From b53cb9813a6ddecb63a09fde173f85e161da24f2 Mon Sep 17 00:00:00 2001 From: Andrew Plummer Date: Thu, 21 Dec 2023 14:41:51 +0000 Subject: [PATCH] Allow ECS secret for EC2 construct (#9) --- README.md | 2 +- ec2.ts | 17 ++++++++++++++--- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 1fa8729..0ad1d12 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ import { EcsDatadogDaemonService } from 'datadog-ecs-cdk'; new EcsDatadogDaemonService(this, 'EcsDatadog', { ecsCluster: myCluster, - datadogApiKeySecret: mySecret, + datadogApiKeySecret: ecs.Secret.fromSecretsManager(mySecret), }); ``` diff --git a/ec2.ts b/ec2.ts index a25712f..c0cfd0c 100644 --- a/ec2.ts +++ b/ec2.ts @@ -14,9 +14,12 @@ export interface EcsDatadogDaemonServiceProps { * The secret containing the Datadog API key * * @remarks - * The secret must be a single value, not key-value pairs. + * Pass an ecs.Secret for full control over the source of + * this. Can pass an ISecret for backwards compatibility, though + * this must be a secret storing a single value, not key-value + * pairs. */ - readonly datadogApiKeySecret: secretsmanager.ISecret; + readonly datadogApiKeySecret: ecs.Secret | secretsmanager.ISecret; /** * The Datadog site to send data to * @@ -32,6 +35,14 @@ export interface EcsDatadogDaemonServiceProps { readonly logsDisabled?: boolean; } +// Type-guard for ecs.Secret +const isEcsSecret = (secret: secretsmanager.ISecret | ecs.Secret): secret is ecs.Secret => { + if (secret.hasOwnProperty('secretArn')) { + return false; + } + return true; +}; + /** * Deploys the Datadog agent as a daemon service to an ECS cluster. * @@ -69,7 +80,7 @@ export class EcsDatadogDaemonService extends Construct { }), }, secrets: { - DD_API_KEY: ecs.Secret.fromSecretsManager(props.datadogApiKeySecret), + DD_API_KEY: isEcsSecret(props.datadogApiKeySecret) ? props.datadogApiKeySecret : ecs.Secret.fromSecretsManager(props.datadogApiKeySecret), }, healthCheck: { command: ['CMD-SHELL', 'agent health'],