Module classic/ecs

Pulumi ECS Components

Pulumi’s API’s for simplifying working with ECS. The API currently provides ways to define and configure Clusters, Services, TaskDefinitions, and Containers. The Pulumi API also makes it simple to configure things simply to use Fargate (alleviating the need to manage servers yourself), or just use EC2 for the most control.

To start with, here’s a simple example of how one can create a Fargate service:

import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";

const listener = new awsx.lb.NetworkListener("nginx", { port: 80 });
const nginx = new awsx.ecs.FargateService("nginx", {
    taskDefinitionArgs: {
        containers: {
            nginx: {
                image: "nginx",
                memory: 128,
                portMappings: [listener],
            },
        },
    },
    desiredCount: 2,
});

This single call will create a Cluster on your behalf in The Default VPC for your region. It will also create an internet-facing NLB that will listen for connections and route requests appropriate to spawned instances in the cluster. Because we have used Fargate, there is no need to create any sort of Auto Scaling Group or otherwise specify what sort of machine instances will be run. Instead, Fargate will manage that for us automatically based on the optional memory and cpu values we request for our containers.

While this approach manages nearly everything on your behalf, it can often be desirable to control more of what is going on. To help explain how that works, we’ll work from the top down up to see how each part of your containerized infrastructure can be configured.

Load Balancing

The above example shows how service load balanced through an internet-facing NLB. The pattern of defining a service that is attached to an NLB or ALB is so common that both awsx.ecs.FargateService and awsx.ecs.EC2Service provide convenient construction techniques to simplify creating both.

Here’s how we can simplify the above using those techniques:

import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";

const nginx = new awsx.ecs.FargateService("nginx", {
    taskDefinitionArgs: {
        containers: {
            nginx: {
                image: "nginx",
                memory: 128,
                networkListener: { port: 80 },
            },
        },
    },
    desiredCount: 2,
});

Like before, this will create an [awsx.lb.NetworkListener] named "nginx", but will not require that resource to be directly declared beforehand.

The networkListener: or applicationListener: provided can be fully configured to your needs. This includes adjusting the awsx.lb.LoadBalancer and awsx.lb.TargetGroup that are needed here. Those can be configured like so:

    nginx: {
        image: "nginx",
        memory: 128,
        networkListener: { port: 80, /*more listener args*/, targetGroup: { /*...*/ }, loadBalancer: { /*...*/ }  },
    },

See the respective docs for more details on what can be configured here.

Clusters

A Cluster defines the infrastructure to run Services and Tasks in. If a Cluster is not specified when creating Services or running Tasks, then a default one will be created that is confired to use The Default VPC for your region. Creating a Cluster that uses a different Vpc can be simply done by:

import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";

const vpc = // ... create custom vpc
const cluster = new awsx.ecs.Cluster("custom", { vpc });

const nginx = new awsx.ecs.FargateService("nginx", {
    cluster,
    // ... additional args
});

A Cluster created in this manner is ready for use by Fargate. In order to be used by EC2 though scaling capacity needs to be added to the Cluster. This can be done simply like so:

import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";

const vpc = // ... create custom vpc
const cluster = new awsx.ecs.Cluster("custom", { vpc });

const asg = cluster.createAutoScalingGroup("custom", {
    templateParameters: { minSize: 20 },
    launchConfigurationArgs: { instanceType: "t2.medium" },
});

Task Definitions

A task definition is required to run Docker containers in Amazon ECS. Some of the parameters you can specify in a task definition include:

The Docker image to use with each container in your task
How much CPU and memory to use with each task or each container within a task
The Docker networking mode to use for the containers in your task
The logging configuration to use for your tasks
Whether the task should continue to run if the container finishes or fails
The command the container should run when it is started
Any data volumes that should be used with the containers in the task
The IAM role that your tasks should use

You can define multiple containers in a task definition. Tasks can easily be created to run either in Fargate or EC2 like so:

import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";

const vpc = // ... create custom vpc
const cluster = new awsx.ecs.Cluster("custom", { vpc });

// optionally create an auto scaling group for EC2 tasks.

const fargateTask = new awsx.ecs.FargateTaskDefinition("fargate-nginx", {
    containers: {
        nginx: // ...
    },
});

const ec2Task = new awsx.ecs.FargateTaskDefinition("ec2-nginx", {
    containers: {
        nginx: // ...
    },
});

A Task Definition can be used to define a Service, or it can be run on demand in a ‘fire and forget’ manner (for example, from within a Lambda callback). This can be done by calling the run method on the Task instance. This run call must be supplied a Cluster to run in. For example. continuing from above:

const helloTask = new awsx.ecs.FargateTaskDefinition("hello-world", {
    container: {
        image: "hello-world",
        memory: 20,
    },
});

const api = new aws.apigateway.x.API("examples-containers", {
    routes: [{
        path: "/run",
        method: "GET",
        eventHandler: async (req) => {
            const result = await helloTask.run({ cluster });
        },
    }],
});

Additional arguments can be passed to run to control how the instance will be run.

Services

ECS allows you to run and maintain a specified number of instances of a task definition simultaneously in a cluster. This is called a Service. If any of your tasks should fail or stop for any reason, the ECS launches another instance of your task definition to replace it and maintain the desired count of tasks in the service depending on the scheduling strategy used.

Services can be simply be made for Fargate and EC2 like so:

import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";

const vpc = // ... create custom vpc
const cluster = new awsx.ecs.Cluster("custom", { vpc });

// optionally create an auto scaling group for EC2 tasks.

const fargateService = new awsx.ecs.FargateService("fargate-nginx", {
    cluster,
    desiredCount: 2,
    taskDefinitionArgs: {
        containers: {
            nginx: // ...
        },
    },
});

const ec2Service = new awsx.ecs.FargateService("ec2-nginx", {
    cluster,
    desiredCount: 2,
    taskDefinitionArgs: {
        containers: {
            nginx: // ...
        },
    },
});

In the case where a Task is both expected to run in a Service and a ‘fire and forget’ manner, then the following pattern can be used:

import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";

const vpc = // ... create custom vpc
const cluster = new awsx.ecs.Cluster("custom", { vpc });

// optionally create an auto scaling group for EC2 tasks.

const fargateTask = new awsx.ecs.FargateTaskDefinition("fargate-nginx", {
    containers: {
        nginx: // ...
    },
});

const fargateService = fargateTask.createService("fargate-nginx", {
    cluster,
    desiredCount: 2,
});

Containers

A Task Definition is built from a collection of Container Definitions. These definitions are used to specify the docker configuration for the container instances that are launched. The simplest way to specify the docker image to run is to provide a string to the ‘image’ parameter of the container definition. This string is either the name of an image on DockerHub, or an ECR Repository.

import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";

const listener = new awsx.lb.NetworkListener("listener", { port: 80 });
const task = new awsx.ecs.FargateTaskDefinition("task", {
    containers: {
        nginx: {
            image: "nginx",
            memory: 128,
            portMappings: [listener],
        },
    },
});

However, image is far more flexible than that. Beyond just accepting a string a ContainerImageProvider can also be provided. Instances of this interface can be used to dynamically compute and pass in an ECR repository path. Pulumi provides several convenient ways to do this.

For example fromPath will run a Docker build in that path, push the result up to an ECR repository, and then pass the repository path to the container:

const task = new awsx.ecs.FargateTaskDefinition("task", {
    containers: {
        nginx: {
            image: awsx.ecs.Image.fromPath(/*localPath*/"..."),
            // ...
        },
    },
});

For more control over the Docker invocation fromDockerBuild an be used like so:

const task = new awsx.ecs.FargateTaskDefinition("task", {
    containers: {
        nginx: {
            image: awsx.ecs.Image.fromDockerBuild({
                    context: "./app",
                    dockerfile: "./app/Dockerfile-multistage",
                    cacheFrom: {stages: ["build"]},
                }),
            // ...
        },
    },
});

Finally, Pulumi offers a way to create a Container from a callback function. This allows for an infrastructure setup where the code that runs in a container is itself supplied as code directly in the Pulumi application like so. This can be setup like so:

const listener =
    new awsx.lb.NetworkTargetGroup("custom", { port: 8080 })
               .createListener("custom", { port: 80 });

const service = new awsx.ecs.EC2Service("custom", {
    cluster,
    desiredCount: 2,
    taskDefinitionArgs: {
        containers: {
            webserver: {
                memory: 128,
                portMappings: [listener],
                image: awsx.ecs.Image.fromFunction(() => {
                    const rand = Math.random();
                    const http = require("http");
                    http.createServer((req: any, res: any) => {
                        res.end(`Hello, world! (from ${rand})`);
                    }).listen(8080);
                }),
            },
        },
    },
});

Others

Resources

Resource Cluster

 implements AutoScalingUserData

A Cluster is a general purpose ECS cluster configured to run in a provided Network.

constructor

new Cluster(name: string, args: ClusterArgs, opts: ComponentResourceOptions)

method addAutoScalingGroup

public addAutoScalingGroup(group: AutoScalingGroup): void

method createAutoScalingGroup

public createAutoScalingGroup(name: string, args: AutoScalingGroupArgs, opts: ComponentResourceOptions): AutoScalingGroup

Creates a new autoscaling group and adds it to the list of autoscaling groups targeting this cluster. The autoscaling group will be created with is network set to the same network as this cluster as well as using this cluster to initialize both its securityGroups and launchConfiguration userData.

method createDefaultSecurityGroup

public static createDefaultSecurityGroup(name: string, vpc?: ec2.Vpc, opts: ComponentResourceOptions): SecurityGroup

method createDefaultSecurityGroupEgressRules

public static createDefaultSecurityGroupEgressRules(name: string, securityGroup: SecurityGroup): EgressSecurityGroupRule[]

method createDefaultSecurityGroupIngressRules

public static createDefaultSecurityGroupIngressRules(name: string, securityGroup: SecurityGroup): IngressSecurityGroupRule[]

method getData

protected getData(): Promise<TData>

Retrieves the data produces by [initialize]. The data is immediately available in a derived class’s constructor after the super(...) call to ComponentResource.

method getDefault

public static getDefault(opts?: pulumi.ComponentResourceOptions): Cluster

Gets or creates a cluster that can be used by default for the current aws account and region. The cluster will use the default Vpc for the account and will be provisioned with a security group created by [createDefaultSecurityGroup].

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method initialize

protected initialize(args: Inputs): Promise<TData>

Can be overridden by a subclass to asynchronously initialize data for this Component automatically when constructed. The data will be available immediately for subclass constructors to use. To access the data use .getData.

method isInstance

static isInstance(obj: any): obj is ComponentResource

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method registerOutputs

protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void

registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.

ComponentResources can call this at the end of their constructor to indicate that they are done creating child resources. This is not strictly necessary as this will automatically be called after the initialize method completes.

property autoScalingGroups

public autoScalingGroups: AutoScalingGroup[] = [];

property cluster

public cluster: Cluster;

property extraBootcmdLines

public extraBootcmdLines: () => pulumi.Input<UserDataLine[]>;

property id

public id: pulumi.Output<string>;

property securityGroups

public securityGroups: SecurityGroup[];

Security groups associated with this this ECS Cluster.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property vpc

public vpc: Vpc;

The network in which to create this cluster.

Resource Service

class Service extends ComponentResource

constructor

new Service(type: string, name: string, args: ServiceArgs, opts: ComponentResourceOptions)

method getData

protected getData(): Promise<TData>

Retrieves the data produces by [initialize]. The data is immediately available in a derived class’s constructor after the super(...) call to ComponentResource.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method initialize

protected initialize(args: Inputs): Promise<TData>

method isInstance

static isInstance(obj: any): obj is ComponentResource

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method registerOutputs

protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void

registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.

property applicationListeners

public applicationListeners: Record<string, ApplicationListener>;

property cluster

public cluster: Cluster;

property listeners

public listeners: Record<string, Listener>;

Mapping from container in this service to the ELB listener exposing it through a load balancer. Only present if a listener was provided in [Container.portMappings] or in [Container.applicationListener] or [Container.networkListener].

property networkListeners

public networkListeners: Record<string, NetworkListener>;

property service

public service: Service;

property taskDefinition

public taskDefinition: TaskDefinition;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource TaskDefinition

class TaskDefinition extends ComponentResource

constructor

new TaskDefinition(type: string, name: string, isFargate: boolean, args: TaskDefinitionArgs, opts: ComponentResourceOptions)

method createExecutionRole

public static createExecutionRole(name: string, assumeRolePolicy?: string | PolicyDocument, policyArns?: string[], opts?: pulumi.ComponentResourceOptions): Role

Creates the [executionRole] for a [TaskDefinition] if not provided explicitly. If [assumeRolePolicy] is provided it will be used when creating the task, otherwise [defaultRoleAssumeRolePolicy] will be used. If [policyArns] are provided, they will be used to create [RolePolicyAttachment]s for the Role. Otherwise, [defaultExecutionRolePolicyARNs] will be used.

method createTaskRole

public static createTaskRole(name: string, assumeRolePolicy?: string | PolicyDocument, policyArns?: string[], opts?: pulumi.ComponentResourceOptions): Role

Creates the [taskRole] for a [TaskDefinition] if not provided explicitly. If [assumeRolePolicy] is provided it will be used when creating the task, otherwise [defaultRoleAssumeRolePolicy] will be used. If [policyArns] are provided, they will be used to create [RolePolicyAttachment]s for the Role. Otherwise, [defaultTaskRolePolicyARNs] will be used.

method defaultExecutionRolePolicyARNs

public static defaultExecutionRolePolicyARNs(): string[]

method defaultRoleAssumeRolePolicy

public static defaultRoleAssumeRolePolicy(): PolicyDocument

method defaultTaskRolePolicyARNs

public static defaultTaskRolePolicyARNs(): "arn:aws:iam::aws:policy/AWSLambda_FullAccess" | "arn:aws:iam::aws:policy/AmazonECS_FullAccess"[]

method getData

protected getData(): Promise<TData>

Retrieves the data produces by [initialize]. The data is immediately available in a derived class’s constructor after the super(...) call to ComponentResource.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method initialize

protected initialize(args: Inputs): Promise<TData>

method isInstance

static isInstance(obj: any): obj is ComponentResource

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method registerOutputs

protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void

registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.

property applicationListeners

public applicationListeners: Record<string, ApplicationListener>;

property containers

public containers: Record<string, Container>;

property executionRole

public executionRole?: aws.iam.Role;

property listeners

public listeners: Record<string, Listener>;

Mapping from container in this task to the ELB listener exposing it through a load balancer. Only present if a listener was provided in [Container.portMappings] or in [Container.applicationListener] or [Container.networkListener].

property logGroup

public logGroup?: aws.cloudwatch.LogGroup;

property networkListeners

public networkListeners: Record<string, NetworkListener>;

property run

public run: (params: RunTaskRequest) => Promise<awssdk.ECS.Types.RunTaskResponse>;

Run one or more instances of this TaskDefinition using the ECS runTask API, returning the Task instances.

This wrapper around runTask provides appropriate defaults based on the TaskDefinition and allows specifying a Cluster instead of individual network configurations.

This API is designed for use at runtime.

property taskDefinition

public taskDefinition: TaskDefinition;

property taskRole

public taskRole?: aws.iam.Role;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Others

class CapacityProviderService

class CapacityProviderService extends Service

constructor

new CapacityProviderService(name: string, args: CapacityProviderServiceArgs, opts: ComponentResourceOptions)

method getData

protected getData(): Promise<TData>

Retrieves the data produces by [initialize]. The data is immediately available in a derived class’s constructor after the super(...) call to ComponentResource.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method initialize

protected initialize(args: Inputs): Promise<TData>

method isInstance

static isInstance(obj: any): obj is ComponentResource

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method registerOutputs

protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void

registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.

property applicationListeners

public applicationListeners: Record<string, ApplicationListener>;

property cluster

public cluster: Cluster;

property listeners

public listeners: Record<string, Listener>;

property networkListeners

public networkListeners: Record<string, NetworkListener>;

property service

public service: Service;

property taskDefinition

public taskDefinition: FargateTaskDefinition | EC2TaskDefinition;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

interface CapacityProviderServiceArgs

interface CapacityProviderServiceArgs

property assignPublicIp

assignPublicIp?: pulumi.Input<boolean>;

Whether or not public IPs should be provided for the instances.

Defaults to [true] if unspecified.

property capacityProviderStrategies

capacityProviderStrategies?;

The custom capacity provider strategy to use for the service. If not set, the cluster default capacity provider strategies will be used.

property cluster

cluster?: Cluster;

Cluster this service will run in. If unspecified, [Cluster.getDefault()] will be used.

property deploymentCircuitBreaker

deploymentCircuitBreaker?;

Configuration block for deployment circuit breaker.

property deploymentController

deploymentController?;

Configuration block containing deployment controller configuration.

property deploymentMaximumPercent

deploymentMaximumPercent?: pulumi.Input<number>;

The upper limit (as a percentage of the service’s desiredCount) of the number of running tasks that can be running in a service during a deployment. Not valid when using the DAEMON scheduling strategy.

property deploymentMinimumHealthyPercent

deploymentMinimumHealthyPercent?: pulumi.Input<number>;

The lower limit (as a percentage of the service’s desiredCount) of the number of running tasks that must remain running and healthy in a service during a deployment.

property desiredCount

desiredCount?: pulumi.Input<number>;

The number of instances of the task definition to place and keep running. Defaults to 1. Do not specify if using the DAEMON scheduling strategy.

property enableEcsManagedTags

enableEcsManagedTags?: pulumi.Input<boolean>;

Specifies whether to enable Amazon ECS managed tags for the tasks within the service.

property enableExecuteCommand

enableExecuteCommand?: pulumi.Input<boolean>;

Specifies whether to enable Amazon ECS Exec for the tasks within the service.

property forceNewDeployment

forceNewDeployment?: pulumi.Input<boolean>;

Enable to force a new task deployment of the service. This can be used to update tasks to use a newer Docker image with same image/tag combination (e.g. myimage:latest), roll Fargate tasks onto a newer platform version, or immediately deploy orderedPlacementStrategies and placementConstraints updates.

property healthCheckGracePeriodSeconds

healthCheckGracePeriodSeconds?: pulumi.Input<number>;

Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers.

property iamRole

iamRole?: pulumi.Input<string>;

ARN of the IAM role that allows Amazon ECS to make calls to your load balancer on your behalf. This parameter is required if you are using a load balancer with your service, but only if your task definition does not use the awsvpc network mode. If using awsvpc network mode, do not specify this role. If your account has already created the Amazon ECS service-linked role, that role is used by default for your service unless you specify a role here.

property loadBalancers

loadBalancers?: ServiceLoadBalancer | Promise<ServiceLoadBalancer> | OutputInstance<ServiceLoadBalancer> | ServiceLoadBalancerProvider[];

A load balancer block. Load balancers documented below.

property name

name?: pulumi.Input<string>;

The name of the service (up to 255 letters, numbers, hyphens, and underscores)

property orderedPlacementStrategies

orderedPlacementStrategies?;

Service level strategy rules that are taken into consideration during task placement. List from top to bottom in order of precedence. The maximum number of ordered_placement_strategy blocks is 5. Defined below.

property os

os?: pulumi.Input<"linux" | "windows">;

property placementConstraints

placementConstraints?;

rules that are taken into consideration during task placement. Maximum number of placement_constraints is 10. Defined below.

property platformVersion

platformVersion?: pulumi.Input<string>;

The platform version on which to run your service. Only applicable for launchType set to FARGATE. Defaults to LATEST. More information about Fargate platform versions can be found in the AWS ECS User Guide.

property propagateTags

propagateTags?: pulumi.Input<string>;

Specifies whether to propagate the tags from the task definition or the service to the tasks. The valid values are SERVICE and TASK_DEFINITION.

property schedulingStrategy

schedulingStrategy?: pulumi.Input<string>;

The scheduling strategy to use for the service. The valid values are REPLICA and DAEMON. Defaults to REPLICA. Note that Fargate tasks do not support the DAEMON scheduling strategy.

property securityGroups

securityGroups?: ec2.SecurityGroupOrId[];

The security groups to use for the instances.

Defaults to [cluster.securityGroups] if unspecified.

property serviceRegistries

serviceRegistries?;

The service discovery registries for the service. The maximum number of service_registries blocks is 1.

property subnets

subnets?: pulumi.Input<pulumi.Input<string>[]>;

The subnets to connect the instances to. If unspecified and [assignPublicIp] is true, then these will be the public subnets of the cluster’s vpc. If unspecified and [assignPublicIp] is false, then these will be the private subnets of the cluster’s vpc.

property tags

tags?: pulumi.Input<Tags>;

Key-value mapping of resource tags

property taskDefinition

taskDefinition: FargateTaskDefinition | EC2TaskDefinition;

The task definition to create the service from.

property waitForSteadyState

waitForSteadyState?: pulumi.Input<boolean>;

Wait for the service to reach a steady state (like aws ecs wait services-stable) before continuing. Defaults to true.

interface ClusterArgs

interface ClusterArgs

Arguments bag for creating infrastructure for a new Cluster.

property capacityProviders

capacityProviders?;

List of short names of one or more capacity providers to associate with the cluster. Valid values also include FARGATE and FARGATE_SPOT.

property cluster

cluster?: Cluster | pulumi.Input<string>;

An existing aws.ecs.Cluster (or the name of an existing aws.ecs.Cluster) to use for this awsx.ecs.Cluster. If not provided, a default one will be created.

Note: If passing a string, use the name of an existing ECS Cluster instead of its id.

property defaultCapacityProviderStrategies

defaultCapacityProviderStrategies?;

The capacity provider strategy to use by default for the cluster. Can be one or more.

property name

name?: pulumi.Input<string>;

The name of the cluster (up to 255 letters, numbers, hyphens, and underscores)

property securityGroups

securityGroups?: ec2.SecurityGroupOrId[];

The security group to place new instances into. If not provided, a default will be created. Pass an empty array to create no security groups.

property settings

settings?;

Configuration block(s) with cluster settings. For example, this can be used to enable CloudWatch Container Insights for a cluster.

property tags

tags?: pulumi.Input<Tags>;

Key-value mapping of resource tags

property vpc

vpc?: ec2.Vpc;

The network in which to create this cluster. If not provided, Vpc.getDefault() will be used.

interface Container

interface Container

[Container]s are used in [awsx.ec2.TaskDefinition] to describe the different containers that are launched as part of a task.

See https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html for more details.

property applicationListener

applicationListener?: ApplicationListener | ApplicationListenerArgs;

Alternative to passing in portMappings. If a listener (or args to create a listener) is passed in, it will be used instead.

property command

command?: pulumi.Input<string[]>;

The command that is passed to the container.

This parameter maps to Cmd in the Create-a-container section of the Docker-Remote-API and the COMMAND parameter to docker-run. For more information, see https://docs.docker.com/engine/reference/builder/#cmd. If there are multiple arguments, each argument should be a separated string in the array.

property cpu

cpu?: pulumi.Input<number>;

The number of cpu units reserved for the container. This parameter maps to CpuShares in the Create a container section of the Docker Remote API and the –cpu-shares option to docker run.

This parameter maps to CpuShares in the Create-a-container section of the Docker-Remote-API and the --cpu-shared parameter to docker-run.

property dependsOn

dependsOn?: pulumi.Input<ContainerDependency[]>;

The dependencies defined for container startup and shutdown. A container can contain multiple dependencies. When a dependency is defined for container startup, for container shutdown it is reversed.

For tasks using the EC2 launch type, the container instances require at least version 1.26.0 of the container agent to enable container dependencies. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see Updating the Amazon ECS Container Agent in the Amazon Elastic Container Service Developer Guide. If you are using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the ecs-init package. If your container instances are launched from version 20190301 or later, then they contain the required versions of the container agent and ecs-init. For more information, see Amazon ECS-optimized Linux AMI in the Amazon Elastic Container Service Developer Guide.

For tasks using the Fargate launch type, the task or service requires platform version 1.3.0 or later.

property disableNetworking

disableNetworking?: pulumi.Input<boolean>;

When this parameter is true, networking is disabled within the container.

This parameter maps to NetworkDisabled in the Create-a-container section of the Docker-Remote-API.

Note: This parameter is not supported for Windows containers.

property dnsSearchDomains

dnsSearchDomains?: pulumi.Input<string[]>;

A list of DNS search domains that are presented to the container.

This parameter maps to DnsSearch in the Create-a-container section of the Docker-Remote-API and the --dns-search parameter to docker-run.

Note: This parameter is not supported for Windows containers.

property dnsServers

dnsServers?: pulumi.Input<string[]>;

A list of DNS servers that are presented to the container.

This parameter maps to Dns in the Create-a-container section of the Docker-Remote-API and the --dns parameter to docker-run.

Note: This parameter is not supported for Windows containers.

property dockerLabels

dockerLabels?: pulumi.Input<{[label: string]: string}>;

A key/value map of labels to add to the container.

This parameter maps to Labels in the Create-a-container section of the Docker-Remote-API and the --label parameter to docker-run.

property dockerSecurityOptions

dockerSecurityOptions?: pulumi.Input<string[]>;

A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems. This field is not valid for containers in tasks using the Fargate launch type.

This parameter maps to SecurityOpt in the Create-a-container section of the Docker-Remote-API and the --security-opt parameter to docker-run.

property entryPoint

entryPoint?: pulumi.Input<string[]>;

The entry point that is passed to the container.

This parameter maps to Entrypoint in the Create-a-container section of the Docker-Remote-API and the --entrypoint parameter to docker-run.

Important: Early versions of the Amazon ECS container agent do not properly handle entryPoint parameters. If you have problems using entryPoint, update your container agent or enter your commands and arguments as command array items instead.

property environment

environment?: pulumi.Input<KeyValuePair[]>;

The environment variables to pass to a container.

This parameter maps to Env in the Create-a-container section of the Docker-Remote-API and the --env parameter to docker-run.

Important: We do not recommend using plaintext environment variables for sensitive information, such as credential data.

property environmentFiles

environmentFiles?: pulumi.Input<EnvironmentFile[]>;

A list of files containing the environment variables to pass to a container. This parameter maps to the –env-file option to docker run.

You can specify up to ten environment files. The file must have a .env file extension. Each line in an environment file should contain an environment variable in VARIABLE=VALUE format. Lines beginning with # are treated as comments and are ignored. For more information on the environment variable file syntax, see Declare default environment variables in file.

If there are environment variables specified using the environment parameter in a container definition, they take precedence over the variables contained within an environment file. If multiple environment files are specified that contain the same variable, they are processed from the top down. It is recommended to use unique variable names. For more information, see Specifying Environment Variables in the Amazon Elastic Container Service Developer Guide.

property essential

essential?: pulumi.Input<boolean>;

If the essential parameter of a container is marked as true, and that container fails or stops for any reason, all other containers that are part of the task are stopped. If the essential parameter of a container is marked as false, then its failure does not affect the rest of the containers in a task. If this parameter is omitted, a container is assumed to be essential.

All tasks must have at least one essential container. If you have an application that is composed of multiple containers, you should group containers that are used for a common purpose into components, and separate the different components into multiple task definitions. For more information, see Application-Architecture in the Amazon Elastic Container Service Developer Guide.

property extraHosts

extraHosts?: pulumi.Input<HostEntry[]>;

A list of hostnames and IP address mappings to append to the /etc/hosts file on the container.

This parameter maps to ExtraHosts in the Create-a-container section of the Docker-Remote-API and the --add-host parameter to docker-run.

Note: This parameter is not supported for Windows containers or tasks that use the awsvpc network mode.

property firelensConfiguration

firelensConfiguration?: pulumi.Input<FirelensConfiguration>;

The FireLens configuration for the container. This is used to specify and configure a log router for container logs. For more information, see Custom Route Logging in the Amazon Elastic Container Service Developer Guide.

property healthCheck

healthCheck?: pulumi.Input<HealthCheck>;

The health check command and associated configuration parameters for the container. This parameter maps to HealthCheck in the Create-a-container section of the Docker-Remote-API and the HEALTHCHECK parameter to docker-run.

property hostname

hostname?: pulumi.Input<string>;

The hostname to use for your container. container.

This parameter maps to Hostname in the Create-a-container section of the Docker-Remote-API and the --hostname parameter to docker-run.

property image

image: pulumi.Input<string> | ContainerImageProvider;

The image id to use for the container. If this is provided then the image with this idq will be pulled from Docker Hub. To provide customized image retrieval, provide [imageProvide] which can do whatever custom work is necessary. See [Image] for common ways to create an image from a local docker build.

property interactive

interactive?: pulumi.Input<boolean>;

When this parameter is true, this allows you to deploy containerized applications that require stdin or a tty to be allocated. This parameter maps to OpenStdin in the Create a container section of the Docker Remote API and the –interactive option to docker run.

property links

links?: pulumi.Input<string[]>;

The links parameter allows containers to communicate with each other without the need for port mappings. This parameter is only supported if the network mode of a task definition is bridge. The name:internalName construct is analogous to name:alias in Docker links. Up to 255 letters (uppercase and lowercase), numbers, and hyphens are allowed. For more information about linking Docker containers, go to Legacy container links in the Docker documentation.

