Hey, when using AWSX trying to run

pulumi up

on ecs task definition (fargate) and service (FargateService) with environment variables, it always tries to update all the ECS services and not just the service that was modified. This causes immense problems for me. Putting ignoreChanges on the containerDefinitions.environment doesn't change a thing. For reference, here is the task definition:

export const auditing_TDX = new awsx.ecs.FargateTaskDefinition("auditing-TD", {
    taskRole: {roleArn: iam_roles.us_east_1_ECS_ECSTaskRole.arn},
    executionRole: {roleArn: iam_roles.us_east_1_ECS_ECSExecutionRole.arn},
    family: `${config.env_name}-auditing-TD`,
    container: {
        name: "auditing",
        image: `270046177949.dkr.ecr.us-east-1.amazonaws.com/${config.ecsImagesVersions.get("Auditing_Service")}`,
        cpu: 1024,
        memory: 2048,
        memoryReservation: 400,
        essential: true,
        portMappings: [
            {
                containerPort: 8011,
                hostPort: 8011,
                protocol: "tcp"
            }
        ],
        environment: pulumi.all([websites.siteUrlCdn, config.env_name, config.SECURITY_JWTPUBLICKEY, config.rdsPassword, rdsserverless.endpoint, config.rdsUsername, app_integration.SyncPermissionsQueue.name]).apply(([frontend_url, env_name, jwt_public_key, rdsPassword, rdsEndpoint, rdsUsername, syncPermissionsQueue]) => [
            { "name": "SPRING_APPLICATION_LOGAPPENDER", "value": "ASYNCJSON" },
            { "name": "SECURITY_JWTPUBLICKEY", "value": jwt_public_key },
            { "name": "SECURITY_CORSALLOWEDORIGINPATTERNS", "value": frontend_url },
            { "name": "SPRING_DATASOURCE_PASSWORD", "value": rdsPassword },
            { "name": "SPRING_DATASOURCE_URL", "value": `jdbc:mysql://${rdsEndpoint}:3306/AuditingService?useSSL=false&createDatabaseIfNotExist=true` },
            { "name": "LOG4J_FORMAT_MSG_NO_LOOKUPS", "value": "true" },
            { "name": "SYNCPERMISSIONS_ENABLED", "value": "false" },
            { "name": "SPRING_DATASOURCE_USERNAME", "value": rdsUsername },
            { "name": "JAVA_OPTS", "value": "" },
            { "name": "SPRING_DATASOURCE_DRIVERCLASSNAME", "value": "org.mariadb.jdbc.Driver" },
            { "name": "AUDITING_DAYSTOEXPIRE", "value": "365" },
            { "name": "SYNCPERMISSIONS_QUEUENAME", "value": syncPermissionsQueue }
        ]),
        logConfiguration: {
            logDriver: "awslogs",
            options: {
                
                "awslogs-group": `/${config.env_name}/auditing`,
                "awslogs-region": "us-east-1",
                "awslogs-stream-prefix": "auditing"
            }
        }
    },
}, {ignoreChanges: ["container.environment"]});

For making my question clearer - I want to cause just the image version to change, preserving all the environment variables that existed when creating the task definition (the JWT, rds password, etc must not change)