I want to give the permission to access the secrets manager
const rdsKeySecretArn = resourceName.rdsKeyInfos()['arn'];
const rdsKeySecret = secretsmanager.Secret.fromSecretCompleteArn(this, 'SecretFromCompleteArn', rdsKeySecretArn);
rdsKeySecret.grantRead(cluster)// fargate cluster
rdsKeySecret.grantRead(ecsAdminService) //service
rdsKeySecret.grantRead(taskDefinitionAdmin) // taskdefinition
rdsKeySecret.grantRead(djangoContainer) // container
grantRead
shows the error
Argument of type 'Cluster' is not assignable to parameter of type 'IGrantable'
I try service
, taskdifinition
and container
.
However they show the same error.
How can I solve?
CodePudding user response:
To answer the question directly, you should grant it to the task role:
rdsKeySecret.grantRead(taskDefinitionAdmin.taskRole);
The task role is what the containers running in the task assume when they call AWS services.
That being said, the better way to do this is to pass the secret via environment variables using the secrets
prop with Secret.fromSecretsManager(rdsKeySecret)
This will not expose the secret, it will resolve and pass it to the container at runtime. CDK will create the appropriate permissions automatically