This parameter maps to Links in the Create-a-container section of the Docker-Remote-API and the --link parameter to docker-run.

Note: This parameter is not supported for Windows containers.

Important: Containers that are collocated on a single container instance may be able to communicate with each other without requiring links or host port mappings. Network isolation is achieved on the container instance using security groups and VPC settings.

property linuxParameters

linuxParameters?: pulumi.Input<LinuxParameters>;

Linux-specific modifications that are applied to the container, such as Linux kernel capabilities. For more information see KernelCapabilities.

property logConfiguration

logConfiguration?: pulumi.Input<LogConfiguration>;

The log configuration specification for the container. By default, containers use the same logging driver that the Docker daemon uses. However the container may use a different logging driver than the Docker daemon by specifying a log driver with this parameter in the container definition. To use a different logging driver for a container, the log system must be configured properly on the container instance (or on a different log server for remote logging options). For more information on the options for different supported log drivers, see Configure-logging-drivers in the Docker documentation.

This parameter maps to LogConfig in the Create-a-container section of the Docker-Remote-API and the --log-driver parameter to docker-run.

property memory

memory?: pulumi.Input<number>;

The amount (in MiB) of memory to present to the container. If your container attempts to exceed the memory specified here, the container is killed. The total amount of memory reserved for all containers within a task must be lower than the task memory value, if one is specified.

If using the Fargate launch type, this parameter is optional.

If using the EC2 launch type, you must specify either a task-level memory value or a container-level memory value. If you specify both a container-level memory and memoryReservation value, memory must be greater than memoryReservation. If you specify memoryReservation, then that value is subtracted from the available memory resources for the container instance on which the container is placed. Otherwise, the value of memory is used.

The Docker daemon reserves a minimum of 4 MiB of memory for a container, so you should not specify fewer than 4 MiB of memory for your containers.

This parameter maps to Memory in the Create-a-container section of the Docker-Remote-API and the --memory parameter to docker-run.

property memoryReservation

memoryReservation?: pulumi.Input<number>;

The soft limit (in MiB) of memory to reserve for the container. When system memory is under heavy contention, Docker attempts to keep the container memory to this soft limit. However, your container can consume more memory when it needs to, up to either the hard limit specified with the memory parameter (if applicable), or all of the available memory on the container instance, whichever comes first.

If a task-level memory value is not specified, you must specify a non-zero integer for one or both of memory or memoryReservation in a container definition. If you specify both, memory must be greater than memoryReservation. If you specify memoryReservation, then that value is subtracted from the available memory resources for the container instance on which the container is placed. Otherwise, the value of memory is used.

For example, if your container normally uses 128 MiB of memory, but occasionally bursts to 256 MiB of memory for short periods of time, you can set a memoryReservation of 128 MiB, and a memory hard limit of 300 MiB. This configuration would allow the container to only reserve 128 MiB of memory from the remaining resources on the container instance, but also allow the container to consume more memory resources when needed.

The Docker daemon reserves a minimum of 4 MiB of memory for a container, so you should not specify fewer than 4 MiB of memory for your containers.

This parameter maps to MemoryReservation in the Create-a-container section of the Docker-Remote-API and the --memory-reservation parameter to docker-run.

property mountPoints

mountPoints?: pulumi.Input<MountPoint[]>;

The mount points for data volumes in your container.

This parameter maps to Volumes in the Create-a-container section of the Docker-Remote-API and the --volume parameter to docker-run.

property networkListener

networkListener?: NetworkListener | NetworkListenerArgs;

Alternative to passing in portMappings. If a listener (or args to create a listener) is passed in, it will be used instead.

property portMappings

portMappings?: PortMapping | Promise<PortMapping> | OutputInstance<PortMapping> | ContainerPortMappingProvider[];

The list of port mappings for the container. Port mappings allow containers to access ports on the host container instance to send or receive traffic.

If this container will be run in an ecs.Service that will be hooked up to an lb.LoadBalancer (either an ALB or NLB) the appropriate lb.Listener or lb.TargetGroup can be passed in here instead and the port mapping will be computed from it.

Alternatively, to simplify the common case of having to create load balancer listeners solely for this purpose, the information listener can be provided directly in the container definition using applicationListener or networkListener. If those properties are provided, then portMappings should not be provided.

For task definitions that use the awsvpc network mode, you should only specify the containerPort. The hostPort can be left blank or it must be the same value as the containerPort.

Port mappings on Windows use the NetNAT gateway address rather than localhost. There is no loopback for port mappings on Windows, so you cannot access a container’s mapped port from the host itself.

If the network mode of a task definition is set to none, then you can’t specify port mappings. If the network mode of a task definition is set to host, then host ports must either be undefined or they must match the container port in the port mapping.

This parameter maps to PortBindings in the Create-a-container section of the Docker-Remote-API and the --publish parameter to docker-run.

property privileged

privileged?: pulumi.Input<boolean>;

When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user).

This parameter maps to Privileged in the Create-a-container section of the Docker-Remote-API and the --privileged parameter to docker-run.

Note: This parameter is not supported for Windows containers or tasks using the Fargate launch type.

property pseudoTerminal

pseudoTerminal?: pulumi.Input<boolean>;

When this parameter is true, a TTY is allocated. This parameter maps to Tty in the Create a container section of the Docker Remote API and the --tty option to docker run.

property readonlyRootFilesystem

readonlyRootFilesystem?: pulumi.Input<boolean>;

When this parameter is true, the container is given read-only access to its root file system.

This parameter maps to ReadonlyRootfs in the Create-a-container section of the Docker-Remote-API and the --read-only parameter to docker-run.

Note: This parameter is not supported for Windows containers.

property repositoryCredentials

repositoryCredentials?: pulumi.Input<RepositoryCredentials>;

The private repository authentication credentials to use.

property resourceRequirements

resourceRequirements?: pulumi.Input<ResourceRequirements[]>;

The type and amount of a resource to assign to a container. The only supported resource is a GPU.

property secrets

secrets?: pulumi.Input<Secret[]>;

The secrets to pass to the container. For more information, see Specifying-Sensitive-Data in the Amazon Elastic Container Service Developer Guide.

property startTimeout

startTimeout?: pulumi.Input<number>;

Time duration (in seconds) to wait before giving up on resolving dependencies for a container. For example, you specify two containers in a task definition with containerA having a dependency on containerB reaching a COMPLETE, SUCCESS, or HEALTHY status. If a startTimeout value is specified for containerB and it does not reach the desired status within that time then containerA will give up and not start. This results in the task transitioning to a STOPPED state.

For tasks using the EC2 launch type, the container instances require at least version 1.26.0 of the container agent to enable a container start timeout value. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see Updating the Amazon ECS Container Agent in the Amazon Elastic Container Service Developer Guide. If you are using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the ecs-init package. If your container instances are launched from version 20190301 or later, then they contain the required versions of the container agent and ecs-init. For more information, see Amazon ECS-optimized Linux AMI in the Amazon Elastic Container Service Developer Guide.

For tasks using the Fargate launch type, the task or service requires platform version 1.3.0 or later.

property stopTimeout

stopTimeout?: pulumi.Input<number>;

Time duration (in seconds) to wait before the container is forcefully killed if it doesn’t exit normally on its own.

For tasks using the Fargate launch type, the max stopTimeout value is 2 minutes and the task or service requires platform version 1.3.0 or later.

For tasks using the EC2 launch type, the stop timeout value for the container takes precedence over the ECS_CONTAINER_STOP_TIMEOUT container agent configuration parameter, if used. Container instances require at least version 1.26.0 of the container agent to enable a container stop timeout value. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see Updating the Amazon ECS Container Agent in the Amazon Elastic Container Service Developer Guide. If you are using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the ecs-init package. If your container instances are launched from version 20190301 or later, then they contain the required versions of the container agent and ecs-init. For more information, see Amazon ECS-optimized Linux AMI in the Amazon Elastic Container Service Developer Guide.

property systemControls

systemControls?: pulumi.Input<SystemControl[]>;

A list of namespaced kernel parameters to set in the container. This parameter maps to Sysctls in the Create a container section of the Docker Remote API and the --sysctl option to docker run.

Note: It is not recommended that you specify network-related systemControls parameters for multiple containers in a single task that also uses either the awsvpc or host network modes. For tasks that use the awsvpc network mode, the container that is started last determines which systemControls parameters take effect. For tasks that use the host network mode, it changes the container instance’s namespaced kernel parameters as well as the containers.

property ulimits

ulimits?: pulumi.Input<Ulimit[]>;

A list of ulimits to set in the container.

This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version –format ‘{{.Server.APIVersion}}’

This parameter maps to Ulimits in the Create-a-container section of the Docker-Remote-API and the --ulimit parameter to docker-run.

Note: This parameter is not supported for Windows containers.

property user

user?: pulumi.Input<string>;

The user name to use inside the container.

This parameter maps to User in the Create-a-container section of the Docker-Remote-API and the --user parameter to docker-run.

property volumesFrom

volumesFrom?: pulumi.Input<VolumeFrom[]>;

Data volumes to mount from another container.

This parameter maps to VolumesFrom in the Create-a-container section of the Docker-Remote-API and the --volumes-from parameter to docker-run.

property workingDirectory

workingDirectory?: pulumi.Input<string>;

The working directory in which to run commands inside the container.

