Resource: awsEcsTaskDefinition
Manages a revision of an ECS task definition to be used in awsEcsService
.
Example Usage
Basic Example
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.ecsTaskDefinition.EcsTaskDefinition(this, "service", {
containerDefinitions:
'${jsonencode([\n {\n name = "first"\n image = "service-first"\n cpu = 10\n memory = 512\n essential = true\n portMappings = [\n {\n containerPort = 80\n hostPort = 80\n }\n ]\n },\n {\n name = "second"\n image = "service-second"\n cpu = 10\n memory = 256\n essential = true\n portMappings = [\n {\n containerPort = 443\n hostPort = 443\n }\n ]\n }\n ])}',
family: "service",
placementConstraints: [
{
expression: "attribute:ecs.availability-zone in [us-west-2a, us-west-2b]",
type: "memberOf",
},
],
volume: [
{
hostPath: "/ecs/service-storage",
name: "service-storage",
},
],
});
With AppMesh Proxy
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.ecsTaskDefinition.EcsTaskDefinition(this, "service", {
containerDefinitions: '${file("task-definitions/service.json")}',
family: "service",
proxyConfiguration: {
containerName: "applicationContainerName",
properties: {
appPorts: "8080",
egressIgnoredIPs: "169.254.170.2,169.254.169.254",
ignoredUid: "1337",
proxyEgressPort: 15001,
proxyIngressPort: 15000,
},
type: "APPMESH",
},
});
Example Using dockerVolumeConfiguration
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.ecsTaskDefinition.EcsTaskDefinition(this, "service", {
containerDefinitions: '${file("task-definitions/service.json")}',
family: "service",
volume: [
{
dockerVolumeConfiguration: {
autoprovision: true,
driver: "local",
driverOpts: [
{
device: "${aws_efs_file_system.fs.dns_name}:/",
o: "addr=${aws_efs_file_system.fs.dns_name},rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport",
type: "nfs",
},
],
scope: "shared",
},
name: "service-storage",
},
],
});
Example Using efsVolumeConfiguration
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.ecsTaskDefinition.EcsTaskDefinition(this, "service", {
containerDefinitions: '${file("task-definitions/service.json")}',
family: "service",
volume: [
{
efsVolumeConfiguration: {
authorizationConfig: {
accessPointId: "${aws_efs_access_point.test.id}",
iam: "ENABLED",
},
fileSystemId: "${aws_efs_file_system.fs.id}",
rootDirectory: "/opt/data",
transitEncryption: "ENABLED",
transitEncryptionPort: 2999,
},
name: "service-storage",
},
],
});
Example Using fsxWindowsFileServerVolumeConfiguration
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsSecretsmanagerSecretVersionTest =
new aws.secretsmanagerSecretVersion.SecretsmanagerSecretVersion(
this,
"test",
{
secretId: "${aws_secretsmanager_secret.test.id}",
secretString:
'${jsonencode({ username : "admin", password : aws_directory_service_directory.test.password })}',
}
);
new aws.ecsTaskDefinition.EcsTaskDefinition(this, "service", {
containerDefinitions: '${file("task-definitions/service.json")}',
family: "service",
volume: [
{
fsxWindowsFileServerVolumeConfiguration: {
authorizationConfig: {
credentialsParameter: awsSecretsmanagerSecretVersionTest.arn,
domain: "${aws_directory_service_directory.test.name}",
},
fileSystemId: "${aws_fsx_windows_file_system.test.id}",
rootDirectory: "\\data",
},
name: "service-storage",
},
],
});
Example Using containerDefinitions
and inferenceAccelerator
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.ecsTaskDefinition.EcsTaskDefinition(this, "test", {
containerDefinitions:
'[\n {\n "cpu": 10,\n "command": ["sleep", "10"],\n "entryPoint": ["/"],\n "environment": [\n {"name": "VARNAME", "value": "VARVAL"}\n ],\n "essential": true,\n "image": "jenkins",\n "memory": 128,\n "name": "jenkins",\n "portMappings": [\n {\n "containerPort": 80,\n "hostPort": 8080\n }\n ],\n "resourceRequirements":[\n {\n "type":"InferenceAccelerator",\n "value":"device_1"\n }\n ]\n }\n]\n',
family: "test",
inferenceAccelerator: [
{
deviceName: "device_1",
deviceType: "eia1.medium",
},
],
});
Example Using runtimePlatform
and fargate
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.ecsTaskDefinition.EcsTaskDefinition(this, "test", {
containerDefinitions:
'[\n {\n "name": "iis",\n "image": "mcr.microsoft.com/windows/servercore/iis",\n "cpu": 1024,\n "memory": 2048,\n "essential": true\n }\n]\n',
cpu: 1024,
family: "test",
memory: 2048,
networkMode: "awsvpc",
requiresCompatibilities: ["FARGATE"],
runtimePlatform: {
cpuArchitecture: "X86_64",
operatingSystemFamily: "WINDOWS_SERVER_2019_CORE",
},
});
Argument Reference
\~> NOTE: Proper escaping is required for JSON field values containing quotes ("
) such as environment
values. If directly setting the JSON, they should be escaped as \"
in the JSON, e.g., "value": "i \"love\"EscapedQuotes"
. If using a Terraform variable value, they should be escaped as \\\"
in the variable, e.g., value = "i \\\"love\\\"EscapedQuotes"
in the variable and "value": "${varMyvariable}"
in the JSON.
