2 posts tagged with "ecs"

This year as part of my role I work more often with Rails apps running on AWS ECS. We aim to follow the 12‑factor app principles, loading configuration (including secrets) via environment variables to keep apps portable, stateless, and deployment‑friendly.

AWS ECS supports passing Secrets Manager secrets through environment variables, which injects secrets into containers at startup. While Secrets Manager provides excellent security and rotation capabilities, its pricing model adds up quickly with many secrets.

Our apps have on average 20–40 secrets per application stored in AWS Secrets Manager. Since we load secrets at container startup, storage costs dominate over API call costs, even with daily deployments.

If you are working with AWS ECS, you might know about ECS task healthcheck. AWS documentation suggests to use curl in command:

[ "CMD-SHELL", "curl -f http://localhost/ || exit 1" ]

I usually try to minimize container image size, thus my first choice for base image is Alpine.

Unfortunately, it doesn't come with curl installed out of the box. It only includes wget.