Open henrymazza opened 3 years ago
Hello @henrymazza I think in order to inject SSM secrets to task run
like what we have for the manifest (see here), we need a --secrets
flag so that you could inject them by doing -- secrets GITHUB_WEBHOOK_SECRET=GH_WEBHOOK_SECRET --secrets FOO=BAR
. Would this flag address your use case?
Related to https://github.com/aws/copilot-cli/issues/1432#issuecomment-699147840
Another way would be to connect via SSH to the ECS container, but it looks like a pain.
The ECS team is working on https://github.com/aws/containers-roadmap/issues/187, whenever that gets released you should expect also an integration with Copilot :)
Yeah! @iamhopaul123 ! That'd be great! Even better if I could use the =manifest.yml= of a service to do that. My intent here is to debug my container environment, or use the same environment to run thing like migrations (share database password). So anything that could share my task's environment with my service. SSH into the living container would be even better for debug purposes, so it worth the wait like @efekarakus pointed.
But perhaps i'm misunderstanding the purpose of these tools. Let me know if that's the case!
Hi @henrymazza, if the intent is to debug the container environment then it would be better to use this feature that is pointed by @efekarakus, and Copilot will be one of the first tools to support the feature. Please stay tuned for it!
Specifying a --service
and getting it's injected env vars and secrets would be 👍
Use case for me would be getting access to outputs from an addon defined within the service
@adaddeo You can do this currently by running [copilot svc show](https://aws.github.io/copilot-cli/docs/commands/svc-show/)
. show
prints off a lot of metadata about the given service, including its injected environment variables and secrets for all environments the service is deployed to. If you've defined outputs in any addons stack, they will show up in the Variables
section. There's also a Secrets
section for Secrets Manager values, and a list of any routes at which the service is accessible.
Thanks @bvtujo. To clarify I was suggest env vars and secrets would be injected into the task in the same way it's done for the service, (I later found this proposed here https://github.com/aws/copilot-cli/issues/1432). For now I'll use copilot svc show
to manually grab them.
Also, not seeing secrets in the show
yet. Is that in the 1.0 release?
Hi @henrymazza @adaddeo, we have a proposal to support this feature in #2159 we would love to hear your feedback!
Even better, how to inject som SSM secrets on my
task run
?I was under the assumption
task run
would be under the same environment (OS environment, for that matter) as my service, but it's not the case. env vars configured in my manifest.yml isn't showing up in mytask run
. So, where is the environment definition to it? I'm trying to validate my Service env using this method, so I may be wrong here.Like, to
copilot task run --follow --command printenv
I get:I can pass an ENV VAR with
--env-vars
and it works, but nothing from my SSM or manifest.yml.Another way would be to connect via SSH to the ECS container, but it looks like a pain. Or print my ENV to my Service's log... well. There are other ways, anyways.