Retrieve Secrets from Secrets Manager

You can retrieve the Sysdig Access Key from the AWS Secrets Manager when deploying the Serverless Agent.

Pull the Agent Access Key Secret from the AWS Secrets Manager

The following example shows you how to pull an agent access key secret from the AWS Secrets Manager using a reference within your workload agent task definition.

If you retrieve a secret using the following method, ensure you do not have an environment variable of the same name (for example, SYSDIG_ACCESS_KEY) set. The deployment will fail due to duplicated environment variable names.

  "containerDefinitions": [
    {
      ...
      "secrets": [
                  {
                    "name": "SYSDIG_ACCESS_KEY",
                    "valueFrom": "<my-secrets-arn>"
                  }
                ],
      ...
    }
  ]

Since your task is executed using an ECS execution role, ensure that your role has permission to pull the secret. Add a policy to your role, similar to the following policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "secretsmanager:GetSecretValue",
            "Resource": "<my-secrets-arn>"
        }
    ]
}

When your task starts, it will retrieve the necessary secret and use it in your definition as required.