This pattern creates an Amazon ECS Cluster, ECS Task Definition, AWS Fargate Container, and AWS Secrets Manager instance, along with associated roles.

Secrets Manager generates a random secret and injects this into the container upon start-up as environment variable. The container is spun up when a Fargate task is run in an existing VPC in the user's AWS account via a CLI command in the testing section. For the roles: A task execution role is created for logging to CloudWatch and for accessing the secrets (the policy for the secrets is added by default). An 'empty' (policy-less) default task role is also created along with Task Definition creation. The Task Definition does not display any hard-coded values for secrets in the console; rather, it displays the ARN of the Secret for which it retrieves the password from via its IAM role.