-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Batch] Add "Secrets" properties in interface JobDefinitionContainer #10976
Comments
@Cloudrage Thanks for this. Added. Just making sure you are aware of escape hatches to unblock yourself in the meantime. |
Yep, it's what I'm doing when pasting links about that workaround previously; thanks ! Also, maybe think about an "addSecrets" Method for the Batch Job. |
The workaround I came up with looks something like this // Secrets are not yet supported in the high-level JobDefinition
// - https://github.com/aws/aws-cdk/issues/10976
// - https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-batch.CfnJobDefinition.ContainerPropertiesProperty.html#secrets
const cfnJobDef = jobDef.node.defaultChild as CfnJobDefinition;
const cfnContainerProps = cfnJobDef.containerProperties as CfnJobDefinition.ContainerPropertiesProperty;
(cfnContainerProps as any).secrets = [ // cast to any needed because .secrets property is readonly
{ name: "MY_SECRET", valueFrom: mySecretArn },
]; in case folks are stumbling over this issue. |
For anyone else struggling to figure it out, the equivalent for Python is: my_job_definition.node.default_child.add_property_override("ContainerProperties.Secrets", [
{
"Name": "SOME_ENV_VAR",
"ValueFrom": f"{my_secret.secret_arn}:some_key::"
}
]) In my case my_secret = secrets_manager.Secret.from_secret_name_v2(
self,
"MySecret",
"secret-name-in-secret-manager"
) And the secret itself being a json object, where i only want |
Python
batch_execution_role = iam.Role(self, "batchExecRole",
assumed_by=iam.ServicePrincipal('ecs-tasks.amazonaws.com'),
managed_policies=[iam.ManagedPolicy.from_aws_managed_policy_name('service-role/AmazonECSTaskExecutionRolePolicy')])
my_secret.grant_read(batch_execution_role) |
Add a secrets property to batch.JobDefinitionContainer. This interface is almost the same as ecs.ContainerDefinitionOptions. This is reopen PR of #19506 closes #10976 ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
Add a secrets property to batch.JobDefinitionContainer. This interface is almost the same as ecs.ContainerDefinitionOptions. This is reopen PR of aws#19506 closes aws#10976 ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Use Case
Need to pass Secrets to a Batch Job with CDK Batch Construct.
Not available yet :
https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-batch.JobDefinitionContainer.html
Proposed Solution
Like with CloudFormation, it'll be interesting to add "Secrets" propertie to the CDK Batch Construct :
https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-batch.CfnJobDefinition.ContainerPropertiesProperty.html#secrets
Other
https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-batch.CfnJobDefinition.SecretProperty.html
This is a 🚀 Feature Request
The text was updated successfully, but these errors were encountered: