS Task Definition, AWS Fargate Container, and AWS Secrets Manager instance, along with associated roles. Secrets Manager generates a random secret and injects this into the container upon start-up as environment variable. The container is spun up when a Fargate task is run in an existing VPC in the user's AWS account via a CLI command in the testing section. For the roles: A task execution role is created for logging to CloudWatch and for accessing the secrets (the policy for the secrets is added by default). An 'empty' (policy-less) default task role is also created along with Task Definition creation. The Task Definition does not display any hard-coded values for secrets in the console; rather, it displays the ARN of the Secret for which it retrieves the password from via its IAM role.

Deployment commands

Deployment: cdk deploy Cleanup: cdk destroy

GitHub PR for template:

299

Payload example (e.g. Lambda event payload from source service).

Additional resources (optional: link and anchor text, up to 5 resources)

Author bio

Name: Abdul Ahad Khan Photo URL: https://avatars.githubusercontent.com/u/9752760?v=4 LinkedIn: https://www.linkedin.com/in/abdulahadk Description (up to 255 chars): Abdul Ahad is a DevOps Engineer at AWS ProServe based out of the Mid-Atlantic.

jbesw commented 2 years ago

Thanks for the contribution - this is now live at https://serverlessland.com/patterns/cdk-fargate-secrets-manager.