mirror of
https://github.com/projecthorus/sondehub-infra.git
synced 2024-12-23 06:52:28 +00:00
Pull secrets from secrets manager rather than S3
This commit is contained in:
parent
81830c2d74
commit
f138ddc748
@ -6,9 +6,10 @@ resource "aws_secretsmanager_secret_version" "mqtt" {
|
|||||||
secret_id = aws_secretsmanager_secret.mqtt.id
|
secret_id = aws_secretsmanager_secret.mqtt.id
|
||||||
secret_string = jsonencode(
|
secret_string = jsonencode(
|
||||||
{
|
{
|
||||||
HOST = join(",", local.websocket_host_addresses)
|
HOST = join(",", local.websocket_host_addresses)
|
||||||
PASSWORD = random_password.mqtt.result
|
HOST_MOS_FORMAT = join(" ", [for x in local.websocket_host_addresses : "${x}:1883"])
|
||||||
USERNAME = "write"
|
PASSWORD = random_password.mqtt.result
|
||||||
|
USERNAME = "write"
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
@ -183,9 +183,9 @@ resource "aws_ecs_task_definition" "ws_reader_ec2" {
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
command = [
|
command = [
|
||||||
"cp",
|
"sh",
|
||||||
"/config/mosquitto-reader.conf",
|
"-c",
|
||||||
"/config/mosquitto.conf",
|
"apk add gettext; envsubst < /config/mosquitto-reader-template.conf > /config/mosquitto.conf",
|
||||||
]
|
]
|
||||||
cpu = 0
|
cpu = 0
|
||||||
dependsOn = [
|
dependsOn = [
|
||||||
@ -214,6 +214,16 @@ resource "aws_ecs_task_definition" "ws_reader_ec2" {
|
|||||||
name = "config-move"
|
name = "config-move"
|
||||||
portMappings = []
|
portMappings = []
|
||||||
volumesFrom = []
|
volumesFrom = []
|
||||||
|
secrets = [
|
||||||
|
{
|
||||||
|
name = "PASSWORD"
|
||||||
|
valueFrom = "${aws_secretsmanager_secret.mqtt.arn}:PASSWORD::"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name = "HOST_MOS_FORMAT"
|
||||||
|
valueFrom = "${aws_secretsmanager_secret.mqtt.arn}:HOST_MOS_FORMAT::"
|
||||||
|
}
|
||||||
|
]
|
||||||
},
|
},
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
@ -232,6 +242,7 @@ resource "aws_ecs_task_definition" "ws_reader_ec2" {
|
|||||||
volume {
|
volume {
|
||||||
name = "config"
|
name = "config"
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_ecs_task_definition" "ws" {
|
resource "aws_ecs_task_definition" "ws" {
|
||||||
@ -277,7 +288,7 @@ resource "aws_ecs_task_definition" "ws" {
|
|||||||
]
|
]
|
||||||
environment = []
|
environment = []
|
||||||
essential = true
|
essential = true
|
||||||
image = "eclipse-mosquitto:2-openssl"
|
image = "eclipse-mosquitto:2.0.15"
|
||||||
# logConfiguration = {
|
# logConfiguration = {
|
||||||
# logDriver = "awslogs"
|
# logDriver = "awslogs"
|
||||||
# options = {
|
# options = {
|
||||||
@ -571,6 +582,26 @@ resource "aws_iam_role_policy" "efs" {
|
|||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "aws_iam_role_policy" "secrets" {
|
||||||
|
name = "secrests"
|
||||||
|
role = aws_iam_role.ecs_execution.id
|
||||||
|
|
||||||
|
policy = <<EOF
|
||||||
|
{
|
||||||
|
"Version": "2012-10-17",
|
||||||
|
"Statement": [
|
||||||
|
{
|
||||||
|
"Action": [
|
||||||
|
"secretsmanager:GetSecretValue"
|
||||||
|
],
|
||||||
|
"Effect": "Allow",
|
||||||
|
"Resource": ["${aws_secretsmanager_secret.mqtt.arn}", "${aws_secretsmanager_secret.radiosondy.arn}"]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
resource "aws_iam_role_policy" "ssm" {
|
resource "aws_iam_role_policy" "ssm" {
|
||||||
name = "SSM"
|
name = "SSM"
|
||||||
role = aws_iam_role.ecs_execution.id
|
role = aws_iam_role.ecs_execution.id
|
||||||
|
Loading…
Reference in New Issue
Block a user