Home > Back-end >  To which should I give the secret manager permission?
To which should I give the secret manager permission?

Time:04-01

I want to give the permission to access the secrets manager

const rdsKeySecretArn = resourceName.rdsKeyInfos()['arn'];
const rdsKeySecret = secretsmanager.Secret.fromSecretCompleteArn(this, 'SecretFromCompleteArn', rdsKeySecretArn);

rdsKeySecret.grantRead(cluster)// fargate cluster 
rdsKeySecret.grantRead(ecsAdminService) //service
rdsKeySecret.grantRead(taskDefinitionAdmin) // taskdefinition
rdsKeySecret.grantRead(djangoContainer) // container

grantRead shows the error

Argument of type 'Cluster' is not assignable to parameter of type 'IGrantable'

I try service, taskdifinition and container.

However they show the same error.

How can I solve?

CodePudding user response:

To answer the question directly, you should grant it to the task role:

rdsKeySecret.grantRead(taskDefinitionAdmin.taskRole);

The task role is what the containers running in the task assume when they call AWS services.

That being said, the better way to do this is to pass the secret via environment variables using the secrets prop with Secret.fromSecretsManager(rdsKeySecret)

This will not expose the secret, it will resolve and pass it to the container at runtime. CDK will create the appropriate permissions automatically

  • Related