docker
[Enhancement] [ECS] Environment variables "valueFrom" AWS Parameter Store and Secret Manager
Description
Thanks for providing a great tool! I have a small proposal. AWS ECS allows environment variables to be set from AWS Systems Manager Parameter Store or AWS Secrets Manager with "valueFrom". This ECS support for compose does not seem to have a setting for this feature. It would be nice to be able to configure like following in the same way as x-aws-role.
services:
foo:
x-aws-secrets:
- name: ENV_VAR_NAME
value_from: parameter-name or ARN
I found in the documentation here that we can use AWS Secret Manager to set a secret on a file. However, it would be more convenient if we could easily set values for environment variables as described above.
Additional information you deem important (e.g. issue happens only occasionally):
I also considered a workaround to override the task definition using x-aws-cloudformation, but it was not practical. I tried to write the following configuration and convert it.
services:
web:
image: nginx:alpine
ports:
- '80:80'
x-aws-cloudformation:
Resources:
WebTaskDefinition:
Properties:
ContainerDefinitions:
- Name: web
Secrets:
- Name: ENV_VAR_NAME
ValueFrom: my-parameter
Then I got the following output, and the original ContainerDefinitions disappeared.
WebTaskDefinition:
Properties:
ContainerDefinitions:
- Name: web
Secrets:
- Name: ENV_VAR_NAME
ValueFrom: my-parameter
It may be sufficient if Secrets can be set using x-aws-cloudformation without adding a configuration like x-aws-secrets. This could be solved with an implementation for https://github.com/docker/compose-cli/issues/2160 .
Additional environment details (AWS ECS, Azure ACI, local, etc.):
AWS ECS
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}