Module classic/ecs
Pulumi ECS Components
Pulumi’s API’s for simplifying working with ECS. The API currently provides ways to define and configure Clusters
, Services
, TaskDefinitions
, and Containers
. The Pulumi API also makes it simple to configure things simply to use Fargate
(alleviating the need to manage servers yourself), or just use EC2 for the most control.
To start with, here’s a simple example of how one can create a Fargate service:
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
const listener = new awsx.lb.NetworkListener("nginx", { port: 80 });
const nginx = new awsx.ecs.FargateService("nginx", {
taskDefinitionArgs: {
containers: {
nginx: {
image: "nginx",
memory: 128,
portMappings: [listener],
},
},
},
desiredCount: 2,
});
This single call will create a Cluster on your behalf in The Default VPC for your region. It will also create an internet-facing NLB that will listen for connections and route requests appropriate to spawned instances in the cluster. Because we have used Fargate
, there is no need to create any sort of Auto Scaling Group or otherwise specify what sort of machine instances will be run. Instead, Fargate will manage that for us automatically based on the optional memory
and cpu
values we request for our containers.
While this approach manages nearly everything on your behalf, it can often be desirable to control more of what is going on. To help explain how that works, we’ll work from the top down up to see how each part of your containerized infrastructure can be configured.
Load Balancing
The above example shows how service load balanced through an internet-facing NLB. The pattern of defining a service that is attached to an NLB or ALB is so common that both awsx.ecs.FargateService
and awsx.ecs.EC2Service
provide convenient construction techniques to simplify creating both.
Here’s how we can simplify the above using those techniques:
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
const nginx = new awsx.ecs.FargateService("nginx", {
taskDefinitionArgs: {
containers: {
nginx: {
image: "nginx",
memory: 128,
networkListener: { port: 80 },
},
},
},
desiredCount: 2,
});
Like before, this will create an [awsx.lb.NetworkListener] named "nginx"
, but will not require that resource to be directly declared beforehand.
The networkListener:
or applicationListener:
provided can be fully configured to your needs. This includes adjusting the awsx.lb.LoadBalancer
and awsx.lb.TargetGroup
that are needed here. Those can be configured like so:
nginx: {
image: "nginx",
memory: 128,
networkListener: { port: 80, /*more listener args*/, targetGroup: { /*...*/ }, loadBalancer: { /*...*/ } },
},
See the respective docs for more details on what can be configured here.
Clusters
A Cluster defines the infrastructure to run Services and Tasks in. If a Cluster is not specified when creating Services or running Tasks, then a default one will be created that is confired to use The Default VPC for your region. Creating a Cluster that uses a different Vpc can be simply done by:
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
const vpc = // ... create custom vpc
const cluster = new awsx.ecs.Cluster("custom", { vpc });
const nginx = new awsx.ecs.FargateService("nginx", {
cluster,
// ... additional args
});
A Cluster created in this manner is ready for use by Fargate. In order to be used by EC2 though scaling capacity needs to be added to the Cluster. This can be done simply like so:
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
const vpc = // ... create custom vpc
const cluster = new awsx.ecs.Cluster("custom", { vpc });
const asg = cluster.createAutoScalingGroup("custom", {
templateParameters: { minSize: 20 },
launchConfigurationArgs: { instanceType: "t2.medium" },
});
Task Definitions
A task definition is required to run Docker containers in Amazon ECS. Some of the parameters you can specify in a task definition include:
- The Docker image to use with each container in your task
- How much CPU and memory to use with each task or each container within a task
- The Docker networking mode to use for the containers in your task
- The logging configuration to use for your tasks
- Whether the task should continue to run if the container finishes or fails
- The command the container should run when it is started
- Any data volumes that should be used with the containers in the task
- The IAM role that your tasks should use
You can define multiple containers in a task definition. Tasks can easily be created to run either in Fargate or EC2 like so:
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
const vpc = // ... create custom vpc
const cluster = new awsx.ecs.Cluster("custom", { vpc });
// optionally create an auto scaling group for EC2 tasks.
const fargateTask = new awsx.ecs.FargateTaskDefinition("fargate-nginx", {
containers: {
nginx: // ...
},
});
const ec2Task = new awsx.ecs.FargateTaskDefinition("ec2-nginx", {
containers: {
nginx: // ...
},
});
A Task Definition can be used to define a Service, or it can be run on demand in a ‘fire and forget’ manner (for example, from within a Lambda callback). This can be done by calling the run
method on the Task instance. This run
call must be supplied a Cluster to run in. For example. continuing from above:
const helloTask = new awsx.ecs.FargateTaskDefinition("hello-world", {
container: {
image: "hello-world",
memory: 20,
},
});
const api = new aws.apigateway.x.API("examples-containers", {
routes: [{
path: "/run",
method: "GET",
eventHandler: async (req) => {
const result = await helloTask.run({ cluster });
},
}],
});
Additional arguments can be passed to run
to control how the instance will be run.
Services
ECS allows you to run and maintain a specified number of instances of a task definition simultaneously in a cluster. This is called a Service. If any of your tasks should fail or stop for any reason, the ECS launches another instance of your task definition to replace it and maintain the desired count of tasks in the service depending on the scheduling strategy used.
Services can be simply be made for Fargate and EC2 like so:
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
const vpc = // ... create custom vpc
const cluster = new awsx.ecs.Cluster("custom", { vpc });
// optionally create an auto scaling group for EC2 tasks.
const fargateService = new awsx.ecs.FargateService("fargate-nginx", {
cluster,
desiredCount: 2,
taskDefinitionArgs: {
containers: {
nginx: // ...
},
},
});
const ec2Service = new awsx.ecs.FargateService("ec2-nginx", {
cluster,
desiredCount: 2,
taskDefinitionArgs: {
containers: {
nginx: // ...
},
},
});
In the case where a Task is both expected to run in a Service and a ‘fire and forget’ manner, then the following pattern can be used:
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
const vpc = // ... create custom vpc
const cluster = new awsx.ecs.Cluster("custom", { vpc });
// optionally create an auto scaling group for EC2 tasks.
const fargateTask = new awsx.ecs.FargateTaskDefinition("fargate-nginx", {
containers: {
nginx: // ...
},
});
const fargateService = fargateTask.createService("fargate-nginx", {
cluster,
desiredCount: 2,
});
Containers
A Task Definition is built from a collection of Container Definitions. These definitions are used to specify the docker configuration for the container instances that are launched. The simplest way to specify the docker image to run is to provide a string to the ‘image’ parameter of the container definition. This string is either the name of an image on DockerHub, or an ECR Repository.
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
const listener = new awsx.lb.NetworkListener("listener", { port: 80 });
const task = new awsx.ecs.FargateTaskDefinition("task", {
containers: {
nginx: {
image: "nginx",
memory: 128,
portMappings: [listener],
},
},
});
However, image
is far more flexible than that. Beyond just accepting a string a ContainerImageProvider can also be provided. Instances of this interface can be used to dynamically compute and pass in an ECR repository path. Pulumi provides several convenient ways to do this.
For example fromPath
will run a Docker build in that path, push the result up to an ECR repository, and then pass the repository path to the container:
const task = new awsx.ecs.FargateTaskDefinition("task", {
containers: {
nginx: {
image: awsx.ecs.Image.fromPath(/*localPath*/"..."),
// ...
},
},
});
For more control over the Docker invocation fromDockerBuild
an be used like so:
const task = new awsx.ecs.FargateTaskDefinition("task", {
containers: {
nginx: {
image: awsx.ecs.Image.fromDockerBuild({
context: "./app",
dockerfile: "./app/Dockerfile-multistage",
cacheFrom: {stages: ["build"]},
}),
// ...
},
},
});
Finally, Pulumi offers a way to create a Container from a callback function. This allows for an infrastructure setup where the code that runs in a container is itself supplied as code directly in the Pulumi application like so. This can be setup like so:
const listener =
new awsx.lb.NetworkTargetGroup("custom", { port: 8080 })
.createListener("custom", { port: 80 });
const service = new awsx.ecs.EC2Service("custom", {
cluster,
desiredCount: 2,
taskDefinitionArgs: {
containers: {
webserver: {
memory: 128,
portMappings: [listener],
image: awsx.ecs.Image.fromFunction(() => {
const rand = Math.random();
const http = require("http");
http.createServer((req: any, res: any) => {
res.end(`Hello, world! (from ${rand})`);
}).listen(8080);
}),
},
},
},
});
Resources
Others
- CapacityProviderService
- CapacityProviderServiceArgs
- ClusterArgs
- Container
- ContainerDependency
- ContainerImageProvider
- ContainerLoadBalancer
- ContainerLoadBalancerProvider
- ContainerPortMappingProvider
- EC2Service
- EC2ServiceArgs
- EC2TaskDefinition
- EC2TaskDefinitionArgs
- EnvironmentFile
- FargateService
- FargateServiceArgs
- FargateTaskDefinition
- FargateTaskDefinitionArgs
- FirelensConfiguration
- Image
- KeyValuePair
- metrics
- NetworkConfiguration
- RunTaskRequest
- ServiceArgs
- ServiceLoadBalancer
- ServiceLoadBalancerProvider
- TaskDefinitionArgs
Resources
Resource Cluster
implements AutoScalingUserData
A Cluster is a general purpose ECS cluster configured to run in a provided Network.
constructor
new Cluster(name: string, args: ClusterArgs, opts: ComponentResourceOptions)
method addAutoScalingGroup
public addAutoScalingGroup(group: AutoScalingGroup): void
method createAutoScalingGroup
public createAutoScalingGroup(name: string, args: AutoScalingGroupArgs, opts: ComponentResourceOptions): AutoScalingGroup
Creates a new autoscaling group and adds it to the list of autoscaling groups targeting this cluster. The autoscaling group will be created with is network set to the same network as this cluster as well as using this cluster to initialize both its securityGroups and launchConfiguration userData.
method createDefaultSecurityGroup
public static createDefaultSecurityGroup(name: string, vpc?: ec2.Vpc, opts: ComponentResourceOptions): SecurityGroup
method createDefaultSecurityGroupEgressRules
public static createDefaultSecurityGroupEgressRules(name: string, securityGroup: SecurityGroup): EgressSecurityGroupRule[]
method createDefaultSecurityGroupIngressRules
public static createDefaultSecurityGroupIngressRules(name: string, securityGroup: SecurityGroup): IngressSecurityGroupRule[]
method getData
protected getData(): Promise<TData>
Retrieves the data produces by [initialize]. The data is immediately available in a
derived class’s constructor after the super(...)
call to ComponentResource
.
method getDefault
public static getDefault(opts?: pulumi.ComponentResourceOptions): Cluster
Gets or creates a cluster that can be used by default for the current aws account and region. The cluster will use the default Vpc for the account and will be provisioned with a security group created by [createDefaultSecurityGroup].
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method initialize
protected initialize(args: Inputs): Promise<TData>
Can be overridden by a subclass to asynchronously initialize data for this Component
automatically when constructed. The data will be available immediately for subclass
constructors to use. To access the data use .getData
.
method isInstance
static isInstance(obj: any): obj is ComponentResource
Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
method registerOutputs
protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void
registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.
ComponentResources can call this at the end of their constructor to indicate that they are
done creating child resources. This is not strictly necessary as this will automatically be
called after the initialize
method completes.
property autoScalingGroups
public autoScalingGroups: AutoScalingGroup[] = [];
property cluster
public cluster: Cluster;
property extraBootcmdLines
public extraBootcmdLines: () => pulumi.Input<UserDataLine[]>;
property id
public id: pulumi.Output<string>;
property securityGroups
public securityGroups: SecurityGroup[];
Security groups associated with this this ECS Cluster.
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
property vpc
public vpc: Vpc;
The network in which to create this cluster.
Resource Service
class Service extends ComponentResource
constructor
new Service(type: string, name: string, args: ServiceArgs, opts: ComponentResourceOptions)
method getData
protected getData(): Promise<TData>
Retrieves the data produces by [initialize]. The data is immediately available in a
derived class’s constructor after the super(...)
call to ComponentResource
.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method initialize
protected initialize(args: Inputs): Promise<TData>
Can be overridden by a subclass to asynchronously initialize data for this Component
automatically when constructed. The data will be available immediately for subclass
constructors to use. To access the data use .getData
.
method isInstance
static isInstance(obj: any): obj is ComponentResource
Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
method registerOutputs
protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void
registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.
ComponentResources can call this at the end of their constructor to indicate that they are
done creating child resources. This is not strictly necessary as this will automatically be
called after the initialize
method completes.
property applicationListeners
public applicationListeners: Record<string, ApplicationListener>;
property cluster
public cluster: Cluster;
property listeners
public listeners: Record<string, Listener>;
Mapping from container in this service to the ELB listener exposing it through a load balancer. Only present if a listener was provided in [Container.portMappings] or in [Container.applicationListener] or [Container.networkListener].
property networkListeners
public networkListeners: Record<string, NetworkListener>;
property service
public service: Service;
property taskDefinition
public taskDefinition: TaskDefinition;
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource TaskDefinition
class TaskDefinition extends ComponentResource
constructor
new TaskDefinition(type: string, name: string, isFargate: boolean, args: TaskDefinitionArgs, opts: ComponentResourceOptions)
method createExecutionRole
public static createExecutionRole(name: string, assumeRolePolicy?: string | PolicyDocument, policyArns?: string[], opts?: pulumi.ComponentResourceOptions): Role
Creates the [executionRole] for a [TaskDefinition] if not provided explicitly. If [assumeRolePolicy] is provided it will be used when creating the task, otherwise [defaultRoleAssumeRolePolicy] will be used. If [policyArns] are provided, they will be used to create [RolePolicyAttachment]s for the Role. Otherwise, [defaultExecutionRolePolicyARNs] will be used.
method createTaskRole
public static createTaskRole(name: string, assumeRolePolicy?: string | PolicyDocument, policyArns?: string[], opts?: pulumi.ComponentResourceOptions): Role
Creates the [taskRole] for a [TaskDefinition] if not provided explicitly. If [assumeRolePolicy] is provided it will be used when creating the task, otherwise [defaultRoleAssumeRolePolicy] will be used. If [policyArns] are provided, they will be used to create [RolePolicyAttachment]s for the Role. Otherwise, [defaultTaskRolePolicyARNs] will be used.
method defaultExecutionRolePolicyARNs
public static defaultExecutionRolePolicyARNs(): string[]
method defaultRoleAssumeRolePolicy
public static defaultRoleAssumeRolePolicy(): PolicyDocument
method defaultTaskRolePolicyARNs
public static defaultTaskRolePolicyARNs(): "arn:aws:iam::aws:policy/AWSLambda_FullAccess" | "arn:aws:iam::aws:policy/AmazonECS_FullAccess"[]
method getData
protected getData(): Promise<TData>
Retrieves the data produces by [initialize]. The data is immediately available in a
derived class’s constructor after the super(...)
call to ComponentResource
.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method initialize
protected initialize(args: Inputs): Promise<TData>
Can be overridden by a subclass to asynchronously initialize data for this Component
automatically when constructed. The data will be available immediately for subclass
constructors to use. To access the data use .getData
.
method isInstance
static isInstance(obj: any): obj is ComponentResource
Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
method registerOutputs
protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void
registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.
ComponentResources can call this at the end of their constructor to indicate that they are
done creating child resources. This is not strictly necessary as this will automatically be
called after the initialize
method completes.
property applicationListeners
public applicationListeners: Record<string, ApplicationListener>;
property containers
public containers: Record<string, Container>;
property executionRole
public executionRole?: aws.iam.Role;
property listeners
public listeners: Record<string, Listener>;
Mapping from container in this task to the ELB listener exposing it through a load balancer. Only present if a listener was provided in [Container.portMappings] or in [Container.applicationListener] or [Container.networkListener].
property logGroup
public logGroup?: aws.cloudwatch.LogGroup;
property networkListeners
public networkListeners: Record<string, NetworkListener>;
property run
public run: (params: RunTaskRequest) => Promise<awssdk.ECS.Types.RunTaskResponse>;
Run one or more instances of this TaskDefinition using the ECS runTask
API, returning the Task instances.
This wrapper around runTask
provides appropriate defaults based on the TaskDefinition and allows specifying a Cluster instead of individual network configurations.
This API is designed for use at runtime.
property taskDefinition
public taskDefinition: TaskDefinition;
property taskRole
public taskRole?: aws.iam.Role;
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Others
class CapacityProviderService
class CapacityProviderService extends Service
constructor
new CapacityProviderService(name: string, args: CapacityProviderServiceArgs, opts: ComponentResourceOptions)
method getData
protected getData(): Promise<TData>
Retrieves the data produces by [initialize]. The data is immediately available in a
derived class’s constructor after the super(...)
call to ComponentResource
.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method initialize
protected initialize(args: Inputs): Promise<TData>
Can be overridden by a subclass to asynchronously initialize data for this Component
automatically when constructed. The data will be available immediately for subclass
constructors to use. To access the data use .getData
.
method isInstance
static isInstance(obj: any): obj is ComponentResource
Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
method registerOutputs
protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void
registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.
ComponentResources can call this at the end of their constructor to indicate that they are
done creating child resources. This is not strictly necessary as this will automatically be
called after the initialize
method completes.
property applicationListeners
public applicationListeners: Record<string, ApplicationListener>;
property cluster
public cluster: Cluster;
property listeners
public listeners: Record<string, Listener>;
Mapping from container in this service to the ELB listener exposing it through a load balancer. Only present if a listener was provided in [Container.portMappings] or in [Container.applicationListener] or [Container.networkListener].
property networkListeners
public networkListeners: Record<string, NetworkListener>;
property service
public service: Service;
property taskDefinition
public taskDefinition: FargateTaskDefinition | EC2TaskDefinition;
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
interface CapacityProviderServiceArgs
interface CapacityProviderServiceArgs
property assignPublicIp
assignPublicIp?: pulumi.Input<boolean>;
Whether or not public IPs should be provided for the instances.
Defaults to [true] if unspecified.
property capacityProviderStrategies
capacityProviderStrategies?;
The custom capacity provider strategy to use for the service. If not set, the cluster default capacity provider strategies will be used.
property cluster
cluster?: Cluster;
Cluster this service will run in. If unspecified, [Cluster.getDefault()] will be used.
property deploymentCircuitBreaker
deploymentCircuitBreaker?;
Configuration block for deployment circuit breaker.
property deploymentController
deploymentController?;
Configuration block containing deployment controller configuration.
property deploymentMaximumPercent
deploymentMaximumPercent?: pulumi.Input<number>;
The upper limit (as a percentage of the service’s desiredCount) of the number of running
tasks that can be running in a service during a deployment. Not valid when using the DAEMON
scheduling strategy.
property deploymentMinimumHealthyPercent
deploymentMinimumHealthyPercent?: pulumi.Input<number>;
The lower limit (as a percentage of the service’s desiredCount) of the number of running tasks that must remain running and healthy in a service during a deployment.
property desiredCount
desiredCount?: pulumi.Input<number>;
The number of instances of the task definition to place and keep running. Defaults to 1. Do
not specify if using the DAEMON
scheduling strategy.
property enableEcsManagedTags
enableEcsManagedTags?: pulumi.Input<boolean>;
Specifies whether to enable Amazon ECS managed tags for the tasks within the service.
property enableExecuteCommand
enableExecuteCommand?: pulumi.Input<boolean>;
Specifies whether to enable Amazon ECS Exec for the tasks within the service.
