# aws-fargate-secretsmanager module
<!--BEGIN STABILITY BANNER-->---
> All classes are under active development and subject to non-backward compatible changes or removal in any
> future version. These are not subject to the [Semantic Versioning](https://semver.org/) model.
> This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.
---
<!--END STABILITY BANNER-->
| **Reference Documentation**:| <span style="font-weight: normal">https://docs.aws.amazon.com/solutions/latest/constructs/</span>|
|:-------------|:-------------|
<div style="height:8px"></div>
| **Language** | **Package** |
|:-------------|-----------------|
| Python|`aws_solutions_constructs.aws_fargate_secretsmanager`|
| Typescript|`@aws-solutions-constructs/aws-fargate-secretsmanager`|
| Java|`software.amazon.awsconstructs.services.fargatesecretsmanager`|
## Overview
This AWS Solutions Construct implements an AWS Fargate service that can write/read to an AWS Secrets Manager
Here is a minimal deployable pattern definition:
Typescript
```python
import { Construct } from 'constructs';
import { Stack, StackProps } from 'aws-cdk-lib';
import { FargateToSecretsmanager, FargateToSecretsmanagerProps } from '@aws-solutions-constructs/aws-fargate-secretsmanager';
const constructProps: FargateToSecretsmanagerProps = {
publicApi: true,
ecrRepositoryArn: "arn:aws:ecr:us-east-1:123456789012:repository/your-ecr-repo",
};
new FargateToSecretsmanager(stack, 'test-construct', constructProps);
```
Python
```python
from aws_solutions_constructs.aws_fargate_secretsmanager import FargateToSecretsmanager, FargateToSecretsmanagerProps
from aws_cdk import (
Stack
)
from constructs import Construct
FargateToSecretsmanager(self, 'test_construct',
public_api=True,
ecr_repository_arn="arn:aws:ecr:us-east-1:123456789012:repository/your-ecr-repo")
```
Java
```java
import software.constructs.Construct;
import software.amazon.awscdk.Stack;
import software.amazon.awscdk.StackProps;
import software.amazon.awsconstructs.services.fargatesecretsmanager.*;
new FargateToSecretsmanager(this, "test-construct", new FargateToSecretsmanagerProps.Builder()
.publicApi(true)
.ecrRepositoryArn("arn:aws:ecr:us-east-1:123456789012:repository/your-ecr-repo")
.build());
```
## Pattern Construct Props
| **Name** | **Type** | **Description** |
|:-------------|:----------------|-----------------|
| publicApi | `boolean` | Whether the construct is deploying a private or public API. This has implications for the VPC. |
| vpcProps? | [`ec2.VpcProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.VpcProps.html) | Optional custom properties for a VPC the construct will create. This VPC will be used by any Private Hosted Zone the construct creates (that's why loadBalancerProps and privateHostedZoneProps can't include a VPC). Providing both this and existingVpc is an error. |
| existingVpc? | [`ec2.IVpc`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.IVpc.html) | An existing VPC in which to deploy the construct. Providing both this and vpcProps is an error. If the client provides an existing load balancer and/or existing Private Hosted Zone, those constructs must exist in this VPC. |
| clusterProps? | [`ecs.ClusterProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs.ClusterProps.html) | Optional properties to create a new ECS cluster. To provide an existing cluster, use the cluster attribute of fargateServiceProps. |
| ecrRepositoryArn? | `string` | The arn of an ECR Repository containing the image to use to generate the containers. Either this or the image property of containerDefinitionProps must be provided. format: arn:aws:ecr:*region*:*account number*:repository/*Repository Name* |
| ecrImageVersion? | `string` | The version of the image to use from the repository. Defaults to 'Latest' |
| containerDefinitionProps? | [`ecs.ContainerDefinitionProps \| any`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs.ContainerDefinitionProps.html) | Optional props to define the container created for the Fargate Service (defaults found in fargate-defaults.ts) |
| fargateTaskDefinitionProps? | [`ecs.FargateTaskDefinitionProps \| any`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs.FargateTaskDefinitionProps.html) | Optional props to define the Fargate Task Definition for this construct (defaults found in fargate-defaults.ts) |
| fargateServiceProps? | [`ecs.FargateServiceProps \| any`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs.FargateServiceProps.html) | Optional values to override default Fargate Task definition properties (fargate-defaults.ts). The construct will default to launching the service is the most isolated subnets available (precedence: Isolated, Private and Public). Override those and other defaults here. |