This parameter maps to WorkingDir in the Create-a-container section of the Docker-Remote-API and the --workdir parameter to docker-run.

interface ContainerDependency

interface ContainerDependency

See https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDependency.html for more details.

property condition

condition?: pulumi.Input<"START" | "COMPLETE" | "SUCCESS" | "HEALTHY">;

The dependency condition of the container. The following are the available conditions and their behavior: START - This condition emulates the behavior of links and volumes today. It validates that a dependent container is started before permitting other containers to start. COMPLETE - This condition validates that a dependent container runs to completion (exits) before permitting other containers to start. This can be useful for nonessential containers that run a script and then exit. SUCCESS - This condition is the same as COMPLETE, but it also requires that the container exits with a zero status. HEALTHY - This condition validates that the dependent container passes its Docker health check before permitting other containers to start. This requires that the dependent container has health checks configured. This condition is confirmed only at task startup.

property containerName

containerName: pulumi.Input<string>;

The name of a container.

interface ContainerImageProvider

interface ContainerImageProvider

method environment

environment(name: string, parent: Resource): pulumi.Input<KeyValuePair[]>

method image

image(name: string, parent: Resource): pulumi.Input<string>

interface ContainerLoadBalancer

interface ContainerLoadBalancer

property containerPort

containerPort: pulumi.Input<number>;

property elbName

elbName?: pulumi.Input<string>;

property targetGroupArn

targetGroupArn?: pulumi.Input<string>;

interface ContainerLoadBalancerProvider

interface ContainerLoadBalancerProvider

method containerLoadBalancer

containerLoadBalancer(name: string, parent: Resource): pulumi.Input<ContainerLoadBalancer>

interface ContainerPortMappingProvider

interface ContainerPortMappingProvider

method containerPortMapping

containerPortMapping(name: string, parent: Resource): pulumi.Input<PortMapping>

class EC2Service

class EC2Service extends Service

constructor

new EC2Service(name: string, args: EC2ServiceArgs, opts: ComponentResourceOptions)

method getData

protected getData(): Promise<TData>

Retrieves the data produces by [initialize]. The data is immediately available in a derived class’s constructor after the super(...) call to ComponentResource.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method initialize

protected initialize(args: Inputs): Promise<TData>

method isInstance

static isInstance(obj: any): obj is ComponentResource

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method registerOutputs

protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void

registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.

property applicationListeners

public applicationListeners: Record<string, ApplicationListener>;

property cluster

public cluster: Cluster;

property listeners

public listeners: Record<string, Listener>;

property networkListeners

public networkListeners: Record<string, NetworkListener>;

property service

public service: Service;

property taskDefinition

public taskDefinition: EC2TaskDefinition;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

interface EC2ServiceArgs

interface EC2ServiceArgs

property cluster

cluster?: Cluster;

Cluster this service will run in.

property deploymentCircuitBreaker

deploymentCircuitBreaker?;

Configuration block for deployment circuit breaker.

property deploymentController

deploymentController?;

Configuration block containing deployment controller configuration.

property deploymentMaximumPercent

deploymentMaximumPercent?: pulumi.Input<number>;

property deploymentMinimumHealthyPercent

deploymentMinimumHealthyPercent?: pulumi.Input<number>;

The lower limit (as a percentage of the service’s desiredCount) of the number of running tasks that must remain running and healthy in a service during a deployment.

property desiredCount

desiredCount?: pulumi.Input<number>;

The number of instances of the task definition to place and keep running. Defaults to 1. Do not specify if using the DAEMON scheduling strategy.

property enableEcsManagedTags

enableEcsManagedTags?: pulumi.Input<boolean>;

Specifies whether to enable Amazon ECS managed tags for the tasks within the service.

property enableExecuteCommand

enableExecuteCommand?: pulumi.Input<boolean>;

Specifies whether to enable Amazon ECS Exec for the tasks within the service.

property forceNewDeployment

forceNewDeployment?: pulumi.Input<boolean>;

Enable to force a new task deployment of the service. This can be used to update tasks to use a newer Docker image with same image/tag combination (e.g. myimage:latest) or immediately deploy orderedPlacementStrategies and placementConstraints updates.

property healthCheckGracePeriodSeconds

healthCheckGracePeriodSeconds?: pulumi.Input<number>;

Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers.

property iamRole

iamRole?: pulumi.Input<string>;

property loadBalancers

loadBalancers?: ServiceLoadBalancer | Promise<ServiceLoadBalancer> | OutputInstance<ServiceLoadBalancer> | ServiceLoadBalancerProvider[];

A load balancer block. Load balancers documented below.

property name

name?: pulumi.Input<string>;

The name of the service (up to 255 letters, numbers, hyphens, and underscores)

property orderedPlacementStrategies

orderedPlacementStrategies?;

property os

os?: pulumi.Input<"linux" | "windows">;

property placementConstraints

placementConstraints?;

rules that are taken into consideration during task placement. Maximum number of placement_constraints is 10. Defined below.

property propagateTags

propagateTags?: pulumi.Input<string>;

Specifies whether to propagate the tags from the task definition or the service to the tasks. The valid values are SERVICE and TASK_DEFINITION.

property schedulingStrategy

schedulingStrategy?: pulumi.Input<string>;

The scheduling strategy to use for the service. The valid values are REPLICA and DAEMON. Defaults to REPLICA. Note that Fargate tasks do not support the DAEMON scheduling strategy.

property securityGroups

securityGroups?: ec2.SecurityGroupOrId[];

The security groups to use for the instances.

Defaults to [cluster.securityGroups] if unspecified.

property serviceRegistries

serviceRegistries?;

The service discovery registries for the service. The maximum number of service_registries blocks is 1.

property subnets

subnets?: pulumi.Input<pulumi.Input<string>[]>;

The subnets to connect the instances to. If unspecified then these will be the public subnets of the cluster’s vpc.

property tags

tags?: pulumi.Input<Tags>;

Key-value mapping of resource tags

property taskDefinition

taskDefinition?: EC2TaskDefinition;

The task definition to create the service from. Either [taskDefinition] or [taskDefinitionArgs] must be provided.

property taskDefinitionArgs

taskDefinitionArgs?: EC2TaskDefinitionArgs;

The task definition to create the service from. Either [taskDefinition] or [taskDefinitionArgs] must be provided.

property waitForSteadyState

waitForSteadyState?: pulumi.Input<boolean>;

Wait for the service to reach a steady state (like aws ecs wait services-stable) before continuing. Defaults to true.

class EC2TaskDefinition

class EC2TaskDefinition extends TaskDefinition

constructor

new EC2TaskDefinition(name: string, args: EC2TaskDefinitionArgs, opts: ComponentResourceOptions)

method createExecutionRole

public static createExecutionRole(name: string, assumeRolePolicy?: string | PolicyDocument, policyArns?: string[], opts?: pulumi.ComponentResourceOptions): Role

method createService

public createService(name: string, args: EC2ServiceArgs, opts: ComponentResourceOptions): EC2Service

Creates a service with this as its task definition.

method createTaskRole

public static createTaskRole(name: string, assumeRolePolicy?: string | PolicyDocument, policyArns?: string[], opts?: pulumi.ComponentResourceOptions): Role

method defaultExecutionRolePolicyARNs

public static defaultExecutionRolePolicyARNs(): string[]

method defaultRoleAssumeRolePolicy

public static defaultRoleAssumeRolePolicy(): PolicyDocument

method defaultTaskRolePolicyARNs

public static defaultTaskRolePolicyARNs(): "arn:aws:iam::aws:policy/AWSLambda_FullAccess" | "arn:aws:iam::aws:policy/AmazonECS_FullAccess"[]

method getData

protected getData(): Promise<TData>

Retrieves the data produces by [initialize]. The data is immediately available in a derived class’s constructor after the super(...) call to ComponentResource.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method initialize

protected initialize(args: Inputs): Promise<TData>

method isInstance

static isInstance(obj: any): obj is ComponentResource

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method registerOutputs

protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void

registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.

property applicationListeners

public applicationListeners: Record<string, ApplicationListener>;

property containers

public containers: Record<string, Container>;

property executionRole

public executionRole?: aws.iam.Role;

property listeners

public listeners: Record<string, Listener>;

property logGroup

public logGroup?: aws.cloudwatch.LogGroup;

property networkListeners

public networkListeners: Record<string, NetworkListener>;

property run

public run: (params: RunTaskRequest) => Promise<awssdk.ECS.Types.RunTaskResponse>;

Run one or more instances of this TaskDefinition using the ECS runTask API, returning the Task instances.

This wrapper around runTask provides appropriate defaults based on the TaskDefinition and allows specifying a Cluster instead of individual network configurations.

This API is designed for use at runtime.

property taskDefinition

public taskDefinition: TaskDefinition;

property taskRole

public taskRole?: aws.iam.Role;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

interface EC2TaskDefinitionArgs

interface EC2TaskDefinitionArgs

property container

container?: Container;

Single container to make a TaskDefinition from. Useful for simple cases where there aren’t multiple containers, especially when creating a TaskDefinition to call [run] on.

Either [container] or [containers] must be provided.

property containers

containers?: Record<string, Container>;

All the containers to make a TaskDefinition from. Useful when creating a Service that will contain many containers within.

Either [container] or [containers] must be provided.

property executionRole

executionRole?: Role | null;

The execution role that the Amazon ECS container agent and the Docker daemon can assume.

If undefined, a default will be created for the task. If null no role will be created.

property family

family?: pulumi.Input<string>;

An optional family name for the Task Definition. If not specified, then a suitable default will be created.

property logGroup

logGroup?: LogGroup | null;

Log group for logging information related to the service. If undefined a default instance with a one-day retention policy will be created. If null no log group will be created.

property networkMode

networkMode?: pulumi.Input<"none" | "bridge" | "awsvpc" | "host">;

The Docker networking mode to use for the containers in the task. The valid values are none, bridge, awsvpc, and host.

property placementConstraints

placementConstraints?;

A set of placement constraints rules that are taken into consideration during task placement. Maximum number of placement_constraints is 10.

property proxyConfiguration

proxyConfiguration?;

The proxy configuration details for the App Mesh proxy.

property tags

tags?: pulumi.Input<Tags>;

Key-value mapping of resource tags

property taskRole

taskRole?: Role | null;

IAM role that allows your Amazon ECS container task to make calls to other AWS services. If undefined, a default will be created for the task. If null no role will be created.

property volumes

volumes?;

A set of volume blocks that containers in your task may use.

property vpc

vpc?: ec2.Vpc;

The vpc that the service for this task will run in. Does not normally need to be explicitly provided as it will be inferred from the cluster the service is associated with.

interface EnvironmentFile

interface EnvironmentFile

See https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_EnvironmentFile.html for more details.

property type

type: "s3";

The file type to use. The only supported value is s3.

property value

value: string;

The Amazon Resource Name (ARN) of the Amazon S3 object containing the environment variable file.

class FargateService

class FargateService extends Service

constructor

new FargateService(name: string, args: FargateServiceArgs, opts: ComponentResourceOptions)

method getData

protected getData(): Promise<TData>

Retrieves the data produces by [initialize]. The data is immediately available in a derived class’s constructor after the super(...) call to ComponentResource.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method initialize

protected initialize(args: Inputs): Promise<TData>

method isInstance

static isInstance(obj: any): obj is ComponentResource

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method registerOutputs

protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void

registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.

property applicationListeners

public applicationListeners: Record<string, ApplicationListener>;

property cluster

public cluster: Cluster;

property listeners

public listeners: Record<string, Listener>;

property networkListeners

public networkListeners: Record<string, NetworkListener>;

property service

public service: Service;

property taskDefinition

public taskDefinition: FargateTaskDefinition;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

interface FargateServiceArgs

interface FargateServiceArgs

property assignPublicIp

assignPublicIp?: pulumi.Input<boolean>;

Whether or not public IPs should be provided for the instances.

Defaults to [true] if unspecified.

property cluster

cluster?: Cluster;

Cluster this service will run in. If unspecified, [Cluster.getDefault()] will be used.

property deploymentCircuitBreaker

deploymentCircuitBreaker?;

Configuration block for deployment circuit breaker.

property deploymentController

deploymentController?;

Configuration block containing deployment controller configuration.

property deploymentMaximumPercent

deploymentMaximumPercent?: pulumi.Input<number>;

property deploymentMinimumHealthyPercent

deploymentMinimumHealthyPercent?: pulumi.Input<number>;

The lower limit (as a percentage of the service’s desiredCount) of the number of running tasks that must remain running and healthy in a service during a deployment.

property desiredCount

desiredCount?: pulumi.Input<number>;

The number of instances of the task definition to place and keep running. Defaults to 1. Do not specify if using the DAEMON scheduling strategy.

property enableEcsManagedTags

enableEcsManagedTags?: pulumi.Input<boolean>;

Specifies whether to enable Amazon ECS managed tags for the tasks within the service.

property enableExecuteCommand

enableExecuteCommand?: pulumi.Input<boolean>;

Specifies whether to enable Amazon ECS Exec for the tasks within the service.

property forceNewDeployment

forceNewDeployment?: pulumi.Input<boolean>;

property healthCheckGracePeriodSeconds

healthCheckGracePeriodSeconds?: pulumi.Input<number>;

Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers.

property iamRole

iamRole?: pulumi.Input<string>;

property loadBalancers

loadBalancers?: ServiceLoadBalancer | Promise<ServiceLoadBalancer> | OutputInstance<ServiceLoadBalancer> | ServiceLoadBalancerProvider[];

A load balancer block. Load balancers documented below.

property name

name?: pulumi.Input<string>;

The name of the service (up to 255 letters, numbers, hyphens, and underscores)

property os

os?: pulumi.Input<"linux" | "windows">;

property placementConstraints

placementConstraints?;

rules that are taken into consideration during task placement. Maximum number of placement_constraints is 10. Defined below.

property platformVersion

platformVersion?: pulumi.Input<string>;

property propagateTags

propagateTags?: pulumi.Input<string>;

Specifies whether to propagate the tags from the task definition or the service to the tasks. The valid values are SERVICE and TASK_DEFINITION.

property schedulingStrategy

schedulingStrategy?: pulumi.Input<string>;

The scheduling strategy to use for the service. The valid values are REPLICA and DAEMON. Defaults to REPLICA. Note that Fargate tasks do not support the DAEMON scheduling strategy.

property securityGroups

securityGroups?: ec2.SecurityGroupOrId[];

The security groups to use for the instances.

Defaults to [cluster.securityGroups] if unspecified.

property serviceRegistries

serviceRegistries?;

The service discovery registries for the service. The maximum number of service_registries blocks is 1.

property subnets

subnets?: pulumi.Input<pulumi.Input<string>[]>;

property tags

tags?: pulumi.Input<Tags>;

Key-value mapping of resource tags

property taskDefinition

taskDefinition?: FargateTaskDefinition;

The task definition to create the service from. Either [taskDefinition] or [taskDefinitionArgs] must be provided.

property taskDefinitionArgs

taskDefinitionArgs?: FargateTaskDefinitionArgs;

The task definition to create the service from. Either [taskDefinition] or [taskDefinitionArgs] must be provided.

property waitForSteadyState

waitForSteadyState?: pulumi.Input<boolean>;

Wait for the service to reach a steady state (like aws ecs wait services-stable) before continuing. Defaults to true.

class FargateTaskDefinition

class FargateTaskDefinition extends TaskDefinition

constructor

new FargateTaskDefinition(name: string, args: FargateTaskDefinitionArgs, opts: ComponentResourceOptions)

method createExecutionRole

public static createExecutionRole(name: string, assumeRolePolicy?: string | PolicyDocument, policyArns?: string[], opts?: pulumi.ComponentResourceOptions): Role

method createService

public createService(name: string, args: FargateServiceArgs, opts: ComponentResourceOptions): FargateService

Creates a service with this as its task definition.

method createTaskRole

public static createTaskRole(name: string, assumeRolePolicy?: string | PolicyDocument, policyArns?: string[], opts?: pulumi.ComponentResourceOptions): Role

method defaultExecutionRolePolicyARNs

public static defaultExecutionRolePolicyARNs(): string[]

method defaultRoleAssumeRolePolicy

public static defaultRoleAssumeRolePolicy(): PolicyDocument

method defaultTaskRolePolicyARNs

public static defaultTaskRolePolicyARNs(): "arn:aws:iam::aws:policy/AWSLambda_FullAccess" | "arn:aws:iam::aws:policy/AmazonECS_FullAccess"[]

method getData

protected getData(): Promise<TData>

Retrieves the data produces by [initialize]. The data is immediately available in a derived class’s constructor after the super(...) call to ComponentResource.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method initialize

protected initialize(args: Inputs): Promise<TData>

method isInstance

static isInstance(obj: any): obj is ComponentResource

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method registerOutputs

protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void

registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.

property applicationListeners

public applicationListeners: Record<string, ApplicationListener>;

property containers

public containers: Record<string, Container>;

property executionRole

public executionRole?: aws.iam.Role;

property listeners

public listeners: Record<string, Listener>;

property logGroup

public logGroup?: aws.cloudwatch.LogGroup;

property networkListeners

public networkListeners: Record<string, NetworkListener>;

property run

public run: (params: RunTaskRequest) => Promise<awssdk.ECS.Types.RunTaskResponse>;

Run one or more instances of this TaskDefinition using the ECS runTask API, returning the Task instances.

This wrapper around runTask provides appropriate defaults based on the TaskDefinition and allows specifying a Cluster instead of individual network configurations.

This API is designed for use at runtime.

property taskDefinition

public taskDefinition: TaskDefinition;

property taskRole

public taskRole?: aws.iam.Role;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

interface FargateTaskDefinitionArgs

interface FargateTaskDefinitionArgs

property container

container?: Container;

Single container to make a TaskDefinition from. Useful for simple cases where there aren’t multiple containers, especially when creating a TaskDefinition to call [run] on.

Either [container] or [containers] must be provided.

property containers

containers?: Record<string, Container>;

All the containers to make a TaskDefinition from. Useful when creating a Service that will contain many containers within.

Either [container] or [containers] must be provided.

property cpu

cpu?: pulumi.Input<string>;

The number of cpu units used by the task. If not provided, a default will be computed based on the cumulative needs specified by [containerDefinitions]

property executionRole

executionRole?: Role | null;

The execution role that the Amazon ECS container agent and the Docker daemon can assume.