property forceNewDeployment
forceNewDeployment?: pulumi.Input<boolean>;
Enable to force a new task deployment of the service. This can be used to update tasks to use a newer Docker image with same image/tag combination (e.g. myimage:latest), roll Fargate tasks onto a newer platform version, or immediately deploy orderedPlacementStrategies and placementConstraints updates.
property healthCheckGracePeriodSeconds
healthCheckGracePeriodSeconds?: pulumi.Input<number>;
Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers.
property iamRole
iamRole?: pulumi.Input<string>;
ARN of the IAM role that allows Amazon ECS to make calls to your load balancer on your
behalf. This parameter is required if you are using a load balancer with your service, but
only if your task definition does not use the awsvpc
network mode. If using awsvpc
network mode, do not specify this role. If your account has already created the Amazon ECS
service-linked role, that role is used by default for your service unless you specify a role
here.
property loadBalancers
loadBalancers?: ServiceLoadBalancer | Promise<ServiceLoadBalancer> | OutputInstance<ServiceLoadBalancer> | ServiceLoadBalancerProvider[];
A load balancer block. Load balancers documented below.
property name
name?: pulumi.Input<string>;
The name of the service (up to 255 letters, numbers, hyphens, and underscores)
property orderedPlacementStrategies
orderedPlacementStrategies?;
Service level strategy rules that are taken into consideration during task placement. List
from top to bottom in order of precedence. The maximum number of ordered_placement_strategy
blocks is 5
. Defined below.
property os
os?: pulumi.Input<"linux" | "windows">;
property placementConstraints
placementConstraints?;
rules that are taken into consideration during task placement. Maximum number of
placement_constraints
is 10
. Defined below.
property platformVersion
platformVersion?: pulumi.Input<string>;
The platform version on which to run your service. Only applicable for launchType
set to FARGATE
.
Defaults to LATEST
. More information about Fargate platform versions can be found in the
AWS ECS User Guide.
property propagateTags
propagateTags?: pulumi.Input<string>;
Specifies whether to propagate the tags from the task definition or the service
to the tasks. The valid values are SERVICE
and TASK_DEFINITION
.
property schedulingStrategy
schedulingStrategy?: pulumi.Input<string>;
The scheduling strategy to use for the service. The valid values are REPLICA
and DAEMON
.
Defaults to REPLICA
. Note that Fargate tasks do not support the DAEMON
scheduling
strategy.
property securityGroups
securityGroups?: ec2.SecurityGroupOrId[];
The security groups to use for the instances.
Defaults to [cluster.securityGroups] if unspecified.
property serviceRegistries
serviceRegistries?;
The service discovery registries for the service. The maximum number of service_registries
blocks is 1
.
property subnets
subnets?: pulumi.Input<pulumi.Input<string>[]>;
The subnets to connect the instances to. If unspecified and [assignPublicIp] is true, then these will be the public subnets of the cluster’s vpc. If unspecified and [assignPublicIp] is false, then these will be the private subnets of the cluster’s vpc.
property tags
tags?: pulumi.Input<Tags>;
Key-value mapping of resource tags
property taskDefinition
taskDefinition: FargateTaskDefinition | EC2TaskDefinition;
The task definition to create the service from.
property waitForSteadyState
waitForSteadyState?: pulumi.Input<boolean>;
Wait for the service to reach a steady state (like aws ecs wait services-stable
)
before continuing. Defaults to true
.
interface ClusterArgs
interface ClusterArgs
Arguments bag for creating infrastructure for a new Cluster.
property capacityProviders
capacityProviders?;
List of short names of one or more capacity providers to associate with the cluster.
Valid values also include FARGATE
and FARGATE_SPOT
.
property cluster
cluster?: Cluster | pulumi.Input<string>;
An existing aws.ecs.Cluster (or the name of an existing aws.ecs.Cluster) to use for this awsx.ecs.Cluster. If not provided, a default one will be created.
Note: If passing a string, use the name of an existing ECS Cluster instead of its id.
property defaultCapacityProviderStrategies
defaultCapacityProviderStrategies?;
The capacity provider strategy to use by default for the cluster. Can be one or more.
property name
name?: pulumi.Input<string>;
The name of the cluster (up to 255 letters, numbers, hyphens, and underscores)
property securityGroups
securityGroups?: ec2.SecurityGroupOrId[];
The security group to place new instances into. If not provided, a default will be created. Pass an empty array to create no security groups.
property settings
settings?;
Configuration block(s) with cluster settings. For example, this can be used to enable CloudWatch Container Insights for a cluster.
property tags
tags?: pulumi.Input<Tags>;
Key-value mapping of resource tags
property vpc
vpc?: ec2.Vpc;
The network in which to create this cluster. If not provided, Vpc.getDefault() will be used.
interface Container
interface Container
[Container]s are used in [awsx.ec2.TaskDefinition] to describe the different containers that are launched as part of a task.
See https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html for more details.
property applicationListener
applicationListener?: ApplicationListener | ApplicationListenerArgs;
Alternative to passing in portMappings
. If a listener (or args to create a listener) is
passed in, it will be used instead.
property command
command?: pulumi.Input<string[]>;
The command that is passed to the container.
This parameter maps to Cmd
in the
Create-a-container
section of the Docker-Remote-API and the COMMAND
parameter to docker-run. For more
information, see https://docs.docker.com/engine/reference/builder/#cmd. If there are multiple
arguments, each argument should be a separated string in the array.
property cpu
cpu?: pulumi.Input<number>;
The number of cpu units reserved for the container. This parameter maps to CpuShares in the Create a container section of the Docker Remote API and the –cpu-shares option to docker run.
This parameter maps to CpuShares
in the
Create-a-container
section of the Docker-Remote-API and the
--cpu-shared
parameter to docker-run.
property dependsOn
dependsOn?: pulumi.Input<ContainerDependency[]>;
The dependencies defined for container startup and shutdown. A container can contain multiple dependencies. When a dependency is defined for container startup, for container shutdown it is reversed.
For tasks using the EC2 launch type, the container instances require at least version 1.26.0 of the container agent to enable container dependencies. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see Updating the Amazon ECS Container Agent in the Amazon Elastic Container Service Developer Guide. If you are using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the ecs-init package. If your container instances are launched from version 20190301 or later, then they contain the required versions of the container agent and ecs-init. For more information, see Amazon ECS-optimized Linux AMI in the Amazon Elastic Container Service Developer Guide.
For tasks using the Fargate launch type, the task or service requires platform version 1.3.0 or later.
property disableNetworking
disableNetworking?: pulumi.Input<boolean>;
When this parameter is true, networking is disabled within the container.
This parameter maps to NetworkDisabled
in the
Create-a-container
section of the Docker-Remote-API.
Note: This parameter is not supported for Windows containers.
property dnsSearchDomains
dnsSearchDomains?: pulumi.Input<string[]>;
A list of DNS search domains that are presented to the container.
This parameter maps to DnsSearch
in the
Create-a-container
section of the Docker-Remote-API and the
--dns-search
parameter to docker-run.
Note: This parameter is not supported for Windows containers.
property dnsServers
dnsServers?: pulumi.Input<string[]>;
A list of DNS servers that are presented to the container.
This parameter maps to Dns
in the
Create-a-container
section of the Docker-Remote-API and the --dns
parameter to docker-run.
Note: This parameter is not supported for Windows containers.
property dockerLabels
dockerLabels?: pulumi.Input<{[label: string]: string}>;
A key/value map of labels to add to the container.
This parameter maps to Labels
in the
Create-a-container
section of the Docker-Remote-API and the
--label
parameter to docker-run.
property dockerSecurityOptions
dockerSecurityOptions?: pulumi.Input<string[]>;
A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems. This field is not valid for containers in tasks using the Fargate launch type.
This parameter maps to SecurityOpt
in the
Create-a-container
section of the Docker-Remote-API and the
--security-opt
parameter to docker-run.
property entryPoint
entryPoint?: pulumi.Input<string[]>;
The entry point that is passed to the container.
This parameter maps to Entrypoint
in the
Create-a-container
section of the Docker-Remote-API and the
--entrypoint
parameter to docker-run.
Important: Early versions of the Amazon ECS container agent do not properly handle entryPoint parameters. If you have problems using entryPoint, update your container agent or enter your commands and arguments as command array items instead.
property environment
environment?: pulumi.Input<KeyValuePair[]>;
The environment variables to pass to a container.
This parameter maps to Env
in the
Create-a-container
section of the Docker-Remote-API and the --env
parameter to docker-run.
Important: We do not recommend using plaintext environment variables for sensitive information, such as credential data.
property environmentFiles
environmentFiles?: pulumi.Input<EnvironmentFile[]>;
A list of files containing the environment variables to pass to a container. This parameter maps to the –env-file option to docker run.
You can specify up to ten environment files. The file must have a .env file extension. Each line in an environment file should contain an environment variable in VARIABLE=VALUE format. Lines beginning with # are treated as comments and are ignored. For more information on the environment variable file syntax, see Declare default environment variables in file.
If there are environment variables specified using the environment parameter in a container definition, they take precedence over the variables contained within an environment file. If multiple environment files are specified that contain the same variable, they are processed from the top down. It is recommended to use unique variable names. For more information, see Specifying Environment Variables in the Amazon Elastic Container Service Developer Guide.
property essential
essential?: pulumi.Input<boolean>;
If the essential parameter of a container is marked as true, and that container fails or stops for any reason, all other containers that are part of the task are stopped. If the essential parameter of a container is marked as false, then its failure does not affect the rest of the containers in a task. If this parameter is omitted, a container is assumed to be essential.
All tasks must have at least one essential container. If you have an application that is composed of multiple containers, you should group containers that are used for a common purpose into components, and separate the different components into multiple task definitions. For more information, see Application-Architecture in the Amazon Elastic Container Service Developer Guide.
property extraHosts
extraHosts?: pulumi.Input<HostEntry[]>;
A list of hostnames and IP address mappings to append to the /etc/hosts file on the container.
This parameter maps to ExtraHosts
in the
Create-a-container
section of the Docker-Remote-API and the
--add-host
parameter to docker-run.
Note: This parameter is not supported for Windows containers or tasks that use the awsvpc network mode.
property firelensConfiguration
firelensConfiguration?: pulumi.Input<FirelensConfiguration>;
The FireLens configuration for the container. This is used to specify and configure a log router for container logs. For more information, see Custom Route Logging in the Amazon Elastic Container Service Developer Guide.
property healthCheck
healthCheck?: pulumi.Input<HealthCheck>;
The health check command and associated configuration parameters for the container. This
parameter maps to HealthCheck
in the
Create-a-container
section of the Docker-Remote-API and the
HEALTHCHECK
parameter to docker-run.
property hostname
hostname?: pulumi.Input<string>;
The hostname to use for your container. container.
This parameter maps to Hostname
in the
Create-a-container
section of the Docker-Remote-API and the
--hostname
parameter to docker-run.
property image
image: pulumi.Input<string> | ContainerImageProvider;
The image id to use for the container. If this is provided then the image with this idq will be pulled from Docker Hub. To provide customized image retrieval, provide [imageProvide] which can do whatever custom work is necessary. See [Image] for common ways to create an image from a local docker build.
property interactive
interactive?: pulumi.Input<boolean>;
When this parameter is true, this allows you to deploy containerized applications that require stdin or a tty to be allocated. This parameter maps to OpenStdin in the Create a container section of the Docker Remote API and the –interactive option to docker run.
property links
links?: pulumi.Input<string[]>;
The links parameter allows containers to communicate with each other without the need for port mappings. This parameter is only supported if the network mode of a task definition is bridge. The name:internalName construct is analogous to name:alias in Docker links. Up to 255 letters (uppercase and lowercase), numbers, and hyphens are allowed. For more information about linking Docker containers, go to Legacy container links in the Docker documentation.
This parameter maps to Links
in the
Create-a-container
section of the Docker-Remote-API and the
--link
parameter to docker-run.
Note: This parameter is not supported for Windows containers.
Important: Containers that are collocated on a single container instance may be able to communicate with each other without requiring links or host port mappings. Network isolation is achieved on the container instance using security groups and VPC settings.
property linuxParameters
linuxParameters?: pulumi.Input<LinuxParameters>;
Linux-specific modifications that are applied to the container, such as Linux kernel capabilities. For more information see KernelCapabilities.
property logConfiguration
logConfiguration?: pulumi.Input<LogConfiguration>;
The log configuration specification for the container. By default, containers use the same logging driver that the Docker daemon uses. However the container may use a different logging driver than the Docker daemon by specifying a log driver with this parameter in the container definition. To use a different logging driver for a container, the log system must be configured properly on the container instance (or on a different log server for remote logging options). For more information on the options for different supported log drivers, see Configure-logging-drivers in the Docker documentation.
This parameter maps to LogConfig
in the
Create-a-container
section of the Docker-Remote-API and the
--log-driver
parameter to docker-run.
property memory
memory?: pulumi.Input<number>;
The amount (in MiB) of memory to present to the container. If your container attempts to exceed the memory specified here, the container is killed. The total amount of memory reserved for all containers within a task must be lower than the task memory value, if one is specified.
If using the Fargate launch type, this parameter is optional.
If using the EC2 launch type, you must specify either a task-level memory value or a container-level memory value. If you specify both a container-level memory and memoryReservation value, memory must be greater than memoryReservation. If you specify memoryReservation, then that value is subtracted from the available memory resources for the container instance on which the container is placed. Otherwise, the value of memory is used.
The Docker daemon reserves a minimum of 4 MiB of memory for a container, so you should not specify fewer than 4 MiB of memory for your containers.
This parameter maps to Memory
in the
Create-a-container
section of the Docker-Remote-API and the
--memory
parameter to docker-run.
property memoryReservation
memoryReservation?: pulumi.Input<number>;
The soft limit (in MiB) of memory to reserve for the container. When system memory is under heavy contention, Docker attempts to keep the container memory to this soft limit. However, your container can consume more memory when it needs to, up to either the hard limit specified with the memory parameter (if applicable), or all of the available memory on the container instance, whichever comes first.
If a task-level memory value is not specified, you must specify a non-zero integer for one or both of memory or memoryReservation in a container definition. If you specify both, memory must be greater than memoryReservation. If you specify memoryReservation, then that value is subtracted from the available memory resources for the container instance on which the container is placed. Otherwise, the value of memory is used.
For example, if your container normally uses 128 MiB of memory, but occasionally bursts to 256 MiB of memory for short periods of time, you can set a memoryReservation of 128 MiB, and a memory hard limit of 300 MiB. This configuration would allow the container to only reserve 128 MiB of memory from the remaining resources on the container instance, but also allow the container to consume more memory resources when needed.
The Docker daemon reserves a minimum of 4 MiB of memory for a container, so you should not specify fewer than 4 MiB of memory for your containers.
This parameter maps to MemoryReservation
in the
Create-a-container
section of the Docker-Remote-API and the
--memory-reservation
parameter to docker-run.
property mountPoints
mountPoints?: pulumi.Input<MountPoint[]>;
The mount points for data volumes in your container.
This parameter maps to Volumes
in the
Create-a-container
section of the Docker-Remote-API and the
--volume
parameter to docker-run.
property networkListener
networkListener?: NetworkListener | NetworkListenerArgs;
Alternative to passing in portMappings
. If a listener (or args to create a listener) is
passed in, it will be used instead.
property portMappings
portMappings?: PortMapping | Promise<PortMapping> | OutputInstance<PortMapping> | ContainerPortMappingProvider[];
The list of port mappings for the container. Port mappings allow containers to access ports on the host container instance to send or receive traffic.
If this container will be run in an ecs.Service
that will be hooked up to an
lb.LoadBalancer
(either an ALB or NLB) the appropriate lb.Listener
or lb.TargetGroup
can be passed in here instead and the port mapping will be computed from it.
Alternatively, to simplify the common case of having to create load balancer listeners solely
for this purpose, the information listener can be provided directly in the container
definition using applicationListener
or networkListener
. If those properties are
provided, then portMappings
should not be provided.
For task definitions that use the awsvpc network mode, you should only specify the containerPort. The hostPort can be left blank or it must be the same value as the containerPort.
Port mappings on Windows use the NetNAT gateway address rather than localhost. There is no loopback for port mappings on Windows, so you cannot access a container’s mapped port from the host itself.
If the network mode of a task definition is set to none, then you can’t specify port mappings. If the network mode of a task definition is set to host, then host ports must either be undefined or they must match the container port in the port mapping.
This parameter maps to PortBindings
in the
Create-a-container
section of the Docker-Remote-API and the
--publish
parameter to docker-run.
property privileged
privileged?: pulumi.Input<boolean>;
When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user).
This parameter maps to Privileged
in the
Create-a-container
section of the Docker-Remote-API and the
--privileged
parameter to docker-run.
Note: This parameter is not supported for Windows containers or tasks using the Fargate launch type.
property pseudoTerminal
pseudoTerminal?: pulumi.Input<boolean>;
When this parameter is true, a TTY is allocated. This parameter maps to Tty
in the Create
a container section of
the Docker Remote API and the --tty
option to
docker run.
property readonlyRootFilesystem
readonlyRootFilesystem?: pulumi.Input<boolean>;
When this parameter is true, the container is given read-only access to its root file system.
This parameter maps to ReadonlyRootfs
in the
Create-a-container
section of the Docker-Remote-API and the
--read-only
parameter to docker-run.
Note: This parameter is not supported for Windows containers.
property repositoryCredentials
repositoryCredentials?: pulumi.Input<RepositoryCredentials>;
The private repository authentication credentials to use.
property resourceRequirements
resourceRequirements?: pulumi.Input<ResourceRequirements[]>;
The type and amount of a resource to assign to a container. The only supported resource is a GPU.
property secrets
secrets?: pulumi.Input<Secret[]>;
The secrets to pass to the container. For more information, see Specifying-Sensitive-Data in the Amazon Elastic Container Service Developer Guide.
property startTimeout
startTimeout?: pulumi.Input<number>;
Time duration (in seconds) to wait before giving up on resolving dependencies for a
container. For example, you specify two containers in a task definition with containerA
having a dependency on containerB reaching a COMPLETE
, SUCCESS
, or HEALTHY
status. If a
startTimeout value is specified for containerB and it does not reach the desired status
within that time then containerA will give up and not start. This results in the task
transitioning to a STOPPED
state.
For tasks using the EC2 launch type, the container instances require at least version 1.26.0 of the container agent to enable a container start timeout value. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see Updating the Amazon ECS Container Agent in the Amazon Elastic Container Service Developer Guide. If you are using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the ecs-init package. If your container instances are launched from version 20190301 or later, then they contain the required versions of the container agent and ecs-init. For more information, see Amazon ECS-optimized Linux AMI in the Amazon Elastic Container Service Developer Guide.
For tasks using the Fargate launch type, the task or service requires platform version
1.3.0
or later.
property stopTimeout
stopTimeout?: pulumi.Input<number>;
Time duration (in seconds) to wait before the container is forcefully killed if it doesn’t exit normally on its own.
For tasks using the Fargate launch type, the max stopTimeout
value is 2 minutes and the
task or service requires platform version 1.3.0
or later.
For tasks using the EC2 launch type, the stop timeout value for the container takes
precedence over the ECS_CONTAINER_STOP_TIMEOUT
container agent configuration parameter, if
used. Container instances require at least version 1.26.0 of the container agent to enable a
container stop timeout value. However, we recommend using the latest container agent version.
For information about checking your agent version and updating to the latest version, see
Updating the Amazon ECS Container
Agent in
the Amazon Elastic Container Service Developer Guide. If you are using an Amazon
ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the ecs-init
package. If your container instances are launched from version 20190301 or later, then they
contain the required versions of the container agent and ecs-init. For more information, see
Amazon ECS-optimized Linux
AMI in
the Amazon Elastic Container Service Developer Guide.
property systemControls
systemControls?: pulumi.Input<SystemControl[]>;
A list of namespaced kernel parameters to set in the container. This parameter maps to
Sysctls
in the Create a
container section of
the Docker Remote API and the --sysctl
option
to docker run
.
Note: It is not recommended that you specify network-related systemControls
parameters
for multiple containers in a single task that also uses either the awsvpc
or host
network
modes. For tasks that use the awsvpc
network mode, the container that is started last
determines which systemControls
parameters take effect. For tasks that use the host network
mode, it changes the container instance’s namespaced kernel parameters as well as the
containers.
property ulimits
ulimits?: pulumi.Input<Ulimit[]>;
A list of ulimits to set in the container.
This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version –format ‘{{.Server.APIVersion}}’
This parameter maps to Ulimits
in the
Create-a-container
section of the Docker-Remote-API and the
--ulimit
parameter to docker-run.
Note: This parameter is not supported for Windows containers.
property user
user?: pulumi.Input<string>;
The user name to use inside the container.
This parameter maps to User
in the
Create-a-container
section of the Docker-Remote-API and the
--user
parameter to docker-run.
property volumesFrom
volumesFrom?: pulumi.Input<VolumeFrom[]>;
Data volumes to mount from another container.
This parameter maps to VolumesFrom
in the
Create-a-container
section of the Docker-Remote-API and the
--volumes-from
parameter to docker-run.
property workingDirectory
workingDirectory?: pulumi.Input<string>;
The working directory in which to run commands inside the container.
This parameter maps to WorkingDir
in the
Create-a-container
section of the Docker-Remote-API and the
--workdir
parameter to docker-run.
interface ContainerDependency
interface ContainerDependency
See https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDependency.html for more details.
property condition
condition?: pulumi.Input<"START" | "COMPLETE" | "SUCCESS" | "HEALTHY">;
The dependency condition of the container. The following are the available conditions and their behavior: START - This condition emulates the behavior of links and volumes today. It validates that a dependent container is started before permitting other containers to start. COMPLETE - This condition validates that a dependent container runs to completion (exits) before permitting other containers to start. This can be useful for nonessential containers that run a script and then exit. SUCCESS - This condition is the same as COMPLETE, but it also requires that the container exits with a zero status. HEALTHY - This condition validates that the dependent container passes its Docker health check before permitting other containers to start. This requires that the dependent container has health checks configured. This condition is confirmed only at task startup.
property containerName
containerName: pulumi.Input<string>;
The name of a container.
interface ContainerImageProvider
interface ContainerImageProvider
method environment
environment(name: string, parent: Resource): pulumi.Input<KeyValuePair[]>
method image
image(name: string, parent: Resource): pulumi.Input<string>
interface ContainerLoadBalancer
interface ContainerLoadBalancer
property containerPort
containerPort: pulumi.Input<number>;
property elbName
elbName?: pulumi.Input<string>;
property targetGroupArn
targetGroupArn?: pulumi.Input<string>;
interface ContainerLoadBalancerProvider
interface ContainerLoadBalancerProvider
method containerLoadBalancer
containerLoadBalancer(name: string, parent: Resource): pulumi.Input<ContainerLoadBalancer>
interface ContainerPortMappingProvider
interface ContainerPortMappingProvider
method containerPortMapping
containerPortMapping(name: string, parent: Resource): pulumi.Input<PortMapping>
class EC2Service
class EC2Service extends Service
constructor
new EC2Service(name: string, args: EC2ServiceArgs, opts: ComponentResourceOptions)
method getData
protected getData(): Promise<TData>
Retrieves the data produces by [initialize]. The data is immediately available in a
derived class’s constructor after the super(...)
call to ComponentResource
.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method initialize
protected initialize(args: Inputs): Promise<TData>
Can be overridden by a subclass to asynchronously initialize data for this Component
automatically when constructed. The data will be available immediately for subclass
constructors to use. To access the data use .getData
.
method isInstance
static isInstance(obj: any): obj is ComponentResource
Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
method registerOutputs
protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void
registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.
ComponentResources can call this at the end of their constructor to indicate that they are
done creating child resources. This is not strictly necessary as this will automatically be
called after the initialize
method completes.
property applicationListeners
public applicationListeners: Record<string, ApplicationListener>;
property cluster
public cluster: Cluster;
property listeners
public listeners: Record<string, Listener>;
Mapping from container in this service to the ELB listener exposing it through a load balancer. Only present if a listener was provided in [Container.portMappings] or in [Container.applicationListener] or [Container.networkListener].
property networkListeners
public networkListeners: Record<string, NetworkListener>;
property service
public service: Service;
property taskDefinition
public taskDefinition: EC2TaskDefinition;
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
interface EC2ServiceArgs
interface EC2ServiceArgs
property cluster
cluster?: Cluster;
Cluster this service will run in.
property deploymentCircuitBreaker
deploymentCircuitBreaker?;
Configuration block for deployment circuit breaker.
property deploymentController
deploymentController?;
Configuration block containing deployment controller configuration.
property deploymentMaximumPercent
deploymentMaximumPercent?: pulumi.Input<number>;
The upper limit (as a percentage of the service’s desiredCount) of the number of running
tasks that can be running in a service during a deployment. Not valid when using the DAEMON
scheduling strategy.
property deploymentMinimumHealthyPercent
deploymentMinimumHealthyPercent?: pulumi.Input<number>;
The lower limit (as a percentage of the service’s desiredCount) of the number of running tasks that must remain running and healthy in a service during a deployment.
property desiredCount
desiredCount?: pulumi.Input<number>;
The number of instances of the task definition to place and keep running. Defaults to 1. Do
not specify if using the DAEMON
scheduling strategy.
property enableEcsManagedTags
enableEcsManagedTags?: pulumi.Input<boolean>;
Specifies whether to enable Amazon ECS managed tags for the tasks within the service.
property enableExecuteCommand
enableExecuteCommand?: pulumi.Input<boolean>;
Specifies whether to enable Amazon ECS Exec for the tasks within the service.
property forceNewDeployment
forceNewDeployment?: pulumi.Input<boolean>;
Enable to force a new task deployment of the service. This can be used to update tasks to use a newer Docker image with same image/tag combination (e.g. myimage:latest) or immediately deploy orderedPlacementStrategies and placementConstraints updates.
property healthCheckGracePeriodSeconds
healthCheckGracePeriodSeconds?: pulumi.Input<number>;
Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers.
property iamRole
iamRole?: pulumi.Input<string>;
ARN of the IAM role that allows Amazon ECS to make calls to your load balancer on your
behalf. This parameter is required if you are using a load balancer with your service, but
only if your task definition does not use the awsvpc
network mode. If using awsvpc
network mode, do not specify this role. If your account has already created the Amazon ECS
service-linked role, that role is used by default for your service unless you specify a role
here.
property loadBalancers
loadBalancers?: ServiceLoadBalancer | Promise<ServiceLoadBalancer> | OutputInstance<ServiceLoadBalancer> | ServiceLoadBalancerProvider[];
A load balancer block. Load balancers documented below.
property name
name?: pulumi.Input<string>;
The name of the service (up to 255 letters, numbers, hyphens, and underscores)
property orderedPlacementStrategies
orderedPlacementStrategies?;
Service level strategy rules that are taken into consideration during task placement. List
from top to bottom in order of precedence. The maximum number of ordered_placement_strategy
blocks is 5
. Defined below.
property os
os?: pulumi.Input<"linux" | "windows">;
property placementConstraints
placementConstraints?;
rules that are taken into consideration during task placement. Maximum number of
placement_constraints
is 10
. Defined below.
property propagateTags
propagateTags?: pulumi.Input<string>;
Specifies whether to propagate the tags from the task definition or the service
to the tasks. The valid values are SERVICE
and TASK_DEFINITION
.
property schedulingStrategy
schedulingStrategy?: pulumi.Input<string>;
The scheduling strategy to use for the service. The valid values are REPLICA
and DAEMON
.
Defaults to REPLICA
. Note that Fargate tasks do not support the DAEMON
scheduling
strategy.
property securityGroups
securityGroups?: ec2.SecurityGroupOrId[];
The security groups to use for the instances.
