I need to retrieve secrets stored in aws parameter store for use in my javascript code that is running as a Docker Container. Currently, I am using the ssmClient.getParameter function from aws-sdk to get my get the parameters and use them in my code (see below). When I run this locally, I get the aws environment variables and put them into my terminal and the code works just fine. However, when my code runs in its docker container in aws fargate, it isn't authorized and won't get the parameters.
Here is an example of what I am doing:
//params.js
const AWS = require('aws-sdk')
async function getParameters () {
const ssmClient = new AWS.SSM({
apiVersion: '2014-11-06',
region: 'us-west-1'
})
const secret= await ssmClient.getParameter({
Name: '/aws_account/dev/somesecret',
WithDecryption: true
})
return secret
}
In my terminal I would run something like this:
export AWS_ACCESS_KEY_ID="ID"
export AWS_SECRET_ACCESS_KEY="KEY"
export AWS_SESSION_TOKEN="TOKEN"
node params.js
Locally this works as it should, but my fargate isn't authorized. What can I do to get my fargate authorization? (preferably something that doesn't expire either)
I tried adding environment variables to the dockerfile, tried getting parameters connected through the console as well. I haven't been able to find anything great in the aws documentation.
You have to setup Task IAM role for your task. Your application, if it uses AWS SDK, will automatically use permissions from the IAM role.