[aws-ecs] Allow for field prop in ecs.Secret.fromSecretsManager for Fargate launch type #10733
Comments
jpSimkins
added
feature-request
|
Unfortunately this is currently not supported by ECS for tasks that use the Fargate launch type: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data-secrets.html
|
|
This is why this ticket is a feature request ;) Ideally, if there are enough up votes then this may possible. I get that this is a limitation with ECS currently but that doesn't mean that this feature request is not warranted. I have numerous projects that will have to be refactored a bit to get this to work and I think that this limitation should be considered for review. Either way, I am going to have to refactor but this is not ideal for the long haul. |
|
FYI this is currently tracked here aws/containers-roadmap#385 |
|
@jogold Thank you! |
|
|
This is now Possible can we make that feature available? https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data-secrets.html
|
|
See #11348 + workaround here #11341 (comment) |
Allow for using
fieldvalues forecs.Secret.fromSecretsManager(cdkTestSecret),for the Fargate launch type.Currently, if you try to use the
fieldprop, you will see this message:Use Case
Our systems are already designed to use ENV Vars, this limitation means we need to modify the systems now to parse the json and build a way to add this into the ENV vars. Although, once inside the app, this is not as secure.
e.g. in PHP you can disable the
$_ENVsuper global and force the usage ofgetenv. I cannot do this with the current limitation and this would expose the secrets to the$_ENVsuper global. This is not ideal but it's the fastest solution I can do to not break existing system.Proposed Solution
Please allow the use of
fieldfrom the secrets manager for Fargate launch typesThis is a 🚀 Feature Request
The text was updated successfully, but these errors were encountered: