Open henrymazza opened 3 years ago
iamhopaul123
commented
3 years ago Hello @henrymazza I think in order to inject SSM secrets to task run like what we have for the manifest (see here), we need a --secrets flag so that you could inject them by doing -- secrets GITHUB_WEBHOOK_SECRET=GH_WEBHOOK_SECRET --secrets FOO=BAR. Would this flag address your use case?
efekarakus
commented
3 years ago Related to https://github.com/aws/copilot-cli/issues/1432#issuecomment-699147840
Another way would be to connect via SSH to the ECS container, but it looks like a pain.
The ECS team is working on https://github.com/aws/containers-roadmap/issues/187, whenever that gets released you should expect also an integration with Copilot :)
henrymazza
commented
3 years ago Yeah! @iamhopaul123 ! That'd be great! Even better if I could use the =manifest.yml= of a service to do that. My intent here is to debug my container environment, or use the same environment to run thing like migrations (share database password). So anything that could share my task's environment with my service. SSH into the living container would be even better for debug purposes, so it worth the wait like @efekarakus pointed.
But perhaps i'm misunderstanding the purpose of these tools. Let me know if that's the case!
iamhopaul123
commented
3 years ago Hi @henrymazza, if the intent is to debug the container environment then it would be better to use this feature that is pointed by @efekarakus, and Copilot will be one of the first tools to support the feature. Please stay tuned for it!
deodad
commented
3 years ago Specifying a --service and getting it's injected env vars and secrets would be 👍
Use case for me would be getting access to outputs from an addon defined within the service
bvtujo
commented
3 years ago @adaddeo You can do this currently by running [copilot svc show](https://aws.github.io/copilot-cli/docs/commands/svc-show/). show prints off a lot of metadata about the given service, including its injected environment variables and secrets for all environments the service is deployed to. If you've defined outputs in any addons stack, they will show up in the Variables section. There's also a Secrets section for Secrets Manager values, and a list of any routes at which the service is accessible.
deodad
commented
3 years ago Thanks @bvtujo. To clarify I was suggest env vars and secrets would be injected into the task in the same way it's done for the service, (I later found this proposed here https://github.com/aws/copilot-cli/issues/1432). For now I'll use copilot svc show to manually grab them.
Also, not seeing secrets in the show yet. Is that in the 1.0 release?
efekarakus
commented
3 years ago Hi @henrymazza @adaddeo, we have a proposal to support this feature in #2159 we would love to hear your feedback!
Even better, how to inject som SSM secrets on my
task run?I was under the assumption
task runwould be under the same environment (OS environment, for that matter) as my service, but it's not the case. env vars configured in my manifest.yml isn't showing up in mytask run. So, where is the environment definition to it? I'm trying to validate my Service env using this method, so I may be wrong here.Like, to
copilot task run --follow --command printenvI get:I can pass an ENV VAR with
--env-varsand it works, but nothing from my SSM or manifest.yml.Another way would be to connect via SSH to the ECS container, but it looks like a pain. Or print my ENV to my Service's log... well. There are other ways, anyways.