bilbof
commented
3 years ago We would also appreciate this. At the moment we need to periodically check the App Mesh docs, but it would be nice to be able to do something like this:
TOKEN=$(aws ecr get-authorization-token --output text --query 'authorizationData[].authorizationToken')
curl -i -H "Authorization: Basic $TOKEN" https://840364872350.dkr.ecr.eu-west-1.amazonaws.com/v2/aws-appmesh-envoy/tags/list Unfortunately at the moment that returns 403 Forbidden.
It might be nice for App Mesh to use a public ECR registry for the Envoy image, so we wouldn't need to authenticate (given it's an open source image).
shsahu
If you want to see App Mesh implement this idea, please upvote with a :+1:.
Tell us about your request AppMesh doesn't offer SSM parameter for public use as is offered by AWS EKS. Having a separate SSM parameter for each minor version of an Envoy would allow the customers to fetch the latest security patches and bug fixes automatically for the corresponding minor version of the Envoy.
For example,
for the minor envoy version
v1.14AppMesh team could publish an SSM parameter:aws ssm get-parameter --name /aws/service/appmesh/envoy/1.14 --region region-code --output jsonfor the minor envoy version
v1.15AppMesh team could publish an SSM parameter:aws ssm get-parameter --name /aws/service/appmesh/envoy/1.15 --region region-code --output jsonCustomers can just encode the SSM parameter into their codebases and whenever there is a bug-fix it will be pulled automatically by their application code.
Which integration(s) is this request for? All
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard? We want to automate the process of fetching the latest URL for the Minor versions & their bug-fixes of an Envoy thus allowing customers to not miss any latest security patches and bug fixes.
Are you currently working around this issue? Right now, customers have to hard-code the Envoy image value by copying and pasting from the official AWS AppMesh doc.