If undefined, a default will be created for the task. If null no role will be created.

property family

family?: pulumi.Input<string>;

An optional family name for the Task Definition. If not specified, then a suitable default will be created.

property logGroup

logGroup?: LogGroup | null;

Log group for logging information related to the service. If undefined a default instance with a one-day retention policy will be created. If null no log group will be created.

property memory

memory?: pulumi.Input<string>;

The amount (in MiB) of memory used by the task. If not provided, a default will be computed based on the cumulative needs specified by [containerDefinitions]

property placementConstraints

placementConstraints?;

A set of placement constraints rules that are taken into consideration during task placement. Maximum number of placement_constraints is 10.

property proxyConfiguration

proxyConfiguration?;

The proxy configuration details for the App Mesh proxy.

property tags

tags?: pulumi.Input<Tags>;

Key-value mapping of resource tags

property taskRole

taskRole?: Role | null;

IAM role that allows your Amazon ECS container task to make calls to other AWS services. If undefined, a default will be created for the task. If null no role will be created.

property volumes

volumes?;

A set of volume blocks that containers in your task may use.

property vpc

vpc?: ec2.Vpc;

The vpc that the service for this task will run in. Does not normally need to be explicitly provided as it will be inferred from the cluster the service is associated with.

interface FirelensConfiguration

interface FirelensConfiguration

See https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_FirelensConfiguration.html for more details

property options

options?: undefined | {[key: string]: string};

The options to use when configuring the log router. This field is optional and can be used to specify a custom configuration file or to add additional metadata, such as the task, task definition, cluster, and container instance details to the log event.

property type

type: pulumi.Input<"fluentd" | "fluentbit">;

The log router to use.

class Image

 implements ContainerImageProvider

method environment

public environment(name: string, parent: Resource): pulumi.Input<KeyValuePair[]>

method fromDockerBuild

public static fromDockerBuild(name: string, build: pulumi.Input<DockerBuild>): Image

Creates an [Image] using the detailed build instructions provided in [build].

Either a [name] or [repository] needs to be provided where the built image will be pushed to. If [repository] is provided, it will be used as-is. Otherwise, a new one will be created on-demand, using the [name] value.

public static fromDockerBuild(repository: Repository, build: pulumi.Input<DockerBuild>): Image

method fromFunction

public static fromFunction(func: () => void): Image

Creates an [Image] given function code to use as the implementation of the container.

method fromPath

public static fromPath(name: string, path: pulumi.Input<string>): Image

Creates an [Image] given a path to a folder in which a Docker build should be run.

public static fromPath(repository: Repository, path: pulumi.Input<string>): Image

method image

public image(name: string, parent: Resource): pulumi.Input<string>

interface KeyValuePair

interface KeyValuePair

See https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_KeyValuePair.html for more details.

property name

name: pulumi.Input<string>;

The name of the key-value pair. For environment variables, this is the name of the environment variable.

property value

value: pulumi.Input<string>;

The value of the key-value pair. For environment variables, this is the value of the environment variable.

namespace metrics

function cpuReservation

cpuReservation(change?: EcsMetricChange): Metric

The percentage of CPU units that are reserved by running tasks in the cluster.

Cluster CPU reservation (this metric can only be filtered by ClusterName) is measured as the total CPU units that are reserved by Amazon ECS tasks on the cluster, divided by the total CPU units that were registered for all of the container instances in the cluster. This metric is only used for tasks using the EC2 launch type.

Valid dimensions: ClusterName.

Valid statistics: Average, Minimum, Maximum, Sum, Sample Count. The most useful statistic is Average.

Unit: Percent.

function cpuUtilization

cpuUtilization(change?: EcsMetricChange): Metric

The percentage of CPU units that are used in the cluster or service.

Cluster CPU utilization (metrics that are filtered by ClusterName without ServiceName) is measured as the total CPU units in use by Amazon ECS tasks on the cluster, divided by the total CPU units that were registered for all of the container instances in the cluster. Cluster CPU utilization metrics are only used for tasks using the EC2 launch type.

Service CPU utilization (metrics that are filtered by ClusterName and ServiceName) is measured as the total CPU units in use by the tasks that belong to the service, divided by the total number of CPU units that are reserved for the tasks that belong to the service. Service CPU utilization metrics are used for tasks using both the Fargate and the EC2 launch type.

Valid dimensions: ClusterName, ServiceName.

Valid statistics: Average, Minimum, Maximum, Sum, Sample Count. The most useful statistic is Average.

Unit: Percent.

interface EcsMetricChange

interface EcsMetricChange extends MetricChange

property cluster

cluster?: Cluster | Cluster;

This dimension filters the data that you request for all resources in a specified cluster. All Amazon ECS metrics can be filtered by this.

property color

color?: pulumi.Input<string>;

The six-digit HTML hex color code to be used for this metric.

Only used if this metric is displayed in a [Dashboard] with a [MetricWidget].

property dimensions

dimensions?: pulumi.Input<Record<string, pulumi.Input<string>>>;

The new dimension for this metric. If this object is missing this property, then no change will be made. However, if the property is there by set to [undefined] then the value will be cleared.

property extendedStatistic

extendedStatistic?: pulumi.Input<number>;

The new percentile statistic for the metric associated with the alarm. If this object is missing this property, then no change will be made. However, if the property is there by set to [undefined] then the value will be set to the default.

property label

label?: pulumi.Input<string>;

The label to display for this metric in the graph legend. If this is not specified, the metric is given an autogenerated label that distinguishes it from the other metrics in the widget.

Only used if this metric is displayed in a [Dashboard] with a [MetricWidget].

property period

period?: pulumi.Input<number>;

The new period in seconds over which the specified stat is applied. If this object is missing this property, then no change will be made. However, if the property is there by set to [undefined] then the value will be set to the default (300s).

property service

service?: Service | Service;

This dimension filters the data that you request for all resources in a specified service within a specified cluster. If this is an [awsx.ecs.Service] then [cluster] is not required. If this is an [aws.ecs.Service] then [cluster] is required.

property statistic

statistic?: pulumi.Input<MetricStatistic>;

The new statistic to apply to the alarm’s associated metric. If this object is missing this property, then no change will be made. However, if the property is there by set to [undefined] then the value will be set to the default.

property unit

unit?: pulumi.Input<MetricUnit>;

The new unit for this metric. If this object is missing this property, then no change will be made. However, if the property is there by set to [undefined] then the value will be set to the default.

property visible

visible?: pulumi.Input<boolean>;

Set this to true to have the metric appear in the graph, or false to have it be hidden. The default is true.

Only used if this metric is displayed in a [Dashboard] with a [MetricWidget].

property yAxis

yAxis?: pulumi.Input<"left" | "right">;

Where on the graph to display the y-axis for this metric. The default is left.

Only used if this metric is displayed in a [Dashboard] with a [MetricWidget].

type EcsMetricName

type EcsMetricName = "CPUReservation" | "CPUUtilization" | "MemoryReservation" | "MemoryUtilization" | "GPUReservation";

function gpuReservation

gpuReservation(change?: EcsMetricChange): Metric

The percentage of total available GPUs that are reserved by running tasks in the cluster.

Cluster GPU reservation is measured as the number of GPUs reserved by Amazon ECS tasks on the cluster, divided by the total number of GPUs that was available on all of the GPU-enabled container instances in the cluster.

Valid dimensions: ClusterName.

Valid statistics: Average, Minimum, Maximum, Sum, Sample Count. The most useful statistic is Average.

Unit: Percent.

function memoryReservation

memoryReservation(change?: EcsMetricChange): Metric

The percentage of memory that is reserved by running tasks in the cluster.

Cluster memory reservation (this metric can only be filtered by ClusterName) is measured as the total memory that is reserved by Amazon ECS tasks on the cluster, divided by the total amount of memory that was registered for all of the container instances in the cluster. This metric is only used for tasks using the EC2 launch type.

Valid dimensions: ClusterName.

Valid statistics: Average, Minimum, Maximum, Sum, Sample Count. The most useful statistic is Average.

Unit: Percent.

function memoryUtilization

memoryUtilization(change?: EcsMetricChange): Metric

The percentage of memory that is used in the cluster or service.

Cluster memory utilization (metrics that are filtered by ClusterName without ServiceName) is measured as the total memory in use by Amazon ECS tasks on the cluster, divided by the total amount of memory that was registered for all of the container instances in the cluster. Cluster memory utilization metrics are only used for tasks using the EC2 launch type.

Service memory utilization (metrics that are filtered by ClusterName and ServiceName) is measured as the total memory in use by the tasks that belong to the service, divided by the total memory that is reserved for the tasks that belong to the service. Service memory utilization metrics are used for tasks using both the Fargate and EC2 launch types.

Valid dimensions: ClusterName, ServiceName.

Valid statistics: Average, Minimum, Maximum, Sum, Sample Count. The most useful statistic is Average.

Unit: Percent.

function metric

metric(metricName: EcsMetricName, change: EcsMetricChange): Metric

Creates an AWS/ECS metric with the requested [metricName]. See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cloudwatch-metrics.html for list of all metric-names.

Note, individual metrics can easily be obtained without supplying the name using the other [metricXXX] functions.

You can monitor your Amazon ECS resources using Amazon CloudWatch, which collects and processes raw data from Amazon ECS into readable, near real-time metrics. These statistics are recorded for a period of two weeks so that you can access historical information and gain a better perspective on how your clusters or services are performing. Amazon ECS metric data is automatically sent to CloudWatch in 1-minute periods. For more information about CloudWatch, see the Amazon-CloudWatch-User-Guide.

Amazon ECS metrics use the AWS/ECS namespace and provide metrics for the following dimensions.