The following arguments are required:
containerDefinitions
- (Required) A list of valid container definitions provided as a single valid JSON document. Please note that you should only provide values that are part of the container definition document. For a detailed description of what parameters are available, see the Task Definition Parameters section from the official Developer Guide.family
- (Required) A unique name for your task definition.
The following arguments are optional:
cpu
- (Optional) Number of cpu units used by the task. If therequiresCompatibilities
isfargate
this field is required.executionRoleArn
- (Optional) ARN of the task execution role that the Amazon ECS container agent and the Docker daemon can assume.inferenceAccelerator
- (Optional) Configuration block(s) with Inference Accelerators settings. Detailed below.ipcMode
- (Optional) IPC resource namespace to be used for the containers in the task The valid values arehost
,task
, andnone
.memory
- (Optional) Amount (in MiB) of memory used by the task. If therequiresCompatibilities
isfargate
this field is required.networkMode
- (Optional) Docker networking mode to use for the containers in the task. Valid values arenone
,bridge
,awsvpc
, andhost
.runtimePlatform
- (Optional) Configuration block for runtime_platform that containers in your task may use.pidMode
- (Optional) Process namespace to use for the containers in the task. The valid values arehost
andtask
.placementConstraints
- (Optional) Configuration block for rules that are taken into consideration during task placement. Maximum number ofplacementConstraints
is10
. Detailed below.proxyConfiguration
- (Optional) Configuration block for the App Mesh proxy. Detailed below.ephemeralStorage
- (Optional) The amount of ephemeral storage to allocate for the task. This parameter is used to expand the total amount of ephemeral storage available, beyond the default amount, for tasks hosted on AWS Fargate. See Ephemeral Storage.requiresCompatibilities
- (Optional) Set of launch types required by the task. The valid values areec2
andfargate
.skipDestroy
- (Optional) Whether to retain the old revision when the resource is destroyed or replacement is necessary. Default isfalse
.tags
- (Optional) Key-value map of resource tags. If configured with a providerdefaultTags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.taskRoleArn
- (Optional) ARN of IAM role that allows your Amazon ECS container task to make calls to other AWS services.volume
- (Optional) Configuration block for volumes that containers in your task may use. Detailed below.
volume
dockerVolumeConfiguration
- (Optional) Configuration block to configure a docker volume. Detailed below.efsVolumeConfiguration
- (Optional) Configuration block for an EFS volume. Detailed below.fsxWindowsFileServerVolumeConfiguration
- (Optional) Configuration block for an FSX Windows File Server volume. Detailed below.hostPath
- (Optional) Path on the host container instance that is presented to the container. If not set, ECS will create a nonpersistent data volume that starts empty and is deleted after the task has finished.name
- (Required) Name of the volume. This name is referenced in thesourceVolume
parameter of container definition in themountPoints
section.
dockerVolumeConfiguration
For more information, see Specifying a Docker volume in your Task Definition Developer Guide
autoprovision
- (Optional) If this value istrue
, the Docker volume is created if it does not already exist. Note: This field is only used if the scope isshared
.driverOpts
- (Optional) Map of Docker driver specific options.driver
- (Optional) Docker volume driver to use. The driver value must match the driver name provided by Docker because it is used for task placement.labels
- (Optional) Map of custom metadata to add to your Docker volume.scope
- (Optional) Scope for the Docker volume, which determines its lifecycle, eithertask
orshared
. Docker volumes that are scoped to atask
are automatically provisioned when the task starts and destroyed when the task stops. Docker volumes that are scoped asshared
persist after the task stops.
