Allow ECS secret for EC2 construct

README.md

@@ -15,7 +15,7 @@ import { EcsDatadogDaemonService } from 'datadog-ecs-cdk';
 
 new EcsDatadogDaemonService(this, 'EcsDatadog', {
     ecsCluster: myCluster,
-    datadogApiKeySecret: mySecret,
+    datadogApiKeySecret: ecs.Secret.fromSecretsManager(mySecret),
 });
 ```
 

ec2.ts

@@ -14,9 +14,12 @@ export interface EcsDatadogDaemonServiceProps {
      * The secret containing the Datadog API key
      *
      * @remarks
-     * The secret must be a single value, not key-value pairs.
+     * Pass an ecs.Secret for full control over the source of
+     * this. Can pass an ISecret for backwards compatibility, though
+     * this must be a secret storing a single value, not key-value
+     * pairs.
      */
-    readonly datadogApiKeySecret: secretsmanager.ISecret;
+    readonly datadogApiKeySecret: ecs.Secret | secretsmanager.ISecret;
     /**
      * The Datadog site to send data to
      *
@@ -32,6 +35,14 @@ export interface EcsDatadogDaemonServiceProps {
     readonly logsDisabled?: boolean;
 }
 
+// Type-guard for ecs.Secret
+const isEcsSecret = (secret: secretsmanager.ISecret | ecs.Secret): secret is ecs.Secret => {
+    if (secret.hasOwnProperty('secretArn')) {
+        return false;
+    }
+    return true;
+};
+
 /**
  * Deploys the Datadog agent as a daemon service to an ECS cluster.
  *
@@ -69,7 +80,7 @@ export class EcsDatadogDaemonService extends Construct {
                       }),
             },
             secrets: {
-                DD_API_KEY: ecs.Secret.fromSecretsManager(props.datadogApiKeySecret),
+                DD_API_KEY: isEcsSecret(props.datadogApiKeySecret) ? props.datadogApiKeySecret : ecs.Secret.fromSecretsManager(props.datadogApiKeySecret),
             },
             healthCheck: {
                 command: ['CMD-SHELL', 'agent health'],