Another question on ECS deployment.. what’s the be...
# ask-communityj
Jonathan Mathews
04/27/2022, 3:43 PMAnother question on ECS deployment.. what’s the best way to get environment variables set from my task definition? Can I use
os.environ.getEnvVarSecretk
Kevin Kho
04/27/2022, 3:49 PM
I think it would be
os.environj
Jonathan Mathews
04/27/2022, 3:51 PMDo you mean you want to perform this inside a task but EnvVarSecret is already a task so it can only be used in the Flow block?Yes, that’s right.
k
Kevin Kho
04/27/2022, 3:52 PM
Yeah everything sounds right to me unless you pull it in the flow then pass it to the task. Just note you can also use
Secret.get()EnvVarSecret().run()os.environj
Jonathan Mathews
04/27/2022, 3:52 PMWhat I’m trying to do is populate the below dynamically:
ECSRun(
labels=[“prod”],
image=f”{AWS_ACCOUNT_ID}.dkr.ecr.{AWS_REGION}.amazonaws.com/prefect-dbt-snowflake:latest”,
execution_role_arn=f”arnawsiam:{AWS ACCOUNT ID}role/prefectECSAgentTaskExecutionRole”,
task_role_arn=f”arnawsiam:{AWS ACCOUNT ID}role/prefectTaskRole”,
run_task_kwargs=dict(cluster=“prefectECSCluster”, launchType=“FARGATE”,),
Copy code
)Jonathan Mathews
04/27/2022, 3:53 PMbecause is called within
set_run_configk
Kevin Kho
04/27/2022, 3:53 PM
This can’t be populated dynamically during runtime because this is all metadata that’s registered during flow build time. These won’t be filled when the Flow starts, it’s filled even before the flow is retrieved
Kevin Kho
04/27/2022, 3:53 PM
What is the goal here? Are you trying to register across environments or something like that?
j
Jonathan Mathews
04/27/2022, 3:54 PMAh ok, thanks. I’ll go back to hard coding it then
Jonathan Mathews
04/27/2022, 3:54 PMYes, I’m just writing some code that I can give to a client and it will work for them with minimal changes, but I can get them to hard code it, no problem
k
Kevin Kho
04/27/2022, 3:55 PM
Ah ok was gonna say a pattern some people use is just having the flow definition as a function like you mentioned and then passing those in to fill
j
Jonathan Mathews
04/27/2022, 3:56 PMAh I see, thanks for clarifying that
Jonathan Mathews
04/27/2022, 8:28 PMI seem to be able to access secrets - SSM parameters - (as environment vars) in the agent task, but not in the runtask. I’ve been trying to figure out how to pass them down in the ECSRun method, following various approaches from the docs, but not having much luck. What might be the best way to do this? Any suggestions appreciated, as always!
k
Kevin Kho
04/27/2022, 8:33 PM
What do you mean by agent task?
j
Jonathan Mathews
04/27/2022, 8:36 PMThe task that is always running and that runs the Prefect agent
Jonathan Mathews
04/27/2022, 8:36 PM(In ECS)
Jonathan Mathews
04/27/2022, 8:37 PMI’ve been looking at this and wondering if I should either save another task definition in YAML in S3 and reference in ECSRun using
task_definition_pathtask_definition_arnk
Kevin Kho
04/27/2022, 8:42 PM
Oh ECS Task lol. Just to be super clear, you have SSM parameters you want to pass as environment variables to ECSRun?
Kevin Kho
04/27/2022, 8:46 PM
Or are you trying to edit the ECSRun stuff like
imagej
Jonathan Mathews
04/27/2022, 8:48 PM😄 Yes, that’s right, I’ve done it successfully using
env Copy code
ECSRun(
labels=["prod"],
image=f"{AWS_ACCOUNT_ID}.dkr.ecr.{AWS_REGION}.<http://amazonaws.com/prefect-dbt-snowflake:latest|amazonaws.com/prefect-dbt-snowflake:latest>",
env=dict(SNOWFLAKE_PASSWORD=SNOWFLAKE_PASSWORD,GIT_DEPLOY_TOKEN_PREFECT=GIT_DEPLOY_TOKEN_PREFECT),
execution_role_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:role/prefectECSAgentTaskExecutionRole",
task_role_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:role/prefectTaskRole",k
Kevin Kho
04/27/2022, 8:50 PM
I think it’s not as simple as agent changing the run_config. You need a “parent” flow that calls
create_flow_runrun_configKevin Kho
04/27/2022, 8:51 PM
So I think the parent flow needs access to pull the secrets down and pass them on.
j
Jonathan Mathews
04/27/2022, 9:02 PMok thanks, I’ll give that a try
5 Views