Skip to content

Resource: awsEcsTaskDefinition

Manages a revision of an ECS task definition to be used in awsEcsService.

Example Usage

Basic Example

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.ecsTaskDefinition.EcsTaskDefinition(this, "service", {
  containerDefinitions:
    '${jsonencode([\n    {\n      name      = "first"\n      image     = "service-first"\n      cpu       = 10\n      memory    = 512\n      essential = true\n      portMappings = [\n        {\n          containerPort = 80\n          hostPort      = 80\n        }\n      ]\n    },\n    {\n      name      = "second"\n      image     = "service-second"\n      cpu       = 10\n      memory    = 256\n      essential = true\n      portMappings = [\n        {\n          containerPort = 443\n          hostPort      = 443\n        }\n      ]\n    }\n  ])}',
  family: "service",
  placementConstraints: [
    {
      expression: "attribute:ecs.availability-zone in [us-west-2a, us-west-2b]",
      type: "memberOf",
    },
  ],
  volume: [
    {
      hostPath: "/ecs/service-storage",
      name: "service-storage",
    },
  ],
});

With AppMesh Proxy

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.ecsTaskDefinition.EcsTaskDefinition(this, "service", {
  containerDefinitions: '${file("task-definitions/service.json")}',
  family: "service",
  proxyConfiguration: {
    containerName: "applicationContainerName",
    properties: {
      appPorts: "8080",
      egressIgnoredIPs: "169.254.170.2,169.254.169.254",
      ignoredUid: "1337",
      proxyEgressPort: 15001,
      proxyIngressPort: 15000,
    },
    type: "APPMESH",
  },
});

Example Using dockerVolumeConfiguration

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.ecsTaskDefinition.EcsTaskDefinition(this, "service", {
  containerDefinitions: '${file("task-definitions/service.json")}',
  family: "service",
  volume: [
    {
      dockerVolumeConfiguration: {
        autoprovision: true,
        driver: "local",
        driverOpts: [
          {
            device: "${aws_efs_file_system.fs.dns_name}:/",
            o: "addr=${aws_efs_file_system.fs.dns_name},rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport",
            type: "nfs",
          },
        ],
        scope: "shared",
      },
      name: "service-storage",
    },
  ],
});

Example Using efsVolumeConfiguration

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.ecsTaskDefinition.EcsTaskDefinition(this, "service", {
  containerDefinitions: '${file("task-definitions/service.json")}',
  family: "service",
  volume: [
    {
      efsVolumeConfiguration: {
        authorizationConfig: {
          accessPointId: "${aws_efs_access_point.test.id}",
          iam: "ENABLED",
        },
        fileSystemId: "${aws_efs_file_system.fs.id}",
        rootDirectory: "/opt/data",
        transitEncryption: "ENABLED",
        transitEncryptionPort: 2999,
      },
      name: "service-storage",
    },
  ],
});

Example Using fsxWindowsFileServerVolumeConfiguration

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsSecretsmanagerSecretVersionTest =
  new aws.secretsmanagerSecretVersion.SecretsmanagerSecretVersion(
    this,
    "test",
    {
      secretId: "${aws_secretsmanager_secret.test.id}",
      secretString:
        '${jsonencode({ username : "admin", password : aws_directory_service_directory.test.password })}',
    }
  );
new aws.ecsTaskDefinition.EcsTaskDefinition(this, "service", {
  containerDefinitions: '${file("task-definitions/service.json")}',
  family: "service",
  volume: [
    {
      fsxWindowsFileServerVolumeConfiguration: {
        authorizationConfig: {
          credentialsParameter: awsSecretsmanagerSecretVersionTest.arn,
          domain: "${aws_directory_service_directory.test.name}",
        },
        fileSystemId: "${aws_fsx_windows_file_system.test.id}",
        rootDirectory: "\\data",
      },
      name: "service-storage",
    },
  ],
});

Example Using containerDefinitions and inferenceAccelerator

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.ecsTaskDefinition.EcsTaskDefinition(this, "test", {
  containerDefinitions:
    '[\n  {\n    "cpu": 10,\n    "command": ["sleep", "10"],\n    "entryPoint": ["/"],\n    "environment": [\n      {"name": "VARNAME", "value": "VARVAL"}\n    ],\n    "essential": true,\n    "image": "jenkins",\n    "memory": 128,\n    "name": "jenkins",\n    "portMappings": [\n      {\n        "containerPort": 80,\n        "hostPort": 8080\n      }\n    ],\n        "resourceRequirements":[\n            {\n                "type":"InferenceAccelerator",\n                "value":"device_1"\n            }\n        ]\n  }\n]\n',
  family: "test",
  inferenceAccelerator: [
    {
      deviceName: "device_1",
      deviceType: "eia1.medium",
    },
  ],
});

Example Using runtimePlatform and fargate

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.ecsTaskDefinition.EcsTaskDefinition(this, "test", {
  containerDefinitions:
    '[\n  {\n    "name": "iis",\n    "image": "mcr.microsoft.com/windows/servercore/iis",\n    "cpu": 1024,\n    "memory": 2048,\n    "essential": true\n  }\n]\n',
  cpu: 1024,
  family: "test",
  memory: 2048,
  networkMode: "awsvpc",
  requiresCompatibilities: ["FARGATE"],
  runtimePlatform: {
    cpuArchitecture: "X86_64",
    operatingSystemFamily: "WINDOWS_SERVER_2019_CORE",
  },
});

Argument Reference

\~> NOTE: Proper escaping is required for JSON field values containing quotes (") such as environment values. If directly setting the JSON, they should be escaped as \" in the JSON, e.g., "value": "i \"love\"EscapedQuotes". If using a Terraform variable value, they should be escaped as \\\" in the variable, e.g., value = "i \\\"love\\\"EscapedQuotes" in the variable and "value": "${varMyvariable}" in the JSON.

The following arguments are required:

  • containerDefinitions - (Required) A list of valid container definitions provided as a single valid JSON document. Please note that you should only provide values that are part of the container definition document. For a detailed description of what parameters are available, see the Task Definition Parameters section from the official Developer Guide.
  • family - (Required) A unique name for your task definition.

The following arguments are optional:

  • cpu - (Optional) Number of cpu units used by the task. If the requiresCompatibilities is fargate this field is required.
  • executionRoleArn - (Optional) ARN of the task execution role that the Amazon ECS container agent and the Docker daemon can assume.
  • inferenceAccelerator - (Optional) Configuration block(s) with Inference Accelerators settings. Detailed below.
  • ipcMode - (Optional) IPC resource namespace to be used for the containers in the task The valid values are host, task, and none.
  • memory - (Optional) Amount (in MiB) of memory used by the task. If the requiresCompatibilities is fargate this field is required.
  • networkMode - (Optional) Docker networking mode to use for the containers in the task. Valid values are none, bridge, awsvpc, and host.
  • runtimePlatform - (Optional) Configuration block for runtime_platform that containers in your task may use.
  • pidMode - (Optional) Process namespace to use for the containers in the task. The valid values are host and task.
  • placementConstraints - (Optional) Configuration block for rules that are taken into consideration during task placement. Maximum number of placementConstraints is 10. Detailed below.
  • proxyConfiguration - (Optional) Configuration block for the App Mesh proxy. Detailed below.
  • ephemeralStorage - (Optional) The amount of ephemeral storage to allocate for the task. This parameter is used to expand the total amount of ephemeral storage available, beyond the default amount, for tasks hosted on AWS Fargate. See Ephemeral Storage.
  • requiresCompatibilities - (Optional) Set of launch types required by the task. The valid values are ec2 and fargate.
  • skipDestroy - (Optional) Whether to retain the old revision when the resource is destroyed or replacement is necessary. Default is false.
  • tags - (Optional) Key-value map of resource tags. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
  • taskRoleArn - (Optional) ARN of IAM role that allows your Amazon ECS container task to make calls to other AWS services.
  • volume - (Optional) Configuration block for volumes that containers in your task may use. Detailed below.

volume

  • dockerVolumeConfiguration - (Optional) Configuration block to configure a docker volume. Detailed below.
  • efsVolumeConfiguration - (Optional) Configuration block for an EFS volume. Detailed below.
  • fsxWindowsFileServerVolumeConfiguration - (Optional) Configuration block for an FSX Windows File Server volume. Detailed below.
  • hostPath - (Optional) Path on the host container instance that is presented to the container. If not set, ECS will create a nonpersistent data volume that starts empty and is deleted after the task has finished.
  • name - (Required) Name of the volume. This name is referenced in the sourceVolume parameter of container definition in the mountPoints section.

dockerVolumeConfiguration

For more information, see Specifying a Docker volume in your Task Definition Developer Guide

