[BUG] executionRoleArn not specified on EC2 hosted containers when using secrets

[roleyfoley]

Current Behaviour

When deploying a template that has links to secrets for environment variables the following error is reported

  {
    "ResourceId": "ecsTaskXappXappXwwwXwebXv1",
    "ResourceType": "AWS::ECS::TaskDefinition",
    "Status": "UPDATE_FAILED",
    "Reason": "Resource handler returned message: \"Invalid request provided: Create TaskDefinition: When you are specifying container secrets, you must also specify a value for 'executionRoleArn'. (Service: AmazonECS; Status Code: 400; Error Code: ClientException; Request ID: d980e1b0-950d-4224-a606-6d775c6c282b; Proxy: null)\" (RequestToken: bf27cf69-d65e-f506-5292-867cda56f2cc, HandlerErrorCode: InvalidRequest)"
  },
  {
    "ResourceId": "ecsTaskXappXappXwwwXtaskXv1",
    "ResourceType": "AWS::ECS::TaskDefinition",
    "Status": "UPDATE_FAILED",
    "Reason": "Resource handler returned message: \"Invalid request provided: Create TaskDefinition: When you are specifying container secrets, you must also specify a value for 'executionRoleArn'. (Service: AmazonECS; Status Code: 400; Error Code: ClientException; Request ID: 0b27885a-7fd1-45b3-8a48-69bd6bca2bdc; Proxy: null)\" (RequestToken: e7453252-2d44-860c-08e1-0f0f7526b828, HandlerErrorCode: InvalidRequest)"
  },

And the deployment fails

Expected Behaviour

Ec2 containers should be able to use the secrets configuration which requires an execution role to be assigned to the task definition

Possible Solution

There is logic in place to create the execution role for fargate containers, however it doesn't seem to be working for ec2 based containers. There is most likely a bug in this processing stopping it from being added for ec2 containers.

Your Environment

• CMDB Version used:
• Blueprint: