I have several secretsmanager secrets formatted in json-format:
{"AUTH_PASSWORD":"SomeSecretPW","DATABASE_URL":"postgres://postgres:SomeSecretURL?schema=public","AUTH_USERNAME":"SomeSecretUsername","CLIENT_ID":"SomeSecretClientID","CLIENT_SECRET":"SomeSecretClientSecret"}
I have set up an ECS Task Definition that references them successfully using this syntax, but I've been unable to find documentation to explain the trailing colons "::" on the ARN's. Why does this work? Is this syntax correct?
Is this an undocumented feature?
"secrets": [
{
"name": "AUTH_PASSWORD",
"valueFrom": "arn:aws:secretsmanager:us-east-1:123456789:secret:dev/onboarding-orchestrator/secrets-QXPnJp:AUTH_PASSWORD::"
},
{
"name": "AUTH_USERNAME",
"valueFrom": "arn:aws:secretsmanager:us-east-1:123456789:secret:dev/onboarding-orchestrator/secrets-QXPnJp:AUTH_USERNAME::"
},
{
"name": "DATABASE_URL",
"valueFrom": "arn:aws:secretsmanager:us-east-1:123456789:secret:dev/onboarding-orchestrator/secrets-QXPnJp:DATABASE_URL::"
},
{
"name": "CLIENT_ID",
"valueFrom": "arn:aws:secretsmanager:us-east-1:123456789:secret:dev/onboarding-orchestrator/secrets-QXPnJp:OKTA_CLIENT_ID::"
},
{
"name": "CLIENT_SECRET",
"valueFrom": "arn:aws:secretsmanager:us-east-1:123456789:secret:dev/onboarding-orchestrator/secrets-QXPnJp:CLIENT_SECRET::"
}
]
thank you!
for my own future reference, the '::' double-colon signifies the end of the ARN, and tells ECS to look for the final string, i.e. CLIENT_SECRET within the preceding secret name in the ARN.