  • autoprovision - (Optional) If this value is true, the Docker volume is created if it does not already exist. Note: This field is only used if the scope is shared.
  • driverOpts - (Optional) Map of Docker driver specific options.
  • driver - (Optional) Docker volume driver to use. The driver value must match the driver name provided by Docker because it is used for task placement.
  • labels - (Optional) Map of custom metadata to add to your Docker volume.
  • scope - (Optional) Scope for the Docker volume, which determines its lifecycle, either task or shared. Docker volumes that are scoped to a task are automatically provisioned when the task starts and destroyed when the task stops. Docker volumes that are scoped as shared persist after the task stops.

efsVolumeConfiguration

For more information, see Specifying an EFS volume in your Task Definition Developer Guide

  • fileSystemId - (Required) ID of the EFS File System.
  • rootDirectory - (Optional) Directory within the Amazon EFS file system to mount as the root directory inside the host. If this parameter is omitted, the root of the Amazon EFS volume will be used. Specifying / will have the same effect as omitting this parameter. This argument is ignored when using authorizationConfig.
  • transitEncryption - (Optional) Whether or not to enable encryption for Amazon EFS data in transit between the Amazon ECS host and the Amazon EFS server. Transit encryption must be enabled if Amazon EFS IAM authorization is used. Valid values: enabled, disabled. If this parameter is omitted, the default value of disabled is used.
  • transitEncryptionPort - (Optional) Port to use for transit encryption. If you do not specify a transit encryption port, it will use the port selection strategy that the Amazon EFS mount helper uses.
  • authorizationConfig - (Optional) Configuration block for authorization for the Amazon EFS file system. Detailed below.

runtimePlatform

authorizationConfig

  • accessPointId - (Optional) Access point ID to use. If an access point is specified, the root directory value will be relative to the directory set for the access point. If specified, transit encryption must be enabled in the EFSVolumeConfiguration.
  • iam - (Optional) Whether or not to use the Amazon ECS task IAM role defined in a task definition when mounting the Amazon EFS file system. If enabled, transit encryption must be enabled in the EFSVolumeConfiguration. Valid values: enabled, disabled. If this parameter is omitted, the default value of disabled is used.

fsxWindowsFileServerVolumeConfiguration

For more information, see Specifying an FSX Windows File Server volume in your Task Definition Developer Guide

  • fileSystemId - (Required) The Amazon FSx for Windows File Server file system ID to use.
  • rootDirectory - (Required) The directory within the Amazon FSx for Windows File Server file system to mount as the root directory inside the host.
  • authorizationConfig - (Required) Configuration block for authorization for the Amazon FSx for Windows File Server file system detailed below.

authorizationConfig

  • credentialsParameter - (Required) The authorization credential option to use. The authorization credential options can be provided using either the Amazon Resource Name (ARN) of an AWS Secrets Manager secret or AWS Systems Manager Parameter Store parameter. The ARNs refer to the stored credentials.
  • domain - (Required) A fully qualified domain name hosted by an AWS Directory Service Managed Microsoft AD (Active Directory) or self-hosted AD on Amazon EC2.

placementConstraints

proxyConfiguration

  • containerName - (Required) Name of the container that will serve as the App Mesh proxy.
  • properties - (Required) Set of network configuration parameters to provide the Container Network Interface (CNI) plugin, specified a key-value mapping.
  • type - (Optional) Proxy type. The default value is appmesh. The only supported value is appmesh.

ephemeralStorage

  • sizeInGib - (Required) The total amount, in GiB, of ephemeral storage to set for the task. The minimum supported value is 21 GiB and the maximum supported value is 200 GiB.

inferenceAccelerator

  • deviceName - (Required) Elastic Inference accelerator device name. The deviceName must also be referenced in a container definition as a ResourceRequirement.
  • deviceType - (Required) Elastic Inference accelerator type to use.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • arn - Full ARN of the Task Definition (including both family and revision).
  • arnWithoutRevision - ARN of the Task Definition with the trailing revision removed. This may be useful for situations where the latest task definition is always desired. If a revision isn't specified, the latest ACTIVE revision is used. See the AWS documentation for details.
  • revision - Revision of the task in a particular family.
  • tagsAll - Map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.

Import

ECS Task Definitions can be imported via their Amazon Resource Name (ARN):

$ terraform import aws_ecs_task_definition.example arn:aws:ecs:us-east-1:012345678910:task-definition/mytaskfamily:123