Demo repository for pushing boiler-plate Flask app to AWS ECS.
docker-compose.yml
is only for testing the application on your local machine and not in used in the AWS deployment.
AWS Secrets Manager - restrict access by IAM role
{
"Version" : "2012-10-17",
"Statement" : [ {
"Effect" : "Deny",
"Principal" : {
"AWS" : "*"
},
"Action" : "secretsmanager:GetSecretValue",
"Resource" : "*",
"Condition" : {
"StringNotLike" : {
"aws:userid" : [ "AIDATC....", "AIDAT...." ]
}
}
} ]
}
Additional notes:
- Access aws:userid with
aws-cli
andaws iam get-user --user-name {aws-iam-user-name}