EC2 and Secret Manager

Question

Hi, I am carrying out a POC to save my docker-compose .env  secrets in AWS secret manager and retrieve the secret into my application running on an EC2 instance in an autoscaling group and another app running in Elastic beanstalk. 
I have created an Instance profile with IAM policy to retrieve the secrets from the secret manager using the secret arn. But each time I deploy this application, the docker-compose is not able to access the secrets. When I inspect the container I see that it was not able to get the secrets. How do I do this?

Accepted Answer

Please review the following link. To access the secrets stored in AWS Secrets Manager from your application running on EC2 instances, you can use AWS SDKs or CLI commands.

https://boto3.amazonaws.com/v1/documentation/api/latest/guide/secrets-manager.html

Update your docker-compose.yml file to use the .env file:

```
services:
  your-service:
    image: your-image
    env_file:
      - .env
```

python fetch_secrets.py and produce .env file then run docker-compose

docker-compose up

For applications running on Elastic Beanstalk
Create a .ebextensions directory in your application's root directory
Create a config file, for example, 01_fetch_secrets.config, inside the .ebextensions directory with the following content

```
container_commands:
  01_fetch_secrets:
    command: "python fetch_secrets.py"
```
Include the fetch_secrets.py script in your application's source code
Deploy your application to Elastic Beanstalk. During deployment, Elastic Beanstalk will execute the fetch_secrets.py script and create the .env file. Your application should now be able to access the secrets stored in the .env file.

EC2 and Secret Manager

相关内容