Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.2k views
in Technique[技术] by (71.8m points)

terraform - Fargate container_definition field "secretOptions" not passsing datadog API_KEY to logConfiguration

I'm trying to send my ECS Fargate logs to Datadog. To do this I need to pass my Datadog API_KEY as a field in the logConfiguration object. I need to secure my API_KEY so I am using AWS Secrets Manager via the secretOptions key of the logConfiguration object.

I'm following the steps from AWS laid out here. The full steps from the Datadog site can be found here

For some reason I dont see the logs show up in datadog. Here is the log config section of my Terraform code under the container_definitions object of the aws_ecs_task_definition resource:

"logConfiguration": {
    "logDriver": "awsfirelens",
    "options": {
        "Name": "datadog",
        "Host": "http-intake.logs.datadoghq.com",
        "dd_service": "myservice",
        "dd_source": "mysource",
        "dd_message_key": "log",
        "dd_tags": "env:dev",
        "TLS": "on",
        "provider": "ecs"
    },
    "secretOptions": [{
        "name": "apikey",
        "valueFrom": "arn:aws:secretsmanager:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:secret:mysecret"
                }]
}

If I take out the secretOptions and add the apikey in plaintext, the logs show up on the datadog console:

"logConfiguration": {
   "logDriver": "awsfirelens",
   "options": {
       "Name": "datadog",
       "Host": "http-intake.logs.datadoghq.com",
       "dd_service": "myservice",
       "dd_source": "mysource",
       "dd_message_key": "log",
       "dd_tags": "env:dev",
       "TLS": "on",
       "provider": "ecs",
       "apikey": "myapikey"
   }
}

I of course cant just send my API_KEY in plaintext. Does the secretOptions just not work for Datadog? Any help is appreciated.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)
等待大神答复

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...