Skip to content
This repository has been archived by the owner on May 6, 2024. It is now read-only.

Any plans for adding support for AWS Secrets now supported in Fargate platform version 1.3 #80

Open
jeberly opened this issue Mar 22, 2019 · 5 comments
Open

Any plans for adding support for AWS Secrets now supported in Fargate platform version 1.3 #80

jeberly opened this issue Mar 22, 2019 · 5 comments

Comments

@jeberly
Copy link

jeberly commented Mar 22, 2019

Just curious if there are any plans to support this or best approach to consume them. Eg. just edit Task Definition.

https://aws.amazon.com/about-aws/whats-new/2018/12/aws-fargate-platform-version-1-3-adds-secrets-support/

Thanks!
@holyjak holyjak mentioned this issue May 23, 2019
Open
@nodesocket
Copy link

nodesocket commented Jun 7, 2019
edited
Loading

Just created a related issue #93. Currently if you use fargate cli and issue a service deploy it deletes any secrets previous defined in a task definition. This is a blocker for us until it get resolved.

@nodesocket
Copy link

@jpignata @jeberly @holyjak @billdavidson4 I am willing to open a paid bounty for this feature as we require it. Essentially seems like existing secrets from the secrets array need to be copied from the previous task definition as well as adding the following to the requiresAttributes array in the task definition.

{
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "ecs.capability.secrets.ssm.environment-variables"
}

@jritsema
Copy link

jritsema commented Jun 10, 2019
edited
Loading

@nodesocket just fyi, that our fork has support for secrets in service deploy as well as env set.

curl -s get-fargate.turnerlabs.io | sh

@nodesocket
Copy link

@jritsema wow, how did I not come across your fork before? This looks awesome. Looks like the deploy command is slightly different.

Current:

fargate --region "$AWS_REGION" --cluster "$ECS_CLUSTER_NAME" service deploy "$ECS_SERVICE_NAME" --image "$ECR_REPO/$NAME:$GIT_HASH"

Your fork:

fargate --region "$AWS_REGION" --cluster "$ECS_CLUSTER_NAME" --service "$ECS_SERVICE_NAME" service deploy --image "$ECR_REPO/$NAME:$GIT_HASH"

I will give your fork a try today.

@jritsema
Copy link

Yes, it is slightly different. The reason we moved the service argument is so you can maintain a fargate.yml file (or $FARGATE_X envvars) and not have to specify the cluster, service, task, etc. for each command.

cluster: my-cluster
service: my-service
task: my-task-family
rule: my-cloudwatch-event-rule
export AWS_DEFAULT_REGION=us-east-1
fargate service deploy --image "$ECR_REPO/$NAME:$GIT_HASH"
fargate service env set --secret PASSWORD=xyz
fargate service info
fargate service logs

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jeberly @nodesocket @jritsema