Defaults to [cluster.securityGroups] if unspecified.
property serviceRegistries
serviceRegistries?;
The service discovery registries for the service. The maximum number of service_registries
blocks is 1
.
property subnets
subnets?: pulumi.Input<pulumi.Input<string>[]>;
The subnets to connect the instances to. If unspecified then these will be the public subnets of the cluster’s vpc.
property tags
tags?: pulumi.Input<Tags>;
Key-value mapping of resource tags
property taskDefinition
taskDefinition?: EC2TaskDefinition;
The task definition to create the service from. Either [taskDefinition] or [taskDefinitionArgs] must be provided.
property taskDefinitionArgs
taskDefinitionArgs?: EC2TaskDefinitionArgs;
The task definition to create the service from. Either [taskDefinition] or [taskDefinitionArgs] must be provided.
property waitForSteadyState
waitForSteadyState?: pulumi.Input<boolean>;
Wait for the service to reach a steady state (like aws ecs wait services-stable
)
before continuing. Defaults to true
.
class EC2TaskDefinition
class EC2TaskDefinition extends TaskDefinition
constructor
new EC2TaskDefinition(name: string, args: EC2TaskDefinitionArgs, opts: ComponentResourceOptions)
method createExecutionRole
public static createExecutionRole(name: string, assumeRolePolicy?: string | PolicyDocument, policyArns?: string[], opts?: pulumi.ComponentResourceOptions): Role
Creates the [executionRole] for a [TaskDefinition] if not provided explicitly. If [assumeRolePolicy] is provided it will be used when creating the task, otherwise [defaultRoleAssumeRolePolicy] will be used. If [policyArns] are provided, they will be used to create [RolePolicyAttachment]s for the Role. Otherwise, [defaultExecutionRolePolicyARNs] will be used.
method createService
public createService(name: string, args: EC2ServiceArgs, opts: ComponentResourceOptions): EC2Service
Creates a service with this as its task definition.
method createTaskRole
public static createTaskRole(name: string, assumeRolePolicy?: string | PolicyDocument, policyArns?: string[], opts?: pulumi.ComponentResourceOptions): Role
Creates the [taskRole] for a [TaskDefinition] if not provided explicitly. If [assumeRolePolicy] is provided it will be used when creating the task, otherwise [defaultRoleAssumeRolePolicy] will be used. If [policyArns] are provided, they will be used to create [RolePolicyAttachment]s for the Role. Otherwise, [defaultTaskRolePolicyARNs] will be used.
method defaultExecutionRolePolicyARNs
public static defaultExecutionRolePolicyARNs(): string[]
method defaultRoleAssumeRolePolicy
public static defaultRoleAssumeRolePolicy(): PolicyDocument
method defaultTaskRolePolicyARNs
public static defaultTaskRolePolicyARNs(): "arn:aws:iam::aws:policy/AWSLambda_FullAccess" | "arn:aws:iam::aws:policy/AmazonECS_FullAccess"[]
method getData
protected getData(): Promise<TData>
Retrieves the data produces by [initialize]. The data is immediately available in a
derived class’s constructor after the super(...)
call to ComponentResource
.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method initialize
protected initialize(args: Inputs): Promise<TData>
Can be overridden by a subclass to asynchronously initialize data for this Component
automatically when constructed. The data will be available immediately for subclass
constructors to use. To access the data use .getData
.
method isInstance
static isInstance(obj: any): obj is ComponentResource
Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
method registerOutputs
protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void
registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.
ComponentResources can call this at the end of their constructor to indicate that they are
done creating child resources. This is not strictly necessary as this will automatically be
called after the initialize
method completes.
property applicationListeners
public applicationListeners: Record<string, ApplicationListener>;
property containers
public containers: Record<string, Container>;
property executionRole
public executionRole?: aws.iam.Role;
property listeners
public listeners: Record<string, Listener>;
Mapping from container in this task to the ELB listener exposing it through a load balancer. Only present if a listener was provided in [Container.portMappings] or in [Container.applicationListener] or [Container.networkListener].
property logGroup
public logGroup?: aws.cloudwatch.LogGroup;
property networkListeners
public networkListeners: Record<string, NetworkListener>;
property run
public run: (params: RunTaskRequest) => Promise<awssdk.ECS.Types.RunTaskResponse>;
Run one or more instances of this TaskDefinition using the ECS runTask
API, returning the Task instances.
This wrapper around runTask
provides appropriate defaults based on the TaskDefinition and allows specifying a Cluster instead of individual network configurations.
This API is designed for use at runtime.
property taskDefinition
public taskDefinition: TaskDefinition;
property taskRole
public taskRole?: aws.iam.Role;
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
interface EC2TaskDefinitionArgs
interface EC2TaskDefinitionArgs
property container
container?: Container;
Single container to make a TaskDefinition from. Useful for simple cases where there aren’t multiple containers, especially when creating a TaskDefinition to call [run] on.
Either [container] or [containers] must be provided.
property containers
containers?: Record<string, Container>;
All the containers to make a TaskDefinition from. Useful when creating a Service that will contain many containers within.
Either [container] or [containers] must be provided.
property executionRole
executionRole?: Role | null;
The execution role that the Amazon ECS container agent and the Docker daemon can assume.
If undefined
, a default will be created for the task. If null
no role will be created.
property family
family?: pulumi.Input<string>;
An optional family name for the Task Definition. If not specified, then a suitable default will be created.
property logGroup
logGroup?: LogGroup | null;
Log group for logging information related to the service. If undefined
a default instance
with a one-day retention policy will be created. If null
no log group will be created.
property networkMode
networkMode?: pulumi.Input<"none" | "bridge" | "awsvpc" | "host">;
The Docker networking mode to use for the containers in the task. The valid values are
none
, bridge
, awsvpc
, and host
.
property placementConstraints
placementConstraints?;
A set of placement constraints rules that are taken into consideration during task placement.
Maximum number of placement_constraints
is 10
.
property proxyConfiguration
proxyConfiguration?;
The proxy configuration details for the App Mesh proxy.
property tags
tags?: pulumi.Input<Tags>;
Key-value mapping of resource tags
property taskRole
taskRole?: Role | null;
IAM role that allows your Amazon ECS container task to make calls to other AWS services. If
undefined
, a default will be created for the task. If null
no role will be created.
property volumes
volumes?;
A set of volume blocks that containers in your task may use.
property vpc
vpc?: ec2.Vpc;
The vpc that the service for this task will run in. Does not normally need to be explicitly provided as it will be inferred from the cluster the service is associated with.
interface EnvironmentFile
interface EnvironmentFile
See https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_EnvironmentFile.html for more details.
property type
type: "s3";
The file type to use. The only supported value is s3.
property value
value: string;
The Amazon Resource Name (ARN) of the Amazon S3 object containing the environment variable file.
class FargateService
class FargateService extends Service
constructor
new FargateService(name: string, args: FargateServiceArgs, opts: ComponentResourceOptions)
method getData
protected getData(): Promise<TData>
Retrieves the data produces by [initialize]. The data is immediately available in a
derived class’s constructor after the super(...)
call to ComponentResource
.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method initialize
protected initialize(args: Inputs): Promise<TData>
Can be overridden by a subclass to asynchronously initialize data for this Component
automatically when constructed. The data will be available immediately for subclass
constructors to use. To access the data use .getData
.
method isInstance
static isInstance(obj: any): obj is ComponentResource
Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
method registerOutputs
protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void
registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.
ComponentResources can call this at the end of their constructor to indicate that they are
done creating child resources. This is not strictly necessary as this will automatically be
called after the initialize
method completes.
property applicationListeners
public applicationListeners: Record<string, ApplicationListener>;
property cluster
public cluster: Cluster;
property listeners
public listeners: Record<string, Listener>;
Mapping from container in this service to the ELB listener exposing it through a load balancer. Only present if a listener was provided in [Container.portMappings] or in [Container.applicationListener] or [Container.networkListener].
property networkListeners
public networkListeners: Record<string, NetworkListener>;
property service
public service: Service;
property taskDefinition
public taskDefinition: FargateTaskDefinition;
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
interface FargateServiceArgs
interface FargateServiceArgs
property assignPublicIp
assignPublicIp?: pulumi.Input<boolean>;
Whether or not public IPs should be provided for the instances.
Defaults to [true] if unspecified.
property cluster
cluster?: Cluster;
Cluster this service will run in. If unspecified, [Cluster.getDefault()] will be used.
property deploymentCircuitBreaker
deploymentCircuitBreaker?;
Configuration block for deployment circuit breaker.
property deploymentController
deploymentController?;
Configuration block containing deployment controller configuration.
property deploymentMaximumPercent
deploymentMaximumPercent?: pulumi.Input<number>;
The upper limit (as a percentage of the service’s desiredCount) of the number of running
tasks that can be running in a service during a deployment. Not valid when using the DAEMON
scheduling strategy.
property deploymentMinimumHealthyPercent
deploymentMinimumHealthyPercent?: pulumi.Input<number>;
The lower limit (as a percentage of the service’s desiredCount) of the number of running tasks that must remain running and healthy in a service during a deployment.
property desiredCount
desiredCount?: pulumi.Input<number>;
The number of instances of the task definition to place and keep running. Defaults to 1. Do
not specify if using the DAEMON
scheduling strategy.
property enableEcsManagedTags
enableEcsManagedTags?: pulumi.Input<boolean>;
Specifies whether to enable Amazon ECS managed tags for the tasks within the service.
property enableExecuteCommand
enableExecuteCommand?: pulumi.Input<boolean>;
Specifies whether to enable Amazon ECS Exec for the tasks within the service.
property forceNewDeployment
forceNewDeployment?: pulumi.Input<boolean>;
Enable to force a new task deployment of the service. This can be used to update tasks to use a newer Docker image with same image/tag combination (e.g. myimage:latest), roll Fargate tasks onto a newer platform version, or immediately deploy orderedPlacementStrategies and placementConstraints updates.
property healthCheckGracePeriodSeconds
healthCheckGracePeriodSeconds?: pulumi.Input<number>;
Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers.
property iamRole
iamRole?: pulumi.Input<string>;
ARN of the IAM role that allows Amazon ECS to make calls to your load balancer on your
behalf. This parameter is required if you are using a load balancer with your service, but
only if your task definition does not use the awsvpc
network mode. If using awsvpc
network mode, do not specify this role. If your account has already created the Amazon ECS
service-linked role, that role is used by default for your service unless you specify a role
here.
property loadBalancers
loadBalancers?: ServiceLoadBalancer | Promise<ServiceLoadBalancer> | OutputInstance<ServiceLoadBalancer> | ServiceLoadBalancerProvider[];
A load balancer block. Load balancers documented below.
property name
name?: pulumi.Input<string>;
The name of the service (up to 255 letters, numbers, hyphens, and underscores)
property os
os?: pulumi.Input<"linux" | "windows">;
property placementConstraints
placementConstraints?;
rules that are taken into consideration during task placement. Maximum number of
placement_constraints
is 10
. Defined below.
property platformVersion
platformVersion?: pulumi.Input<string>;
The platform version on which to run your service. Only applicable for launchType
set to FARGATE
.
Defaults to LATEST
. More information about Fargate platform versions can be found in the
AWS ECS User Guide.
property propagateTags
propagateTags?: pulumi.Input<string>;
Specifies whether to propagate the tags from the task definition or the service
to the tasks. The valid values are SERVICE
and TASK_DEFINITION
.
property schedulingStrategy
schedulingStrategy?: pulumi.Input<string>;
The scheduling strategy to use for the service. The valid values are REPLICA
and DAEMON
.
Defaults to REPLICA
. Note that Fargate tasks do not support the DAEMON
scheduling
strategy.
property securityGroups
securityGroups?: ec2.SecurityGroupOrId[];
The security groups to use for the instances.
Defaults to [cluster.securityGroups] if unspecified.
property serviceRegistries
serviceRegistries?;
The service discovery registries for the service. The maximum number of service_registries
blocks is 1
.
property subnets
subnets?: pulumi.Input<pulumi.Input<string>[]>;
The subnets to connect the instances to. If unspecified and [assignPublicIp] is true, then these will be the public subnets of the cluster’s vpc. If unspecified and [assignPublicIp] is false, then these will be the private subnets of the cluster’s vpc.
property tags
tags?: pulumi.Input<Tags>;
Key-value mapping of resource tags
property taskDefinition
taskDefinition?: FargateTaskDefinition;
The task definition to create the service from. Either [taskDefinition] or [taskDefinitionArgs] must be provided.
property taskDefinitionArgs
taskDefinitionArgs?: FargateTaskDefinitionArgs;
The task definition to create the service from. Either [taskDefinition] or [taskDefinitionArgs] must be provided.
property waitForSteadyState
waitForSteadyState?: pulumi.Input<boolean>;
Wait for the service to reach a steady state (like aws ecs wait services-stable
)
before continuing. Defaults to true
.
class FargateTaskDefinition
class FargateTaskDefinition extends TaskDefinition
constructor
new FargateTaskDefinition(name: string, args: FargateTaskDefinitionArgs, opts: ComponentResourceOptions)
method createExecutionRole
public static createExecutionRole(name: string, assumeRolePolicy?: string | PolicyDocument, policyArns?: string[], opts?: pulumi.ComponentResourceOptions): Role
Creates the [executionRole] for a [TaskDefinition] if not provided explicitly. If [assumeRolePolicy] is provided it will be used when creating the task, otherwise [defaultRoleAssumeRolePolicy] will be used. If [policyArns] are provided, they will be used to create [RolePolicyAttachment]s for the Role. Otherwise, [defaultExecutionRolePolicyARNs] will be used.
method createService
public createService(name: string, args: FargateServiceArgs, opts: ComponentResourceOptions): FargateService
Creates a service with this as its task definition.
method createTaskRole
public static createTaskRole(name: string, assumeRolePolicy?: string | PolicyDocument, policyArns?: string[], opts?: pulumi.ComponentResourceOptions): Role
Creates the [taskRole] for a [TaskDefinition] if not provided explicitly. If [assumeRolePolicy] is provided it will be used when creating the task, otherwise [defaultRoleAssumeRolePolicy] will be used. If [policyArns] are provided, they will be used to create [RolePolicyAttachment]s for the Role. Otherwise, [defaultTaskRolePolicyARNs] will be used.
method defaultExecutionRolePolicyARNs
public static defaultExecutionRolePolicyARNs(): string[]
method defaultRoleAssumeRolePolicy
public static defaultRoleAssumeRolePolicy(): PolicyDocument
method defaultTaskRolePolicyARNs
public static defaultTaskRolePolicyARNs(): "arn:aws:iam::aws:policy/AWSLambda_FullAccess" | "arn:aws:iam::aws:policy/AmazonECS_FullAccess"[]
method getData
protected getData(): Promise<TData>
Retrieves the data produces by [initialize]. The data is immediately available in a
derived class’s constructor after the super(...)
call to ComponentResource
.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method initialize
protected initialize(args: Inputs): Promise<TData>
Can be overridden by a subclass to asynchronously initialize data for this Component
automatically when constructed. The data will be available immediately for subclass
constructors to use. To access the data use .getData
.
method isInstance
static isInstance(obj: any): obj is ComponentResource
Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
method registerOutputs
protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void
registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.
ComponentResources can call this at the end of their constructor to indicate that they are
done creating child resources. This is not strictly necessary as this will automatically be
called after the initialize
method completes.
property applicationListeners
public applicationListeners: Record<string, ApplicationListener>;
property containers
public containers: Record<string, Container>;
property executionRole
public executionRole?: aws.iam.Role;
property listeners
public listeners: Record<string, Listener>;
Mapping from container in this task to the ELB listener exposing it through a load balancer. Only present if a listener was provided in [Container.portMappings] or in [Container.applicationListener] or [Container.networkListener].
property logGroup
public logGroup?: aws.cloudwatch.LogGroup;
property networkListeners
public networkListeners: Record<string, NetworkListener>;
property run
public run: (params: RunTaskRequest) => Promise<awssdk.ECS.Types.RunTaskResponse>;
Run one or more instances of this TaskDefinition using the ECS runTask
API, returning the Task instances.
This wrapper around runTask
provides appropriate defaults based on the TaskDefinition and allows specifying a Cluster instead of individual network configurations.
This API is designed for use at runtime.
property taskDefinition
public taskDefinition: TaskDefinition;
property taskRole
public taskRole?: aws.iam.Role;
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
interface FargateTaskDefinitionArgs
interface FargateTaskDefinitionArgs
property container
container?: Container;
Single container to make a TaskDefinition from. Useful for simple cases where there aren’t multiple containers, especially when creating a TaskDefinition to call [run] on.
Either [container] or [containers] must be provided.
property containers
containers?: Record<string, Container>;
All the containers to make a TaskDefinition from. Useful when creating a Service that will contain many containers within.
Either [container] or [containers] must be provided.
property cpu
cpu?: pulumi.Input<string>;
The number of cpu units used by the task. If not provided, a default will be computed based on the cumulative needs specified by [containerDefinitions]
property executionRole
executionRole?: Role | null;
The execution role that the Amazon ECS container agent and the Docker daemon can assume.
If undefined
, a default will be created for the task. If null
no role will be created.
property family
family?: pulumi.Input<string>;
An optional family name for the Task Definition. If not specified, then a suitable default will be created.
property logGroup
logGroup?: LogGroup | null;
Log group for logging information related to the service. If undefined
a default instance
with a one-day retention policy will be created. If null
no log group will be created.
property memory
memory?: pulumi.Input<string>;
The amount (in MiB) of memory used by the task. If not provided, a default will be computed based on the cumulative needs specified by [containerDefinitions]
property placementConstraints
placementConstraints?;
A set of placement constraints rules that are taken into consideration during task placement.
Maximum number of placement_constraints
is 10
.
property proxyConfiguration
proxyConfiguration?;
The proxy configuration details for the App Mesh proxy.
property tags
tags?: pulumi.Input<Tags>;
Key-value mapping of resource tags
property taskRole
taskRole?: Role | null;
IAM role that allows your Amazon ECS container task to make calls to other AWS services. If
undefined
, a default will be created for the task. If null
no role will be created.
property volumes
volumes?;
A set of volume blocks that containers in your task may use.
property vpc
vpc?: ec2.Vpc;
The vpc that the service for this task will run in. Does not normally need to be explicitly provided as it will be inferred from the cluster the service is associated with.
interface FirelensConfiguration
interface FirelensConfiguration
See https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_FirelensConfiguration.html for more details
property options
options?: undefined | {[key: string]: string};
The options to use when configuring the log router. This field is optional and can be used to specify a custom configuration file or to add additional metadata, such as the task, task definition, cluster, and container instance details to the log event.
property type
type: pulumi.Input<"fluentd" | "fluentbit">;
The log router to use.
class Image
implements ContainerImageProvider
method environment
public environment(name: string, parent: Resource): pulumi.Input<KeyValuePair[]>
method fromDockerBuild
public static fromDockerBuild(name: string, build: pulumi.Input<DockerBuild>): Image
Creates an [Image] using the detailed build instructions provided in [build].
Either a [name] or [repository] needs to be provided where the built image will be pushed to. If [repository] is provided, it will be used as-is. Otherwise, a new one will be created on-demand, using the [name] value.
public static fromDockerBuild(repository: Repository, build: pulumi.Input<DockerBuild>): Image
method fromFunction
public static fromFunction(func: () => void): Image
Creates an [Image] given function code to use as the implementation of the container.
method fromPath
public static fromPath(name: string, path: pulumi.Input<string>): Image
Creates an [Image] given a path to a folder in which a Docker build should be run.
Either a [name] or [repository] needs to be provided where the built image will be pushed to. If [repository] is provided, it will be used as-is. Otherwise, a new one will be created on-demand, using the [name] value.
public static fromPath(repository: Repository, path: pulumi.Input<string>): Image
method image
public image(name: string, parent: Resource): pulumi.Input<string>
interface KeyValuePair
interface KeyValuePair
See https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_KeyValuePair.html for more details.
property name
name: pulumi.Input<string>;
The name of the key-value pair. For environment variables, this is the name of the environment variable.
property value
value: pulumi.Input<string>;
The value of the key-value pair. For environment variables, this is the value of the environment variable.
namespace metrics
function cpuReservation
cpuReservation(change?: EcsMetricChange): Metric
The percentage of CPU units that are reserved by running tasks in the cluster.
Cluster CPU reservation (this metric can only be filtered by ClusterName) is measured as the total CPU units that are reserved by Amazon ECS tasks on the cluster, divided by the total CPU units that were registered for all of the container instances in the cluster. This metric is only used for tasks using the EC2 launch type.
Valid dimensions: ClusterName.
Valid statistics: Average, Minimum, Maximum, Sum, Sample Count. The most useful statistic is Average.
