diff --git a/package-lock.json b/package-lock.json index 60ab05fa..fb0baa40 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9848,7 +9848,7 @@ }, "packages/prerender-fargate": { "name": "@aligent/cdk-prerender-fargate", - "version": "2.3.5", + "version": "2.3.8", "license": "GPL-3.0-only", "dependencies": { "@aws-cdk/aws-apigatewayv2-alpha": "2.30.0-alpha.0", @@ -9864,7 +9864,7 @@ }, "packages/prerender-proxy": { "name": "@aligent/cdk-prerender-proxy", - "version": "2.0.0", + "version": "2.1.4", "license": "GPL-3.0-only", "dependencies": { "@aligent/cdk-esbuild": "^2.0", @@ -9924,7 +9924,7 @@ }, "packages/static-hosting": { "name": "@aligent/cdk-static-hosting", - "version": "2.3.1", + "version": "2.3.4", "license": "GPL-3.0-only", "dependencies": { "@aligent/cdk-esbuild": "^2.0", diff --git a/packages/graphql-mesh-server/lib/fargate.ts b/packages/graphql-mesh-server/lib/fargate.ts index d80af465..db4733d2 100644 --- a/packages/graphql-mesh-server/lib/fargate.ts +++ b/packages/graphql-mesh-server/lib/fargate.ts @@ -59,8 +59,20 @@ export interface MeshServiceProps { }; /** * SSM values to pass through to the container as secrets + * + * @deprecated - Use secrets instead */ - secrets?: { [key: string]: ssm.IStringParameter | ssm.IStringListParameter }; + ssmSecrets?: { + [key: string]: ssm.IStringParameter | ssm.IStringListParameter; + }; + + /** + * ECS Secrets to pass through to the container as secrets + * + * The key values can be referenced from either SSM or Secrets manager + */ + secrets?: { [key: string]: ecs.Secret }; + /** * Name of the WAF * Defaults to 'graphql-mesh-web-acl' @@ -268,10 +280,10 @@ export class MeshService extends Construct { } // Construct secrets from provided ssm values - const secrets: { [key: string]: ecs.Secret } = {}; - props.secrets = props.secrets || {}; - for (const [key, ssm] of Object.entries(props.secrets)) { - secrets[key] = ecs.Secret.fromSsmParameter(ssm); + const ssmSecrets: { [key: string]: ecs.Secret } = {}; + props.ssmSecrets = props.ssmSecrets || {}; + for (const [key, ssm] of Object.entries(props.ssmSecrets)) { + ssmSecrets[key] = ecs.Secret.fromSsmParameter(ssm); } // Configure a custom log driver and group @@ -295,7 +307,7 @@ export class MeshService extends Construct { image: ecs.ContainerImage.fromEcrRepository(this.repository), enableLogging: true, // default containerPort: 4000, // graphql mesh gateway port - secrets: secrets, + secrets: props.secrets ? props.secrets : ssmSecrets, // Prefer v2 secrets using secrets manager environment: environment, logDriver: logDriver, taskRole: new iam.Role(this, "MeshTaskRole", { diff --git a/packages/graphql-mesh-server/lib/graphql-mesh-server.ts b/packages/graphql-mesh-server/lib/graphql-mesh-server.ts index b73572c8..eed38c66 100644 --- a/packages/graphql-mesh-server/lib/graphql-mesh-server.ts +++ b/packages/graphql-mesh-server/lib/graphql-mesh-server.ts @@ -19,6 +19,7 @@ import { LogGroup } from "aws-cdk-lib/aws-logs"; import { Topic } from "aws-cdk-lib/aws-sns"; import { Alarm } from "aws-cdk-lib/aws-cloudwatch"; import { Maintenance } from "./maintenance"; +import { Secret } from "aws-cdk-lib/aws-ecs"; export type MeshHostingProps = { /** @@ -66,8 +67,20 @@ export type MeshHostingProps = { }; /** * SSM values to pass through to the container as secrets + * + * @deprecated - Use secrets instead */ - secrets?: { [key: string]: ssm.IStringParameter | ssm.IStringListParameter }; + ssmSecrets?: { + [key: string]: ssm.IStringParameter | ssm.IStringListParameter; + }; + + /** + * ECS Secrets to pass through to the container as secrets + * + * The key values can be referenced from either SSM or Secrets manager + */ + secrets?: { [key: string]: Secret }; + /** * Pass custom cpu scaling steps * Default value: