Description
Currently, the agent is hardcoded to bind to the localhost address of 127.0.0.1. Understanding that this is definitely a sane default and only functioning on a local interface removes a lot of the security considerations one would need to make in the usage of this tool if it were otherwise, is there a downside to making this configurable?
An example use case that I would want to use this feature for is the following:
Currently, secretsmanager-agent can only be used with ECS clusters that are using self managed EC2 instances as their capacity, meaning that no services which run on Fargate are able to utilize this tool, since we don't have the ability to control the underlying machines and deploy this to them.
Being able to change the listen address of the HTTP server opens up a possibility where secretsmanager-agent could be deployed as an ECS service itself, running on Fargate. The idea would be to then put a load balancer in front of secretsmanager-agent and let it be accessed by other ECS services over the private network.
Users would need to accept and understand/account for the risks that binding to an interface other than localhost might carry, but it would be nice to have the option.
I've submitted a PR of what this change might look like with #69