colincoleman
commented
3 years ago You may also want to consider adding the task execution role to the outputs so that you can use the newish valueFrom parameter to push secrets from parameter store or secrets manager into the containers https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data-parameters.html
As per the title, it would be nice to be able to set a permission boundary on the roles created within the module (for those who have not switched to SCPs) 😅 This is based on a change that @colincoleman has already added to a fork and I figured we might go in the upstream also.
This should not be a breaking change for existing deployments, so it can be a minor version (feature) bump.