'To which should I give the secret manager permission?
I want to give the permission to access the secrets manager
const rdsKeySecretArn = resourceName.rdsKeyInfos()['arn'];
const rdsKeySecret = secretsmanager.Secret.fromSecretCompleteArn(this, 'SecretFromCompleteArn', rdsKeySecretArn);
rdsKeySecret.grantRead(cluster)// fargate cluster
rdsKeySecret.grantRead(ecsAdminService) //service
rdsKeySecret.grantRead(taskDefinitionAdmin) // taskdefinition
rdsKeySecret.grantRead(djangoContainer) // container
grantRead shows the error
Argument of type 'Cluster' is not assignable to parameter of type 'IGrantable'
I try service, taskdifinition and container.
However they show the same error.
How can I solve?
amazon-web-servicesSolution 1:[1]
To answer the question directly, you should grant it to the task role:
rdsKeySecret.grantRead(taskDefinitionAdmin.taskRole);
The task role is what the containers running in the task assume when they call AWS services.
That being said, the better way to do this is to pass the secret via environment variables using the secrets prop with Secret.fromSecretsManager(rdsKeySecret)
This will not expose the secret, it will resolve and pass it to the container at runtime. CDK will create the appropriate permissions automatically
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | gshpychka |