[ECS] [Fargate]: Allow the use a Private CA without AWS Private CA in Service Connect

[aburgett87]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Tell us about your request Enhance the TLS support of service connect to use private certificates from an EFS volume.

Which service(s) is this request for? ECS Service Connect

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard? Server load balancing and encrypting inter-service traffic with service connect. We currently encrypt inter-service traffic without load balancing using private certificates from an ECS Fargate task. Service connect ticks all of the boxes except using a CA besides AWS private CA.

Are you currently working around this issue? Yes, by allowing unencrypted traffic

[dgalichet]

With the end of support for AWS App mesh, we will have to migrate to Service Connect, we definitely would like to be able to use our own CA as it was supported by AWS APP Mesh.