support private registry in the ecs task definition

[edwardsb]

I still need to run through testing this but its essentially ready for review.

[rfairburn]

Do you prefer this method over creating the secretsmanager secret as a terraform resource and then recommending either a secretsmanager secret version or setting the version on the created secret via the AWS CLI?

[edwardsb]

I suppose I was conflicted about how to go about this. Since its not like a database secret that can be generated randomly, this needs to be supplied and I didn't want to have a strong opinion on how the user creates the secret (thus supplying the secret material).

[rfairburn]

We can go forward with this as-is. This way the secret can be created either via terraform or via the CLI. The only complication would be if a custom KMS key were used on the user-created resource. This is at least covers probably 95% of the use-case.

[rfairburn]

Assuming this is fully tested, we should get this in place. We have examples that use a "fleetdm/fleet:" image, and we should never recommend that without authentication for pull-rate reasons.

[valentinpezon-primo]

Hi everyone,

Can we have any update on this issue ? Is this going to be include in the next major release (4.49) ?

Thank you 🙏

[edwardsb]

I'll fix the conflicts and try to get it tested today. Sorry it fell off my radar a bit. Thanks for your patience.

[valentinpezon-primo]

I'll fix the conflicts and try to get it tested today. Sorry it fell off my radar a bit. Thanks for your patience.

All good, thanks!

[lukeheath]

@rfairburn @edwardsb Should this be merged?

[edwardsb]

@rfairburn @edwardsb Should this be merged?

I need to stand up an environment that uses a private registry via credentials (over IAM). I hopefully can have that done today.

[edwardsb]

This is good to go. Tested with private docker image on Dockerhub.

[lukeheath]

@edwardsb Looks like just a minor conflict to resolve then we can merge this in. Thanks!

cc @rfairburn