In this episode, we cover the following topics:
- Developing a system for automatically updating containers when secrets are updated is a two-part solution. First, we need to be notified when secrets are updated. Then, we need to trigger an action to update the ECS service.
- CloudWatch Events can be used to receive notifications when secrets are updated. We explain CloudWatch Events and its primary components: events, rules and targets.
- Event patterns are used to filter for the specific events that the rule cares about. We discuss how to write event patterns and the rules of matching events.
- The event data structure will be different for each type of emitter. We detail a handy tip for determining the event structure of an emitter.
- We discuss EventBridge and how it relates to CloudWatch Events.
- We explain how to create CloudWatch Event rules for capturing update events emitted by both Systems Manager Parameter Store and AWS Secrets Manager.
- AWS Lambda can be leveraged as a trigger of CloudWatch Events. We explain how to develop a Lambda function that invokes the ECS API to recycle all containers.
- We finish up by showing how this works for a common use case: using the automatic credential rotation feature of AWS Secrets Manager with a containerized app running on ECS that connects to a RDS database.
Detailed Show Notes
Want the complete episode outline with detailed notes? Sign up here: https://mobycast.fm/show-notes/
Support Mobycast
https://glow.fm/mobycast
End Song
Night Sea Journey by Derek Russo
More Info
For a full transcription of this episode, please visit the episode webpage.
We'd love to hear from you! You can reach us at: