我正在尝试向我的 ECS 作业定义添加一个秘密值,
secret_id = f"mysecretid"
secret = secretsmanager.Secret.from_secret_name_v2(
self,
secret_id,
secret_name=secret_id,
)
# Mongo DB URI
mongodb_uri = ecs.Secret.from_secrets_manager(secret, "MONGODB_URI")
job_definition = batch.EcsJobDefinition(self, f"{stage}{NAME}JobDefinition",
container=batch.EcsEc2ContainerDefinition(self, "Container",
image=image,
memory=Size.mebibytes(4096),
cpu=2,
secrets={"MONGO_DB_URI": mongodb_uri},
command=["npm run crawl"],
)
)
我遇到了错误,
RuntimeError: Passed to parameter props of new aws-cdk-lib.aws_batch.EcsEc2ContainerDefinition: Unable to deserialize value as aws-cdk-lib.aws_batch.EcsEc2ContainerDefinitionProps
├── 🛑 Failing value is an object
│ { '$jsii.struct': [Object] }
╰── 🔍 Failure reason(s):
╰─ Key 'secrets': Unable to deserialize value as map<aws-cdk-lib.aws_batch.Secret> | undefined
├── 🛑 Failing value is an object
│ { '$jsii.map': [Object] }
╰── 🔍 Failure reason(s):
╰─ Key 'MONGO_DB_URI': Unable to deserialize value as aws-cdk-lib.aws_batch.Secret
├── 🛑 Failing value is an object
│ { '$jsii.byref': 'aws-cdk-lib.aws_ecs.Secret@10003' }
╰── 🔍 Failure reason(s):
╰─ Object of type 'aws-cdk-lib.aws_ecs.Secret' is not convertible to aws-cdk-lib.aws_batch.Secret
错误信息相当清楚:
Object of type 'aws-cdk-lib.aws_ecs.Secret' is not convertible to aws-cdk-lib.aws_batch.Secret
由于您正在创建批处理作业而不是 ECS 任务,因此它需要 Batch 密钥而不是 ECS 密钥。您需要使用秘密参考的批量版本。
将代码更改为:
# Mongo DB URI
mongodb_uri = batch.Secret.from_secrets_manager(secret, "MONGODB_URI")