| existingFargateServiceObject? | [`ecs.FargateService`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs.FargateService.html) | A Fargate Service already instantiated (probably by another Solutions Construct). If this is specified, then no props defining a new service can be provided, including: ecrImageVersion, containerDefinitionProps, fargateTaskDefinitionProps, ecrRepositoryArn, fargateServiceProps, clusterProps |
| existingContainerDefinitionObject? | [`ecs.ContainerDefinition`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs.ContainerDefinition.html) | A container definition already instantiated as part of a Fargate service. This must be the container in the existingFargateServiceObject |
|secretProps?|[`secretsmanager.SecretProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_secretsmanager.SecretProps.html)|Optional user provided props to override the default props for Secrets Manager|
|existingSecretObj?|[`secretsmanager.Secret`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_secretsmanager.Secret.html)|Existing instance of Secrets Manager Secret object, If this is set then the secretProps is ignored|
|grantWriteAccess?|`boolean`|Optional write access to the Secret for the Fargate service (Read-Only by default)
|secretEnvironmentVariableName?|`string`|Optional Name for the container environment variable set to the ARN of the secret. Default: SECRET_ARN |
## Pattern Properties
| **Name** | **Type** | **Description** |
|:-------------|:----------------|-----------------|
| vpc | [`ec2.IVpc`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.IVpc.html) | The VPC used by the construct (whether created by the construct or provided by the client) |
| service | [`ecs.FargateService`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs.FargateService.html) | The AWS Fargate service used by this construct (whether created by this construct or passed to this construct at initialization) |
| container | [`ecs.ContainerDefinition`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs.ContainerDefinition.html) | The container associated with the AWS Fargate service in the service property. |
|secret|[`secretsmanager.Secret`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_secretsmanager.Secret.html)|Returns an instance of `secretsmanager.Secret` created by the construct|
## Default settings
Out of the box implementation of the Construct without any override will set the following defaults:
### AWS Fargate Service
* Sets up an AWS Fargate service
* Uses the existing service if provided
* Creates a new service if none provided.
* Service will run in isolated subnets if available, then private subnets if available and finally public subnets
* Adds environment variables to the container with the ARN and Name of the Secrets Manager secret
* Add permissions to the container IAM role allowing it to publish to the Secrets Manager secret
### Amazon Secrets Manager Secret
* Sets up an Amazon Secrets Manager secret
* Uses an existing secret if one is provided, otherwise creates a new one
* (default) random name
* (default) random value
* Adds an Interface Endpoint to the VPC for Secrets Manager (the service by default runs in Isolated or Private subnets)
* Retain the Secret when deleting the CloudFormation stack
## Architecture
---
© Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
Raw data
{
"_id": null,
"home_page": "https://github.com/awslabs/aws-solutions-constructs.git",
"name": "aws-solutions-constructs.aws-fargate-secretsmanager",
"maintainer": null,
"docs_url": null,
"requires_python": "~=3.8",
"maintainer_email": null,
"keywords": null,
"author": "Amazon Web Services",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/4a/6e/cbcbbc7f88df53d8305cc2489ef4cd9e9102c5c52594aab2eb6a5e213bd9/aws_solutions_constructs_aws_fargate_secretsmanager-2.74.0.tar.gz",
"platform": null,
"description": "# aws-fargate-secretsmanager module\n\n<!--BEGIN STABILITY BANNER-->---\n\n\n\n\n> All classes are under active development and subject to non-backward compatible changes or removal in any\n> future version. These are not subject to the [Semantic Versioning](https://semver.org/) model.\n> This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.\n\n---\n<!