[ECS] [Task Definition Secrets File]: S3 File with Secrets defined with valueFrom

[d10zero]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Tell us about your request
ECS task definitions container definitions currently support an environmentFile to define environment variables. I am requesting a similar parameter secretsFile that allows the user to define secrets within a file. i.e. instead of the format in the file to be KEY=VALUE, the format can be KEY=SECRETS_ARN i.e. KEY=arn::aws::secretsmanager:..., the same way the current key/valueFrom works directly in the secrets parameter.

Another possible solution would be to add the ability to specify an entire secret manager to include, instead of each individual secret.

Which service(s) is this request for?
ECS, Fargate

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
We reached the 64 KB task definition size limit because too many secrets were defined. This was only an issue because the valueFrom must be the entire ARN, which is very long. The secretFile will solve the issue of too many secrets, while keeping the key/values managed through secrets manager.

Are you currently working around this issue?
No

Additional context
Anything else we should know?

Attachments
If you think you might have additional information that you'd like to include via an attachment, please do - we'll take a look. (Remember to remove any personally-identifiable information.)