diff --git a/common/types.go b/common/types.go
index ff25b90a..fa497264 100644
--- a/common/types.go
+++ b/common/types.go
@@ -169,6 +169,7 @@ type Service struct {
 	AssignPublicIP       bool                   `yaml:"assignPublicIp,omitempty"`
 	Links                []string               `yaml:"links,omitempty"`
 	Environment          map[string]interface{} `yaml:"environment,omitempty"`
+	Secrets              map[string]interface{} `yaml:"secrets,omitempty"`
 	PathPatterns         []string               `yaml:"pathPatterns,omitempty"`
 	HostPatterns         []string               `yaml:"hostPatterns,omitempty"`
 	Priority             int                    `yaml:"priority,omitempty" validate:"max=50000"`
diff --git a/templates/assets/cloudformation/service-ecs.yml b/templates/assets/cloudformation/service-ecs.yml
index 7e4da310..339d2694 100644
--- a/templates/assets/cloudformation/service-ecs.yml
+++ b/templates/assets/cloudformation/service-ecs.yml
@@ -355,6 +355,15 @@ Resources:
           - !Ref AWS::NoValue
         #DnsSearchDomains:
         #- Fn::ImportValue: !Sub ${ServiceDiscoveryName}
+        {{if .Secrets}}
+        Secrets:
+        {{with .Secrets}}
+          {{range $key, $val := .}}
+          - Name: {{$key}}
+            ValueFrom: !Sub {{$val}}
+          {{end}}
+        {{end}}
+        {{end}}
         Environment:
         {{with .Environment}}
           {{range $key, $val := .}}
diff --git a/templates/assets/cloudformation/service-iam.yml b/templates/assets/cloudformation/service-iam.yml
index 935e2f82..6f163732 100644
--- a/templates/assets/cloudformation/service-iam.yml
+++ b/templates/assets/cloudformation/service-iam.yml
@@ -373,6 +373,9 @@ Resources:
             - logs:PutLogEvents
             - logs:DescribeLogGroups
             - logs:DescribeLogStreams
+            - ssm:GetParameters
+            - secretsmanager:GetSecretValue
+            - kms:Decrypt
             Resource: '*'
 
   EksPodRole: