I've generated a secret in AWS with two key/value pairs. I now want to set my Fargate Task in CDK with both these secrets as Env Variables. I've been through the documentation and am following these two documents:

Using Secrets Manager to secure sensitive data and Get a value from AWS Secrets Manager

I'm setting the secrets like so:

TaskImageOptions = new ApplicationLoadBalancedTaskImageOptions
{
    ContainerName = "Container name",
    Image = (...),
    Secrets = new Dictionary<string, Amazon.CDK.AWS.ECS.Secret>
    {
        {"ENV_KEY_1", Amazon.CDK.AWS.ECS.Secret.FromSecretsManager(Secret.FromSecretCompleteArn(this, "secret-name-1", "full-arn-1"))},
        {"ENV_KEY_2", Amazon.CDK.AWS.ECS.Secret.FromSecretsManager(Secret.FromSecretCompleteArn(this, "secret-name-2", "full-arn-2"))}
    }
}

According to the documentation (second link), to set a specific key on a secret, I should use something like the following:

{
  "containerDefinitions": [{
    "secrets": [{
      "name": "environment_variable_name",
      "valueFrom": "arn:aws:secretsmanager:region:aws_account_id:secret:appauthexample-AbCdEf:username1::"
    }]
  }]
}

However, the Secret.FromSecretCompleteArn does not support this. It expects only the full arn up to the 6 random characters, and it fails if I add the key (or version).

I found no way of getting this key to be set. I tried: Secret.FromNameV2, Secret.FromSecretPartialArn and Secret.FromAttributes.

CodePudding user response：

First of all, FromSecretsManagerVersion requires version information via the required VersionInfo argument, which you're not providing. If you don't need it, use FromSecretsManager.

As to your question, both of the methods above have a Field argument that do exactly what you want - select a field from a JSON object.

Documentation reference: https://constructs.dev/packages/aws-cdk-lib/v/2.43.0/api/Secret?lang=dotnet&submodule=aws_ecs#fromSecretsManager