https://prefect.io logo
Join Slack
Powered by
is there any reference guide on how to grab values...
# prefect-aws
t
is there any reference guide on how to grab values from aws credentials blocks? I'm trying to get region/access key/secret key from a credentials block in my prefect.yaml and I can't quite figure it out
Copy code
AWS_DEFAULT_REGION: "{{ prefect_aws.awscredentials.my-aws-credentials.REGION_NAME }}"
          AWS_ACCESS_KEY_ID: "{{ prefect_aws.awscredentials.my-aws-credentials.AWS_ACCESS_KEY_ID }}"
          AWS_SECRET_ACCESS_KEY: "{{ prefect_aws.awscredentials.my-aws-credentials.AWS_SECRET_ACCESS_KEY }}"
tried a few different variations of the above without much luck.
k
"{{ prefect.blocks.aws-credentials.your-block-name.field-name-on-block }}"
t
k
all the examples have hyphenated block type names
which is a slight standardization of the block type name property on the class
t
sorry for dropping off on this but I was able to get this working yesterday with what you sent! I kept trying to reference it from prefect_aws, should have just followed the examples 😅
thank you kevin!
a
Hi @Kevin Grismore! I’m Tomas’ teammate working on a similar issue and I’m trying to use the 
aws-secret
block. I’ve been calling it following the syntax you shared of 
"{{ prefect.blocks.aws-credentials.your-block-name }}"
but I’m hitting this error:
Copy code
prefect.utilities.dockerutils.BuildError: error reading build args: json: cannot unmarshal object into Go value of type string
I’m trying to pass the value of the block into the 
buildargs
param of a 
build_docker_image
step, which is expecting a string. My understanding is that the block value is returning a json. do you know of a way to get around this?
k
hmmm
can you share what your build_docker_image step looks like?
a
Sure
Copy code
- prefect_docker.deployments.steps.build_docker_image:
      id: build-image
      requires: prefect-docker
      image_name: ABC
      tag: '{{ get-commit-hash.stdout }}'
      platform: linux/amd64
      buildargs:
        GITHUB_USER: 'XYZ'
        GITHUB_TOKEN: "{{ prefect.blocks.aws-secret.alex-ilyin-github-token }}"
I got it running by hardcoding values into the GITHUB_USER and GITHUB_TOKEN args
k
so what exactly is the thing you're trying to pass in? what you have is going to load the entire block, which is comprised of a nested AwsCredentials block and 
secret_name
which would be the name of your secret in aws
a
I’m trying to pass in the value of that block
k
as in, the name of the AWS secret? not the actual token, right? I assume that is stored in AWS
a
yep, we have the actual token stored in AWS, I want to access the value of it
not just the name
k
yeah, there's no straightforward way to do that since the other example in this thread is about accessing values that are stored directly in the block. the 
AwsSecret
block just stores the secret's name and some credentials. the block class in python provides methods you can call that use the block's contents to go and grab the secret from AWS
a
so adding something like
Copy code
GITHUB_TOKEN: "{{ prefect.blocks.aws-secret.alex-ilyin-github-token.read_secret() }}"
could work?
k
I don't think it works that way, since we're not exactly calling block methods when we resolve the template references. the blocks themselves are data models that can be transmitted as json
a
ohhh right I see that now
k
there are a couple of other ways you could do this though
one might be to pass the individual credentials values alongside the name of the secret in AWS, then run a step in your dockerfile that goes and grabs the secret from AWS using that info
another could be a run_shell_script build step that does the same, then you can grab stdout from that step and pass it into your docker build step
if all that raises alarms that this seems harder than it should be, maybe it's worth asking why a dockerfile needs a github user and token passed into it and see if there's a different way to solve the problem
a
the reason we’re doing this in the first place is to install a python package from a git directory passing in the github_user and github_token values. I got it to work by just using the prefect.secrets block so I have that to fall back on. I was just hoping to find a simple work around to use an aws secret
I’ll give one or both of the solutions you mentioned a try though
k
we also have a github credentials block that might serve that purpose that comes with a little more inherent meaning if you were to read your prefect.yaml
a
ah ok I didn’t notice that one
that may be the best solution in this case, without creating extra build steps
thanks @Kevin Grismore!
🙌 1
3 Views
Open in Slack
PreviousNext
Powered by