Learn how to deliver secrets to Amazon Elastic Container Service.
aws-ecs-with-agent
.
The guide will assume that aws-ecs-with-agent
is your working directory going forward.
aws-ecs-with-agent
directory, you will find a sample agent-config.yaml
file. This agent config file will connect with Infisical Cloud using AWS Auth and deposit access tokens at path /infisical-agent/access-token
and render secrets to file /infisical-agent/secrets
.
source-path
property but for simplicity we define them inline.
In the agent configuration above, the template defined will transform the secrets from Infisical project with the ID 202f04d7-e4cb-43d4-a292-e893712d61fc
, in the dev
environment, and secrets located in the path /
, into a KEY=VALUE
format.
ecs.tf
file in your preferred code editor. In the container_definitions section, assign the values to the machine_identity_id
and agent_config
properties.
The agent_config
property expects the base64-encoded agent configuration file. In order to get this, we use the base64encode
and file
functions of HCL.
infisical-sidecar
container below.
mountPoints
defined.
This mount point is referencing to the already configured EFS volume as shown below.
containerPath
is set to /infisical-agent
because that is that the folder we have instructed the agent to deposit the credentials to.
AWS Access Key
and Secret Key
.
Once you have generated these credentials, export them to your terminal.
terraform
access-token
and secrets
.
The access-token
file should hold a valid Bearer
token, which can be used to make HTTP requests to Infisical.
The secrets
file should contain secrets, formatted according to the specifications in our secret template file (presented in key=value format).