Need to restart the AWS ECS fargate containers when there is an update in the secrets and parameters injected to it

Question

I have a scenario where we have some AWS ECS clusters on Fargate and Secrets injected into those task definitions from Secrets Manager and AWS SSM Parameter store. Now, we want to create a Lambda function to automatically restart the specific task definition if the secrets or parameters are updated. We created AWS CloudWatch Log groups to create a log if there is an update, delete in the secrets and Parameters following this document: https://upstart.chrishic.com/updating-container-secrets-using-cloudwatch-events-lambda/

Now we want to implement a Lambda function which will respond to this LogGroup and verify the ARN of the secret or Parameter and restart (perform Force Deployment) of the respective ECS Service

Answer 1

Not sure why you want to use CloudWatch Logs at all. Instead, trigger your Lambda function based on EventBridge events. You can listen for Secrets Manager UpdateSecret and Parameter Store Update events and trigger a Lambda function.

Secrets Manager event example: https://docs.aws.amazon.com/secretsmanager/latest/userguide/monitoring-eventbridge.html

Triggering Lambda from EventBridge: https://docs.aws.amazon.com/lambda/latest/dg/services-cloudwatchevents.html