Copilot-cli: Feature request: easy way to use a serviceā€™s task role when running a one-off task

Created on 25 Sep 2020  Ā·  6Comments  Ā·  Source: aws/copilot-cli

Right now I can see that a service has a task role, but I donā€™t see a way to programmatically and automatically get the ARN of that role and pass it to copilot task run ā€” I need this to be dynamic because it will vary by environment, and I canā€™t have a manual step of retrieving the ARN.

Itā€™d be great if there was a way to associate a one-off task with a service, just as we can currently associate it with an app and/or an environment; if so I think itā€™d be natural and intuitive that the one-off task would then use the task role of the service.

Alternatively, perhaps the task role ARN could be exported as a CloudFormation output, or put into an SSM param, so that I could retrieve it via a script using the AWS CLI.

(Right now Iā€™m manually specifying a task role for one-off tasks in one of my add-ons, and then putting its ARN into an SSM param. Thatā€™s working, but it took me awhile to work it out, and itā€™s extra ā€œnoiseā€ in my add-on template.)

Thank you!

sizM typenhancement typrequest
Source
picture aviflax
👍62

Most helpful comment

Would it make sense to run it with the env variable and secrets specified in the manifest for this service as well ?
I see the _Task Run Design Command "issue"_(https://github.com/aws/copilot-cli/issues/702) mentions that one of its use-case is to allow one-off scripts requiring secrets but there is no way to currently pass those secrets to the command.

picture malkovro on 29 Sep 2020
👍3

All 6 comments

I think it makes total sense to add a --svc flag to task run which will run with the service's task role.

kohidave picture kohidave on 25 Sep 2020
👍3

Would it make sense to run it with the env variable and secrets specified in the manifest for this service as well ?
I see the _Task Run Design Command "issue"_(https://github.com/aws/copilot-cli/issues/702) mentions that one of its use-case is to allow one-off scripts requiring secrets but there is no way to currently pass those secrets to the command.

malkovro picture malkovro on 29 Sep 2020
👍3

Would it make sense to run it with the env variable and secrets specified in the manifest for this service as well ?

I think so, yes. I think that'd be intuitive and useful.

aviflax picture aviflax on 29 Sep 2020

Thanks for the feedback that makes a lot of sense!

efekarakus picture efekarakus on 29 Sep 2020
👍1

Hi @malkovro @aviflax ! We have a proposal to support this feature (https://github.com/aws/copilot-cli/issues/2159) we would love to hear your feedback on the issue šŸ˜„

efekarakus picture efekarakus on 9 Apr 2021

Sorry Iā€™m not currently using Copilot, as it's not applicable to my current project. So I don't think I can give good feedback on the proposal. At a high level all the approaches look very promising though. Nice work!

aviflax picture aviflax on 9 Apr 2021
1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

noahjahn picture noahjahn  Ā·  3Comments
bvtujo picture bvtujo  Ā·  3Comments
camilosantana picture camilosantana  Ā·  3Comments
fullstackdev-online picture fullstackdev-online  Ā·  3Comments
aidansteele picture aidansteele  Ā·  3Comments