to mount private ca certificates into the containers. In EKS we could mount secrets as files, but I’m not sure that’s possible in ECS. is it possible to mount a certificate to the ECS container .if so how can i achieve to do that using the terraform . can anyone please help me ?
Not having the idea to carry out anything.
2
Answers
I personally feel mounting the private certificate in ECS or EKS is not a good approach. The good approach to being serverless is having the private key in the ACM or Secret binary in SecretManager.
If you still want to achieve the same you can mount the EFS and add the certificates to the EFS
You can place the file on an EFS volume, and then mount the volume to the ECS containers. The problem with this is it is a pain to get a file onto the EFS volume. You first have to spin up an EC2 instance, mount the EFS volume on the instance, and then copy the files there. You can’t manage files on an EFS volume from the AWS web console.
Alternatively, you could store the certificate in an S3 bucket, or as a Secrets Manager secret, and change the startup script in your container to first copy the file over from S3 to a local file in the container, or write the Secrets contents to a local file, before starting up your application.