efsVolumeConfiguration
For more information, see Specifying an EFS volume in your Task Definition Developer Guide
fileSystemId
- (Required) ID of the EFS File System.rootDirectory
- (Optional) Directory within the Amazon EFS file system to mount as the root directory inside the host. If this parameter is omitted, the root of the Amazon EFS volume will be used. Specifying / will have the same effect as omitting this parameter. This argument is ignored when usingauthorizationConfig
.transitEncryption
- (Optional) Whether or not to enable encryption for Amazon EFS data in transit between the Amazon ECS host and the Amazon EFS server. Transit encryption must be enabled if Amazon EFS IAM authorization is used. Valid values:enabled
,disabled
. If this parameter is omitted, the default value ofdisabled
is used.transitEncryptionPort
- (Optional) Port to use for transit encryption. If you do not specify a transit encryption port, it will use the port selection strategy that the Amazon EFS mount helper uses.authorizationConfig
- (Optional) Configuration block for authorization for the Amazon EFS file system. Detailed below.
runtimePlatform
operatingSystemFamily
- (Optional) If therequiresCompatibilities
isfargate
this field is required; must be set to a valid option from the operating system family in the runtime platform settingcpuArchitecture
- (Optional) Must be set to eitherX86_64
orarm64
; see cpu architecture
authorizationConfig
accessPointId
- (Optional) Access point ID to use. If an access point is specified, the root directory value will be relative to the directory set for the access point. If specified, transit encryption must be enabled in the EFSVolumeConfiguration.iam
- (Optional) Whether or not to use the Amazon ECS task IAM role defined in a task definition when mounting the Amazon EFS file system. If enabled, transit encryption must be enabled in the EFSVolumeConfiguration. Valid values:enabled
,disabled
. If this parameter is omitted, the default value ofdisabled
is used.
fsxWindowsFileServerVolumeConfiguration
For more information, see Specifying an FSX Windows File Server volume in your Task Definition Developer Guide
fileSystemId
- (Required) The Amazon FSx for Windows File Server file system ID to use.rootDirectory
- (Required) The directory within the Amazon FSx for Windows File Server file system to mount as the root directory inside the host.authorizationConfig
- (Required) Configuration block for authorization for the Amazon FSx for Windows File Server file system detailed below.
authorizationConfig
credentialsParameter
- (Required) The authorization credential option to use. The authorization credential options can be provided using either the Amazon Resource Name (ARN) of an AWS Secrets Manager secret or AWS Systems Manager Parameter Store parameter. The ARNs refer to the stored credentials.domain
- (Required) A fully qualified domain name hosted by an AWS Directory Service Managed Microsoft AD (Active Directory) or self-hosted AD on Amazon EC2.
placementConstraints
expression
- (Optional) Cluster Query Language expression to apply to the constraint. For more information, see Cluster Query Language in the Amazon EC2 Container Service Developer Guide.type
- (Required) Type of constraint. UsememberOf
to restrict selection to a group of valid candidates. Note thatdistinctInstance
is not supported in task definitions.
proxyConfiguration
containerName
- (Required) Name of the container that will serve as the App Mesh proxy.properties
- (Required) Set of network configuration parameters to provide the Container Network Interface (CNI) plugin, specified a key-value mapping.type
- (Optional) Proxy type. The default value isappmesh
. The only supported value isappmesh
.
ephemeralStorage
sizeInGib
- (Required) The total amount, in GiB, of ephemeral storage to set for the task. The minimum supported value is21
GiB and the maximum supported value is200
GiB.
inferenceAccelerator
deviceName
- (Required) Elastic Inference accelerator device name. The deviceName must also be referenced in a container definition as a ResourceRequirement.deviceType
- (Required) Elastic Inference accelerator type to use.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
arn
- Full ARN of the Task Definition (including bothfamily
andrevision
).arnWithoutRevision
- ARN of the Task Definition with the trailingrevision
removed. This may be useful for situations where the latest task definition is always desired. If a revision isn't specified, the latest ACTIVE revision is used. See the AWS documentation for details.revision
- Revision of the task in a particular family.tagsAll
- Map of tags assigned to the resource, including those inherited from the providerdefaultTags
configuration block.
Import
ECS Task Definitions can be imported via their Amazon Resource Name (ARN):