--END STABILITY BANNER-->\n\n| **Reference Documentation**:| <span style=\"font-weight: normal\">https://docs.aws.amazon.com/solutions/latest/constructs/</span>|\n|:-------------|:-------------|\n\n<div style=\"height:8px\"></div>\n\n| **Language** | **Package** |\n|:-------------|-----------------|\n| Python|`aws_solutions_constructs.aws_fargate_secretsmanager`|\n| Typescript|`@aws-solutions-constructs/aws-fargate-secretsmanager`|\n| Java|`software.amazon.awsconstructs.services.fargatesecretsmanager`|\n\n## Overview\n\nThis AWS Solutions Construct implements an AWS Fargate service that can write/read to an AWS Secrets Manager\n\nHere is a minimal deployable pattern definition:\n\nTypescript\n\n```python\nimport { Construct } from 'constructs';\nimport { Stack, StackProps } from 'aws-cdk-lib';\nimport { FargateToSecretsmanager, FargateToSecretsmanagerProps } from '@aws-solutions-constructs/aws-fargate-secretsmanager';\n\nconst constructProps: FargateToSecretsmanagerProps = {\n publicApi: true,\n ecrRepositoryArn: \"arn:aws:ecr:us-east-1:123456789012:repository/your-ecr-repo\",\n};\n\nnew FargateToSecretsmanager(stack, 'test-construct', constructProps);\n```\n\nPython\n\n```python\nfrom aws_solutions_constructs.aws_fargate_secretsmanager import FargateToSecretsmanager, FargateToSecretsmanagerProps\nfrom aws_cdk import (\n Stack\n)\nfrom constructs import Construct\n\nFargateToSecretsmanager(self, 'test_construct',\n public_api=True,\n ecr_repository_arn=\"arn:aws:ecr:us-east-1:123456789012:repository/your-ecr-repo\")\n```\n\nJava\n\n```java\nimport software.constructs.Construct;\n\nimport software.amazon.awscdk.Stack;\nimport software.amazon.awscdk.StackProps;\nimport software.amazon.awsconstructs.services.fargatesecretsmanager.*;\n\nnew FargateToSecretsmanager(this, \"test-construct\", new FargateToSecretsmanagerProps.Builder()\n .publicApi(true)\n .ecrRepositoryArn(\"arn:aws:ecr:us-east-1:123456789012:repository/your-ecr-repo\")\n .build());\n```\n\n## Pattern Construct Props\n\n| **Name** | **Type** | **Description** |\n|:-------------|:----------------|-----------------|\n| publicApi | `boolean` | Whether the construct is deploying a private or public API. This has implications for the VPC. |\n| vpcProps? | [`ec2.VpcProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.VpcProps.html) | Optional custom properties for a VPC the construct will create. This VPC will be used by any Private Hosted Zone the construct creates (that's why loadBalancerProps and privateHostedZoneProps can't include a VPC). Providing both this and existingVpc is an error. |\n| existingVpc? | [`ec2.IVpc`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.IVpc.html) | An existing VPC in which to deploy the construct. Providing both this and vpcProps is an error. If the client provides an existing load balancer and/or existing Private Hosted Zone, those constructs must exist in this VPC. |\n| clusterProps? | [`ecs.ClusterProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs.ClusterProps.html) | Optional properties to create a new ECS cluster. To provide an existing cluster, use the cluster attribute of fargateServiceProps. |\n| ecrRepositoryArn? | `string` | The arn of an ECR Repository containing the image to use to generate the containers. Either this or the image property of containerDefinitionProps must be provided. format: arn:aws:ecr:*region*:*account number*:repository/*Repository Name* |\n| ecrImageVersion? | `string` | The version of the image to use from the repository. Defaults to 'Latest' |\n| containerDefinitionProps? | [`ecs.ContainerDefinitionProps \\| any`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs.ContainerDefinitionProps.html) | Optional props to define the container created for the Fargate Service (defaults found in fargate-defaults.ts) |\n| fargateTaskDefinitionProps? | [`ecs.FargateTaskDefinitionProps \\| any`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs.FargateTaskDefinitionProps.html) | Optional props to define the Fargate Task Definition for this construct (defaults found in fargate-defaults.ts) |\n| fargateServiceProps? | [`ecs.FargateServiceProps \\| any`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs.FargateServiceProps.html) | Optional values to override default Fargate Task definition properties (fargate-defaults.ts). The construct will default to launching the service is the most isolated subnets available (precedence: Isolated, Private and Public). Override those and other defaults here. |\n| existingFargateServiceObject? | [`ecs.FargateService`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs.FargateService.html) | A Fargate Service already instantiated (probably by another Solutions Construct). If this is specified, then no props defining a new service can be provided, including: ecrImageVersion, containerDefinitionProps, fargateTaskDefinitionProps, ecrRepositoryArn, fargateServiceProps, clusterProps |\n| existingContainerDefinitionObject? | [`ecs.ContainerDefinition`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs.ContainerDefinition.html) | A container definition already instantiated as part of a Fargate service. This must be the container in the existingFargateServiceObject |\n|secretProps?