Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(ECS): Missing support for environment files for Fargate deployments #18226

Closed
2 tasks
sergekukharev opened this issue Dec 30, 2021 · 5 comments · Fixed by #27081
Closed
2 tasks

(ECS): Missing support for environment files for Fargate deployments #18226

sergekukharev opened this issue Dec 30, 2021 · 5 comments · Fixed by #27081
Labels
@aws-cdk/aws-ecs Related to Amazon Elastic Container effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2

Comments

@sergekukharev
Copy link

Description

I'm trying to configure my Fargate service to use Environment Files. The official documentation says 1:

Support for environment files is restricted to the EC2 launch type for files hosted on S3.

At the same time, Fargate supports Environment Files for a long time 23.

Is there any chance this feature will be added soon? Since it's supported by EC2 already, should be an easy win.

Use Case

I need this to manage my secrets and env variables in a more secure way. Any workaround ideas are appreciated.

Proposed Solution

Environment files are supported fully for Fargate deployments. Bonus points - it's possible to provide env files configuration in ApplicationLoadBalancedTaskImageOptions

Other information

Unit tests are misleading for this configuration. The following test will pass, while cdk synth won't add the environment file to the template:

// Code
// ...
taskDefinition.addContainer("StaticoonBotContainerWeb", ContainerDefinitionOptions.builder()
                        .containerName("web")
                        .portMappings(List.of(PortMapping.builder().hostPort(1234).containerPort(1234).build()))
                        .image(image)
                        .environmentFiles(List.of(new S3EnvironmentFile(bucket, "<key>")))
                        .build());
// ...

// Test
@Test
void usesS3EnvironmentFile() {
    template.hasResourceProperties("AWS::ECS::TaskDefinition", Map.of(
            "ContainerDefinitions", Match.arrayWith(List.of(Match.objectLike(Map.of(
                    "EnvironmentFiles", List.of(Map.of(
                            "Type", "s3",
                            "Value", "arn:aws:s3:::<bucket>/<key>"
                    ))
            ))))
    ));
}

Acknowledge

  • I may be able to implement this feature request
  • This feature might incur a breaking change

Footnotes

  1. https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs-readme.html#environment-variables

  2. https://aws.amazon.com/blogs/containers/latest-updates-to-aws-fargate-for-amazon-ecs/

  3. https://github.com/aws/containers-roadmap/issues/371

@sergekukharev sergekukharev added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Dec 30, 2021
@sergekukharev sergekukharev changed the title ECS: Missing support for environment files for Fargate deployments (ECS): Missing support for environment files for Fargate deployments Dec 30, 2021
@github-actions github-actions bot added the @aws-cdk/aws-ecs Related to Amazon Elastic Container label Dec 30, 2021
@madeline-k madeline-k added effort/medium Medium work item – several days of effort p2 and removed needs-triage This issue or PR still needs to be triaged. labels Jan 25, 2022
@madeline-k madeline-k removed their assignment Jan 25, 2022
@madeline-k
Copy link
Contributor

Thanks for opening this feature request, @sergekukharev. This would be a great feature to have. I am labelling this as p2 for now, which means that the CDK team will not be able to work on it right now. But, we always welcome contributions! Take a look at the contributing guide to get started.

@github-actions
Copy link

This issue has not received any attention in 1 year. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

@github-actions github-actions bot added the closing-soon This issue will automatically close in 4 days unless further comments are made. label Jan 25, 2023
@MrArnoldPalmer
Copy link
Contributor

keep

@MrArnoldPalmer MrArnoldPalmer removed the closing-soon This issue will automatically close in 4 days unless further comments are made. label Jan 27, 2023
@tam0ri
Copy link
Contributor

tam0ri commented Sep 9, 2023

I confirmed that currently we can add environmentFiles for FargateTaskDefinition. I verified with the following code. (CDK version 2.94.0)

    const bucket = s3.Bucket.fromBucketName(this, 'Bucket', myBucketName);
    const taskDefinition = new ecs.FargateTaskDefinition(this, 'TaskDef');
    taskDefinition.addContainer('amazonlinux', {
      image: ecs.ContainerImage.fromRegistry('public.ecr.aws/amazonlinux/amazonlinux:latest'),
      environmentFiles: [
        ecs.EnvironmentFile.fromBucket(bucket, 'assets/demo-env-file.env')
      ],
    });

cdk synth generated the following template.

  TaskDef54694570:
    Type: AWS::ECS::TaskDefinition
    Properties:
      ContainerDefinitions:
        - EnvironmentFiles:
            - Type: s3
              Value:
                Fn::Join:
                  - ""
                  - - "arn:"
                    - Ref: AWS::Partition
                    - :s3:::<My Bucket Name>/assets/demo-env-file.env
          Essential: true
          Image: public.ecr.aws/amazonlinux/amazonlinux:latest
          Name: amazonlinux
      Cpu: "256"
      Family: Issue18226StackTaskDef8EAEF185
      Memory: "512"
      NetworkMode: awsvpc
      RequiresCompatibilities:
        - FARGATE
      TaskRoleArn:
        Fn::GetAtt:
          - TaskDefTaskRole1EDB4A67
          - Arn
    Metadata:
      aws:cdk:path: Issue18226Stack/TaskDef/Resource

It seems that this restriction has been removed by #11820. So we just only need to remove the description Support for environment files is restricted to the EC2 launch type for files hosted on S3. from the document. I'll submit PR to solve this.

@tam0ri tam0ri mentioned this issue Sep 9, 2023
Merged
@mergify mergify bot closed this as completed in #27081 Sep 9, 2023
mergify bot pushed a commit that referenced this issue Sep 9, 2023
@tam0ri
docs(ecs): remove restriction regarding environment files against Far…
f27f456 
…gate (#27081)

Currently, CDK document includes the following description.
https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs-readme.html#environment-variables
> Support for environment files is restricted to the EC2 launch type for files hosted on S3. 

However, this is out of date. Fargate has been [supported environment files](https://aws.amazon.com/jp/blogs/containers/latest-updates-to-aws-fargate-for-amazon-ecs/), and this restriction on CDK had been already removed by #11820. 

This PR removes the out of date description from document.

Closes #18226

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions
Copy link

github-actions bot commented Sep 9, 2023

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

mikewrighton pushed a commit that referenced this issue Sep 14, 2023
@tam0ri
docs(ecs): remove restriction regarding environment files against Far…
24424b3 
…gate (#27081)

Currently, CDK document includes the following description.
https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs-readme.html#environment-variables
> Support for environment files is restricted to the EC2 launch type for files hosted on S3. 

However, this is out of date. Fargate has been [supported environment files](https://aws.amazon.com/jp/blogs/containers/latest-updates-to-aws-fargate-for-amazon-ecs/), and this restriction on CDK had been already removed by #11820. 

This PR removes the out of date description from document.

Closes #18226

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-ecs Related to Amazon Elastic Container effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

docs(ecs): remove restriction regarding environment files against Fargate tam0ri/aws-cdk
4 participants
@sergekukharev @tam0ri @MrArnoldPalmer @madeline-k