logo
Runops Docs

aws-secrets-manager

AWS Secrets Manager

Single-command setup:

We built a script that handles all the AWS setup for you in a single command. You can run the whole process by pasting it in your terminal. The result will be the AWS credentials you need to provite to Runops:
plain text
curl -sL https://runops.page.link/create-secret-and-user > aws-setup.sh
source aws-setup.sh runops-demo-db \
'{"MYSQL_HOST":"10.118.129.3","MYSQL_USER":"demo-user","MYSQL_PASS":"GtK23d<ejkLy0ST2","MYSQL_DB":"demo"}'

Step by step setup:

These steps reproduce what the one-line script does for you.

Use these steps as an alternative to the single-command setup.
You must run all these commands in the same terminal window as we will save values from some commands and use them in later commands.

1. First we add the credentials of our database to the Secrets Manager:

plain text
# this is a working demo database
SECRET_ARN=$(aws secretsmanager create-secret \
--name mysql-target-prod \
--description "mysql credentials for production" \
--secret-string '{"MYSQL_HOST":"10.118.129.3","MYSQL_USER":"demo-user","MYSQL_PASS":"GtK23d<ejkLy0ST2","MYSQL_DB":"demo"}' | jq -r ".ARN")

2. Then we need to provide a way for the agent to read this secret when running Tasks:

Let’s create a user in AWS for Runops:
plain text
aws iam create-user --user-name runops
read AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID < <(aws iam create-access-key --user-name runops | jq -r '.AccessKey.SecretAccessKey, .AccessKey.AccessKeyId')
Then we need a policy that enables this user to read the credentials:
plain text
RUNOPS_POLICY=$(aws iam create-policy --policy-name runops2 --policy-document '{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "GetSecret",
            "Effect": "Allow",
            "Action": [
                "secretsmanager:GetSecretValue"
            ],
            "Resource": "'"$SECRET_ARN"'"
        }
    ]
}' | jq -r ".Policy.Arn")
And lastly we attach this policy to the user through a role:
plain text
aws iam attach-user-policy --policy-arn $RUNOPS_POLICY --user-name runops

Tying it all together

The agent requires configurations from your Secrets Manager and to link it to your Runops account. After finishing the Credentials configuration of your Secrets Manager you should have all the values for this step. Let’s export the variables with the required configurations to make your deployment easier:
plain text
#Runops config
TOKEN='GET IT IN THE RUNOPS DASHBOARD'
AWS_REGION=us-east-1
s3-storage
architecture
Powered by Notaku
Share
Content
aws-secrets-manager
AWS Secrets Manager
Single-command setup:
Step by step setup:
These steps reproduce what the one-line script does for you.
1. First we add the credentials of our database to the Secrets Manager:
2. Then we need to provide a way for the agent to read this secret when running Tasks:
Tying it all together