|[`secretsmanager.SecretProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_secretsmanager.SecretProps.html)|Optional user provided props to override the default props for Secrets Manager|\n|existingSecretObj?|[`secretsmanager.Secret`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_secretsmanager.Secret.html)|Existing instance of Secrets Manager Secret object, If this is set then the secretProps is ignored|\n|grantWriteAccess?|`boolean`|Optional write access to the Secret for the Fargate service (Read-Only by default)\n|secretEnvironmentVariableName?|`string`|Optional Name for the container environment variable set to the ARN of the secret. Default: SECRET_ARN |\n\n## Pattern Properties\n\n| **Name** | **Type** | **Description** |\n|:-------------|:----------------|-----------------|\n| vpc | [`ec2.IVpc`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.IVpc.html) | The VPC used by the construct (whether created by the construct or provided by the client) |\n| service | [`ecs.FargateService`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs.FargateService.html) | The AWS Fargate service used by this construct (whether created by this construct or passed to this construct at initialization) |\n| container | [`ecs.ContainerDefinition`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs.ContainerDefinition.html) | The container associated with the AWS Fargate service in the service property. |\n|secret|[`secretsmanager.Secret`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_secretsmanager.Secret.html)|Returns an instance of `secretsmanager.Secret` created by the construct|\n\n## Default settings\n\nOut of the box implementation of the Construct without any override will set the following defaults:\n\n### AWS Fargate Service\n\n* Sets up an AWS Fargate service\n\n * Uses the existing service if provided\n * Creates a new service if none provided.\n\n * Service will run in isolated subnets if available, then private subnets if available and finally public subnets\n * Adds environment variables to the container with the ARN and Name of the Secrets Manager secret\n * Add permissions to the container IAM role allowing it to publish to the Secrets Manager secret\n\n### Amazon Secrets Manager Secret\n\n* Sets up an Amazon Secrets Manager secret\n\n * Uses an existing secret if one is provided, otherwise creates a new one\n\n * (default) random name\n * (default) random value\n* Adds an Interface Endpoint to the VPC for Secrets Manager (the service by default runs in Isolated or Private subnets)\n* Retain the Secret when deleting the CloudFormation stack\n\n## Architecture\n\n\n\n---\n\n\n\u00a9 Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "CDK Constructs for AWS Fargate to Amazon Secrets Manager integration",
"version": "2.74.0",
"project_urls": {
"Homepage": "https://github.com/awslabs/aws-solutions-constructs.git",
"Source": "https://github.com/awslabs/aws-solutions-constructs.git"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "a450b7b43bb8b8772f0a829ddbdddcb7aff0fb1b33542b7b2883f8ce881f82aa",
"md5": "75b8bdd2522af9cd9f1c4b52a04b9fdd",
"sha256": "3492ef787fbfc7b1644669764ea6b389be0d05e3629c034ec39f26ffc760f6f8"
},
"downloads": -1,
"filename": "aws_solutions_constructs.aws_fargate_secretsmanager-2.74.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "75b8bdd2522af9cd9f1c4b52a04b9fdd",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "~=3.8",
"size": 171593,
"upload_time": "2024-10-22T18:07:51",
"upload_time_iso_8601": "2024-10-22T18:07:51.984137Z",
"url": "https://files.pythonhosted.org/packages/a4/50/b7b43bb8b8772f0a829ddbdddcb7aff0fb1b33542b7b2883f8ce881f82aa/aws_solutions_constructs.aws_fargate_secretsmanager-2.74.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "4a6ecbcbbc7f88df53d8305cc2489ef4cd9e9102c5c52594aab2eb6a5e213bd9",
"md5": "4e8bb715fba0c224feecfc59f90d89db",
"sha256": "0d69b06b390f2fa58a39d4b8307db720346ab4786a2bc78e34bb703da99bd79d"
},
"downloads": -1,
"filename": "aws_solutions_constructs_aws_fargate_secretsmanager-2.74.0.tar.gz",
"has_sig": false,
"md5_digest": "4e8bb715fba0c224feecfc59f90d89db",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "~=3.8",
"size": 172936,
"upload_time": "2024-10-22T18:09:30",
"upload_time_iso_8601": "2024-10-22T18:09:30.545570Z",
"url": "https://files.pythonhosted.org/packages/4a/6e/cbcbbc7f88df53d8305cc2489ef4cd9e9102c5c52594aab2eb6a5e213bd9/aws_solutions_constructs_aws_fargate_secretsmanager-2.74.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-10-22 18:09:30",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "awslabs",
"github_project": "aws-solutions-constructs",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "aws-solutions-constructs.aws-fargate-secretsmanager"
}
JSON