“ClusterName”: This dimension filters the data that you request for all resources in a specified cluster. All Amazon ECS metrics are filtered by ClusterName.
“ServiceName”: This dimension filters the data that you request for all resources in a specified service within a specified cluster.

interface NetworkConfiguration

interface NetworkConfiguration

property assignPublicIp

assignPublicIp?: pulumi.Input<boolean>;

Assign a public IP address to the ENI (Fargate launch type only). Valid values are true or false. Default false.

property securityGroups

securityGroups?: pulumi.Input<pulumi.Input<string>[]>;

The security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used.

property subnets

subnets: pulumi.Input<pulumi.Input<string>[]>;

The subnets associated with the task or service.

interface RunTaskRequest

interface RunTaskRequest

property cluster

cluster: Cluster;

The Cluster to run the Task within.

property count

count?: awssdk.ECS.BoxedInteger;

The number of instantiations of the specified task to place on your cluster. You can specify up to 10 tasks per call.

property enableECSManagedTags

enableECSManagedTags?: awssdk.ECS.Boolean;

Specifies whether to enable Amazon ECS managed tags for the task. For more information, see Tagging Your Amazon ECS Resources in the Amazon Elastic Container Service Developer Guide.

property group

group?: awssdk.ECS.String;

The name of the task group to associate with the task. The default value is the family name of the task definition (for example, family:my-family-name).

property networkConfiguration

networkConfiguration?: awssdk.ECS.NetworkConfiguration;

The network configuration for the task. This parameter is required for task definitions that use the awsvpc network mode to receive their own elastic network interface, and it is not supported for other network modes. For more information, see Task Networking in the Amazon Elastic Container Service Developer Guide.

property overrides

overrides?: awssdk.ECS.TaskOverride;

A list of container overrides in JSON format that specify the name of a container in the specified task definition and the overrides it should receive. You can override the default command for a container (that is specified in the task definition or Docker image) with a command override. You can also override existing environment variables (that are specified in the task definition or Docker image) on a container or add new environment variables to it with an environment override. A total of 8192 characters are allowed for overrides. This limit includes the JSON formatting characters of the override structure.

property placementConstraints

placementConstraints?: awssdk.ECS.PlacementConstraints;

An array of placement constraint objects to use for the task. You can specify up to 10 constraints per task (including constraints in the task definition and those specified at runtime).

property placementStrategy

placementStrategy?: awssdk.ECS.PlacementStrategies;

The placement strategy objects to use for the task. You can specify a maximum of five strategy rules per task.

property platformVersion

platformVersion?: awssdk.ECS.String;

The platform version the task should run. A platform version is only specified for tasks using the Fargate launch type. If one is not specified, the LATEST platform version is used by default. For more information, see AWS Fargate Platform Versions in the Amazon Elastic Container Service Developer Guide.

property propagateTags

propagateTags?: awssdk.ECS.PropagateTags;

Specifies whether to propagate the tags from the task definition or the service to the task. If no value is specified, the tags are not propagated.

property startedBy

startedBy?: awssdk.ECS.String;

An optional tag specified when a task is started. For example, if you automatically trigger a task to run a batch process job, you could apply a unique identifier for that job to your task with the startedBy parameter. You can then identify which tasks belong to that job by filtering the results of a ListTasks call with the startedBy value. Up to 36 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed. If a task is started by an Amazon ECS service, then the startedBy parameter contains the deployment ID of the service that starts it.

property tags

tags?: awssdk.ECS.Tags;

The metadata that you apply to the task to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

interface ServiceArgs

interface ServiceArgs

property capacityProviderStrategies

capacityProviderStrategies?;

The capacity provider strategy to use for the service.

property cluster

cluster?: Cluster;

Cluster this service will run in. If not specified [Cluster.getDefault()] will be used.

property deploymentCircuitBreaker

deploymentCircuitBreaker?;

Configuration block for deployment circuit breaker.

property deploymentController

deploymentController?;

Configuration block containing deployment controller configuration.

property deploymentMaximumPercent

deploymentMaximumPercent?: pulumi.Input<number>;

property deploymentMinimumHealthyPercent

deploymentMinimumHealthyPercent?: pulumi.Input<number>;

The lower limit (as a percentage of the service’s desiredCount) of the number of running tasks that must remain running and healthy in a service during a deployment.

property desiredCount

desiredCount?: pulumi.Input<number>;

The number of instances of the task definition to place and keep running. Defaults to 1. Do not specify if using the DAEMON scheduling strategy.

property enableEcsManagedTags

enableEcsManagedTags?: pulumi.Input<boolean>;

Specifies whether to enable Amazon ECS managed tags for the tasks within the service.

property enableExecuteCommand

enableExecuteCommand?: pulumi.Input<boolean>;

Specifies whether to enable Amazon ECS Exec for the tasks within the service.

property forceNewDeployment

forceNewDeployment?: pulumi.Input<boolean>;

Enable to force a new task deployment of the service. This can be used to update tasks to use a newer Docker image with same image/tag combination (e.g. myimage:latest), roll Fargate tasks onto a newer platform version, or immediately deploy orderedPlacementStrategy and placementConstraints updates.

property healthCheckGracePeriodSeconds

healthCheckGracePeriodSeconds?: pulumi.Input<number>;

Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers.

property iamRole

iamRole?: pulumi.Input<string>;

property launchType

launchType?: pulumi.Input<"EC2" | "FARGATE">;

The launch type on which to run your service. The valid values are EC2 and FARGATE. Defaults to EC2.

property loadBalancers

loadBalancers?: ServiceLoadBalancer | Promise<ServiceLoadBalancer> | OutputInstance<ServiceLoadBalancer> | ServiceLoadBalancerProvider[];

A load balancer block. Load balancers documented below.

property name

name?: pulumi.Input<string>;

The name of the service (up to 255 letters, numbers, hyphens, and underscores)

property networkConfiguration

networkConfiguration?: pulumi.Input<NetworkConfiguration>;

The network configuration for the service. This parameter is required for task definitions that use the awsvpc network mode to receive their own Elastic Network Interface, and it is not supported for other network modes.

property orderedPlacementStrategies

orderedPlacementStrategies?;

property placementConstraints

placementConstraints?;

rules that are taken into consideration during task placement. Maximum number of placement_constraints is 10. Defined below.

property platformVersion

platformVersion?: pulumi.Input<string>;

property propagateTags

propagateTags?: pulumi.Input<string>;

Specifies whether to propagate the tags from the task definition or the service to the tasks. The valid values are SERVICE and TASK_DEFINITION.

property schedulingStrategy

schedulingStrategy?: pulumi.Input<string>;

The scheduling strategy to use for the service. The valid values are REPLICA and DAEMON. Defaults to REPLICA. Note that Fargate tasks do not support the DAEMON scheduling strategy.

property securityGroups

securityGroups: SecurityGroup[];

Security groups determining how this service can be reached.

property serviceRegistries

serviceRegistries?;

The service discovery registries for the service. The maximum number of service_registries blocks is 1.

property tags

tags?: pulumi.Input<Tags>;

Key-value mapping of resource tags

property taskDefinition

taskDefinition: TaskDefinition;

The task definition to create the service from.

property waitForSteadyState

waitForSteadyState?: pulumi.Input<boolean>;

Wait for the service to reach a steady state (like aws ecs wait services-stable) before continuing. Defaults to true.

interface ServiceLoadBalancer

interface ServiceLoadBalancer

property containerName

containerName: pulumi.Input<string>;

property containerPort

containerPort: pulumi.Input<number>;

property elbName

elbName?: pulumi.Input<string>;

property targetGroupArn

targetGroupArn?: pulumi.Input<string>;

interface ServiceLoadBalancerProvider

interface ServiceLoadBalancerProvider

method serviceLoadBalancer

serviceLoadBalancer(name: string, parent: Resource): pulumi.Input<ServiceLoadBalancer>

interface TaskDefinitionArgs

interface TaskDefinitionArgs

property containers

containers: Record<string, Container>;

All the containers to make a ClusterTaskDefinition from. Useful when creating a ClusterService that will contain many containers within.

Either [container] or [containers] must be provided.

property cpu

cpu?: pulumi.Input<string>;

The number of cpu units used by the task. If not provided, a default will be computed based on the cumulative needs specified by [containerDefinitions]

property executionRole

executionRole?: Role | null;

The execution role that the Amazon ECS container agent and the Docker daemon can assume.

If undefined, a default will be created for the task. If null, no task will be created.

property family

family?: pulumi.Input<string>;

An optional family name for the Task Definition. If not specified, then a suitable default will be created.

property inferenceAccelerators

inferenceAccelerators?: pulumi.Input<pulumi.Input<TaskDefinitionInferenceAccelerator>[]>;

Configuration block(s) with Inference Accelerators settings. Detailed below.

property ipcMode

ipcMode?: pulumi.Input<string>;

The IPC resource namespace to be used for the containers in the task The valid values are host, task, and none.

property logGroup

logGroup?: LogGroup | null;

Log group for logging information related to the service. If undefined a default instance with a one-day retention policy will be created. If null, no log group will be created.

property memory

memory?: pulumi.Input<string>;

The amount (in MiB) of memory used by the task. If not provided, a default will be computed based on the cumulative needs specified by [containerDefinitions]

property networkMode

networkMode?: pulumi.Input<"none" | "bridge" | "awsvpc" | "host">;

The Docker networking mode to use for the containers in the task. The valid values are none, bridge, awsvpc, and host.

property pidMode

pidMode?: pulumi.Input<string>;

The process namespace to use for the containers in the task. The valid values are host and task.

property placementConstraints

placementConstraints?;

A set of placement constraints rules that are taken into consideration during task placement. Maximum number of placement_constraints is 10.

property proxyConfiguration

proxyConfiguration?;

The proxy configuration details for the App Mesh proxy.

property requiresCompatibilities

requiresCompatibilities: pulumi.Input<[, "FARGATE"] | [, "EC2"]>;

A set of launch types required by the task. The valid values are EC2 and FARGATE.

property tags

tags?: pulumi.Input<Tags>;

Key-value mapping of resource tags

property taskRole

taskRole?: Role | null;

IAM role that allows your Amazon ECS container task to make calls to other AWS services. If undefined, a default will be created for the task. If null, no task will be created.

property volumes

volumes?;

A set of volume blocks that containers in your task may use.

property vpc

vpc?: ec2.Vpc;

The vpc that the service for this task will run in. Does not normally need to be explicitly provided as it will be inferred from the cluster the service is associated with.

Module classic/ecs

On this page

On this page

Pulumi ECS Components

Load Balancing

Clusters

Task Definitions

Services

Containers

Resources

Others

Resources

Others