Skip to content

Resource: awsLightsailContainerService

An Amazon Lightsail container service is a highly scalable compute and networking resource on which you can deploy, run, and manage containers. For more information, see Container services in Amazon Lightsail.

\~> Note: For more information about the AWS Regions in which you can create Amazon Lightsail container services, see "Regions and Availability Zones in Amazon Lightsail".

Example Usage

Basic Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.lightsailContainerService.LightsailContainerService(
  this,
  "my_container_service",
  {
    isDisabled: false,
    name: "container-service-1",
    power: "nano",
    scale: 1,
    tags: {
      foo1: "bar1",
      foo2: "",
    },
  }
);

Public Domain Names

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.lightsailContainerService.LightsailContainerService(
  this,
  "my_container_service",
  {
    publicDomainNames: {
      certificate: [
        {
          certificateName: "example-certificate",
          domainNames: ["www.example.com"],
        },
      ],
    },
  }
);

Private Registry Access

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsLightsailContainerServiceDefault =
  new aws.lightsailContainerService.LightsailContainerService(this, "default", {
    privateRegistryAccess: {
      ecrImagePullerRole: {
        isActive: true,
      },
    },
  });
const dataAwsIamPolicyDocumentDefault =
  new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(this, "default_1", {
    statement: [
      {
        actions: ["ecr:BatchGetImage", "ecr:GetDownloadUrlForLayer"],
        effect: "Allow",
        principals: [
          {
            identifiers: [
              `\${${awsLightsailContainerServiceDefault.privateRegistryAccess.fqn}[0].ecr_image_puller_role[0].principal_arn}`,
            ],
            type: "AWS",
          },
        ],
      },
    ],
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAwsIamPolicyDocumentDefault.overrideLogicalId("default");
const awsEcrRepositoryPolicyDefault =
  new aws.ecrRepositoryPolicy.EcrRepositoryPolicy(this, "default_2", {
    policy: dataAwsIamPolicyDocumentDefault.json,
    repository: "${aws_ecr_repository.default.name}",
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsEcrRepositoryPolicyDefault.overrideLogicalId("default");

Argument Reference

\~> NOTE: You must create and validate an SSL/TLS certificate before you can use publicDomainNames with your container service. For more information, see Enabling and managing custom domains for your Amazon Lightsail container services.

The following arguments are supported:

  • name - (Required) The name for the container service. Names must be of length 1 to 63, and be unique within each AWS Region in your Lightsail account.
  • power - (Required) The power specification for the container service. The power specifies the amount of memory, the number of vCPUs, and the monthly price of each node of the container service. Possible values: nano, micro, small, medium, large, xlarge.
  • scale - (Required) The scale specification for the container service. The scale specifies the allocated compute nodes of the container service.
  • isDisabled - (Optional) A Boolean value indicating whether the container service is disabled. Defaults to false.
  • publicDomainNames - (Optional) The public domain names to use with the container service, such as example.com and www.example.com. You can specify up to four public domain names for a container service. The domain names that you specify are used when you create a deployment with a container configured as the public endpoint of your container service. If you don't specify public domain names, then you can use the default domain of the container service. Defined below.
  • privateRegistryAccess - (Optional) An object to describe the configuration for the container service to access private container image repositories, such as Amazon Elastic Container Registry (Amazon ECR) private repositories. See Private Registry Access below for more details.
  • tags - (Optional) Map of container service tags. To tag at launch, specify the tags in the Launch Template. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Private Registry Access

The privateRegistryAccess block supports the following arguments:

  • ecrImagePullerRole - (Optional) Describes a request to configure an Amazon Lightsail container service to access private container image repositories, such as Amazon Elastic Container Registry (Amazon ECR) private repositories. See ECR Image Puller Role below for more details.

ECR Image Puller Role

The ecrImagePullerRole blocks supports the following arguments:

  • isActive - (Optional) A Boolean value that indicates whether to activate the role. The default is false.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • arn - The Amazon Resource Name (ARN) of the container service.
  • availabilityZone - The Availability Zone. Follows the format us-east-2a (case-sensitive).
  • id - Same as name.
  • powerId - The ID of the power of the container service.
  • principalArn- The principal ARN of the container service. The principal ARN can be used to create a trust relationship between your standard AWS account and your Lightsail container service. This allows you to give your service permission to access resources in your standard AWS account.
  • privateDomainName - The private domain name of the container service. The private domain name is accessible only by other resources within the default virtual private cloud (VPC) of your Lightsail account.
  • regionName - The AWS Region name.
  • resourceType - The Lightsail resource type of the container service (i.e., ContainerService).
  • state - The current state of the container service.
  • tagsAll - A map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.
  • url - The publicly accessible URL of the container service. If no public endpoint is specified in the currentDeployment, this URL returns a 404 response.

Timeouts

Configuration options:

  • create - (Default 30M)
  • update - (Default 30M)
  • delete - (Default 30M)

Import

Lightsail Container Service can be imported using the name, e.g.,

$ terraform import aws_lightsail_container_service.my_container_service container-service-1