Skip to content

Commit

Permalink
Docs: PR 5387 redo - Warn ECS users to avoid plain text creds (#6051) (
Browse files Browse the repository at this point in the history 
…#6052)

(cherry picked from commit f031427)

Co-authored-by: Karen Miller <84039272+KMiller-Grafana@users.noreply.github.com>
  • Loading branch information
@grafanabot @KMiller-Grafana
grafanabot and KMiller-Grafana authored May 2, 2022
1 parent 86e41bd commit 73ff6a4
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions docs/sources/clients/aws/ecs/_index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,8 @@ The second container is our `sample-app`, a simple [alpine][alpine] container th

Go ahead and replace the `Url` property with your [GrafanaCloud][GrafanaCloud] credentials, you can find them in your [account][grafanacloud account] in the Loki instance page. If you're running your own Loki instance replace completely the URL (e.g `http://my-loki.com:3100/loki/api/v1/push`).

We include plain text credentials in `options` for simplicity. However, this exposes credentials in your ECS task definition and in any version-controlled configuration. Mitigate this issue by using a secret store such as [AWS Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html), combined with the `secretOptions` configuration option for [injecting sensitive data in a log configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data-secrets.html#secrets-logconfig).

All `options` of the `logConfiguration` will be automatically translated into [fluentbit ouput][fluentbit ouput]. For example, the above options will produce this fluent bit `OUTPUT` config section:

```conf
Expand Down

0 comments on commit 73ff6a4

Please sign in to comment.