Note: Secret environment variables are shown separately below and are not included in this table.
| Variable | Value |
|---|---|
| AWS_CONTAINER_CREDENTIALS_RELATIVE_URI | /v2/credentials/a4d5fc0f-20bb-4ede-9a70-4698225cd519 |
| AWS_DEFAULT_REGION | us-east-1 |
| AWS_EXECUTION_ENV | AWS_ECS_FARGATE |
| AWS_REGION | us-east-1 |
| ECS_AGENT_URI | http://169.254.170.2/api/7c01c4514bd340f5aefb471efd9a7958-2935829814 |
| ECS_CONTAINER_METADATA_URI | http://169.254.170.2/v3/7c01c4514bd340f5aefb471efd9a7958-2935829814 |
| ECS_CONTAINER_METADATA_URI_V4 | http://169.254.170.2/v4/7c01c4514bd340f5aefb471efd9a7958-2935829814 |
| GPG_KEY | A035C8C19219BA821ECEA86B64E628F8D684696D |
| HOME | /root |
| HOSTNAME | ip-10-0-3-75.ec2.internal |
| LANG | C.UTF-8 |
| PATH | /usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin |
| PYTHON_SHA256 | 8d3ed8ec5c88c1c95f5e558612a725450d2452813ddad5e58fdb1a53b1209b78 |
| PYTHON_VERSION | 3.11.14 |
| WERKZEUG_SERVER_FD | 3 |
| Secret Name | Value (First 5 chars + masked) |
|---|---|
| SOME_SECRET | This ********************** |
| ANOTHER_SECRET | the v************************ |
| DEV_AWS_ACCESS_KEY_ID | AKIAT*************** |
| DEV_AWS_SECRET_ACCESS_KEY | NBJvA*********************************** |
Secrets are now injected directly into the container as environment variables!
The ECS task definition includes a secrets section that pulls values from AWS Secrets Manager
and makes them available as environment variables in the container. No AWS SDK required!
Environment Variables vs Secrets:
• Regular environment variables are shown in the first table
• Secret environment variables (from AWS Secrets Manager) are shown separately in the secrets table
• Both are accessible via os.environ in the application code
Note: The secrets table shows the first 5 characters of each secret value to demonstrate that the application can successfully read the secrets from environment variables. The remaining characters are masked with asterisks for security.
Secret path pattern: incode-labs/{app-name}/{secret-name}
For this demo app: incode-labs/demo/SOME_SECRET and incode-labs/demo/ANOTHER_SECRET