Unit: Percent.
function cpuUtilization
cpuUtilization(change?: EcsMetricChange): Metric
The percentage of CPU units that are used in the cluster or service.
Cluster CPU utilization (metrics that are filtered by ClusterName without ServiceName) is measured as the total CPU units in use by Amazon ECS tasks on the cluster, divided by the total CPU units that were registered for all of the container instances in the cluster. Cluster CPU utilization metrics are only used for tasks using the EC2 launch type.
Service CPU utilization (metrics that are filtered by ClusterName and ServiceName) is measured as the total CPU units in use by the tasks that belong to the service, divided by the total number of CPU units that are reserved for the tasks that belong to the service. Service CPU utilization metrics are used for tasks using both the Fargate and the EC2 launch type.
Valid dimensions: ClusterName, ServiceName.
Valid statistics: Average, Minimum, Maximum, Sum, Sample Count. The most useful statistic is Average.
Unit: Percent.
interface EcsMetricChange
interface EcsMetricChange extends MetricChange
property cluster
cluster?: Cluster | Cluster;
This dimension filters the data that you request for all resources in a specified cluster. All Amazon ECS metrics can be filtered by this.
property color
color?: pulumi.Input<string>;
The six-digit HTML hex color code to be used for this metric.
Only used if this metric is displayed in a [Dashboard] with a [MetricWidget].
property dimensions
dimensions?: pulumi.Input<Record<string, pulumi.Input<string>>>;
The new dimension for this metric. If this object is missing this property, then no change will be made. However, if the property is there by set to [undefined] then the value will be cleared.
property extendedStatistic
extendedStatistic?: pulumi.Input<number>;
The new percentile statistic for the metric associated with the alarm. If this object is missing this property, then no change will be made. However, if the property is there by set to [undefined] then the value will be set to the default.
property label
label?: pulumi.Input<string>;
The label to display for this metric in the graph legend. If this is not specified, the metric is given an autogenerated label that distinguishes it from the other metrics in the widget.
Only used if this metric is displayed in a [Dashboard] with a [MetricWidget].
property period
period?: pulumi.Input<number>;
The new period in seconds over which the specified stat
is applied. If this object is
missing this property, then no change will be made. However, if the property is there by set
to [undefined] then the value will be set to the default (300s).
property service
service?: Service | Service;
This dimension filters the data that you request for all resources in a specified service within a specified cluster. If this is an [awsx.ecs.Service] then [cluster] is not required. If this is an [aws.ecs.Service] then [cluster] is required.
property statistic
statistic?: pulumi.Input<MetricStatistic>;
The new statistic to apply to the alarm’s associated metric. If this object is missing this property, then no change will be made. However, if the property is there by set to [undefined] then the value will be set to the default.
property unit
unit?: pulumi.Input<MetricUnit>;
The new unit for this metric. If this object is missing this property, then no change will be made. However, if the property is there by set to [undefined] then the value will be set to the default.
property visible
visible?: pulumi.Input<boolean>;
Set this to true to have the metric appear in the graph, or false to have it be hidden. The default is true.
Only used if this metric is displayed in a [Dashboard] with a [MetricWidget].
property yAxis
yAxis?: pulumi.Input<"left" | "right">;
Where on the graph to display the y-axis for this metric. The default is left.
Only used if this metric is displayed in a [Dashboard] with a [MetricWidget].
type EcsMetricName
type EcsMetricName = "CPUReservation" | "CPUUtilization" | "MemoryReservation" | "MemoryUtilization" | "GPUReservation";
function gpuReservation
gpuReservation(change?: EcsMetricChange): Metric
The percentage of total available GPUs that are reserved by running tasks in the cluster.
Cluster GPU reservation is measured as the number of GPUs reserved by Amazon ECS tasks on the cluster, divided by the total number of GPUs that was available on all of the GPU-enabled container instances in the cluster.
Valid dimensions: ClusterName.
Valid statistics: Average, Minimum, Maximum, Sum, Sample Count. The most useful statistic is Average.
Unit: Percent.
function memoryReservation
memoryReservation(change?: EcsMetricChange): Metric
The percentage of memory that is reserved by running tasks in the cluster.
Cluster memory reservation (this metric can only be filtered by ClusterName) is measured as the total memory that is reserved by Amazon ECS tasks on the cluster, divided by the total amount of memory that was registered for all of the container instances in the cluster. This metric is only used for tasks using the EC2 launch type.
Valid dimensions: ClusterName.
Valid statistics: Average, Minimum, Maximum, Sum, Sample Count. The most useful statistic is Average.
Unit: Percent.
function memoryUtilization
memoryUtilization(change?: EcsMetricChange): Metric
The percentage of memory that is used in the cluster or service.
Cluster memory utilization (metrics that are filtered by ClusterName without ServiceName) is measured as the total memory in use by Amazon ECS tasks on the cluster, divided by the total amount of memory that was registered for all of the container instances in the cluster. Cluster memory utilization metrics are only used for tasks using the EC2 launch type.
Service memory utilization (metrics that are filtered by ClusterName and ServiceName) is measured as the total memory in use by the tasks that belong to the service, divided by the total memory that is reserved for the tasks that belong to the service. Service memory utilization metrics are used for tasks using both the Fargate and EC2 launch types.
Valid dimensions: ClusterName, ServiceName.
Valid statistics: Average, Minimum, Maximum, Sum, Sample Count. The most useful statistic is Average.
Unit: Percent.
function metric
metric(metricName: EcsMetricName, change: EcsMetricChange): Metric
Creates an AWS/ECS metric with the requested [metricName]. See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cloudwatch-metrics.html for list of all metric-names.
Note, individual metrics can easily be obtained without supplying the name using the other [metricXXX] functions.
You can monitor your Amazon ECS resources using Amazon CloudWatch, which collects and processes raw data from Amazon ECS into readable, near real-time metrics. These statistics are recorded for a period of two weeks so that you can access historical information and gain a better perspective on how your clusters or services are performing. Amazon ECS metric data is automatically sent to CloudWatch in 1-minute periods. For more information about CloudWatch, see the Amazon-CloudWatch-User-Guide.
Amazon ECS metrics use the AWS/ECS namespace and provide metrics for the following dimensions.
- “ClusterName”: This dimension filters the data that you request for all resources in a specified cluster. All Amazon ECS metrics are filtered by ClusterName.
- “ServiceName”: This dimension filters the data that you request for all resources in a specified service within a specified cluster.
interface NetworkConfiguration
interface NetworkConfiguration
property assignPublicIp
assignPublicIp?: pulumi.Input<boolean>;
Assign a public IP address to the ENI (Fargate launch type only). Valid values are true or false. Default false.
property securityGroups
securityGroups?: pulumi.Input<pulumi.Input<string>[]>;
The security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used.
property subnets
subnets: pulumi.Input<pulumi.Input<string>[]>;
The subnets associated with the task or service.
interface RunTaskRequest
interface RunTaskRequest
property cluster
cluster: Cluster;
The Cluster to run the Task within.
property count
count?: awssdk.ECS.BoxedInteger;
The number of instantiations of the specified task to place on your cluster. You can specify up to 10 tasks per call.
property enableECSManagedTags
enableECSManagedTags?: awssdk.ECS.Boolean;
Specifies whether to enable Amazon ECS managed tags for the task. For more information, see Tagging Your Amazon ECS Resources in the Amazon Elastic Container Service Developer Guide.
property group
group?: awssdk.ECS.String;
The name of the task group to associate with the task. The default value is the family name of the task definition (for example, family:my-family-name).
property networkConfiguration
networkConfiguration?: awssdk.ECS.NetworkConfiguration;
The network configuration for the task. This parameter is required for task definitions that use the awsvpc network mode to receive their own elastic network interface, and it is not supported for other network modes. For more information, see Task Networking in the Amazon Elastic Container Service Developer Guide.
property overrides
overrides?: awssdk.ECS.TaskOverride;
A list of container overrides in JSON format that specify the name of a container in the specified task definition and the overrides it should receive. You can override the default command for a container (that is specified in the task definition or Docker image) with a command override. You can also override existing environment variables (that are specified in the task definition or Docker image) on a container or add new environment variables to it with an environment override. A total of 8192 characters are allowed for overrides. This limit includes the JSON formatting characters of the override structure.
property placementConstraints
placementConstraints?: awssdk.ECS.PlacementConstraints;
An array of placement constraint objects to use for the task. You can specify up to 10 constraints per task (including constraints in the task definition and those specified at runtime).
property placementStrategy
placementStrategy?: awssdk.ECS.PlacementStrategies;
The placement strategy objects to use for the task. You can specify a maximum of five strategy rules per task.
property platformVersion
platformVersion?: awssdk.ECS.String;
The platform version the task should run. A platform version is only specified for tasks using the Fargate launch type. If one is not specified, the LATEST platform version is used by default. For more information, see AWS Fargate Platform Versions in the Amazon Elastic Container Service Developer Guide.
property propagateTags
propagateTags?: awssdk.ECS.PropagateTags;
Specifies whether to propagate the tags from the task definition or the service to the task. If no value is specified, the tags are not propagated.
property startedBy
startedBy?: awssdk.ECS.String;
An optional tag specified when a task is started. For example, if you automatically trigger a task to run a batch process job, you could apply a unique identifier for that job to your task with the startedBy parameter. You can then identify which tasks belong to that job by filtering the results of a ListTasks call with the startedBy value. Up to 36 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed. If a task is started by an Amazon ECS service, then the startedBy parameter contains the deployment ID of the service that starts it.
property tags
tags?: awssdk.ECS.Tags;
The metadata that you apply to the task to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
interface ServiceArgs
interface ServiceArgs
property capacityProviderStrategies
capacityProviderStrategies?;
The capacity provider strategy to use for the service.
property cluster
cluster?: Cluster;
Cluster this service will run in. If not specified [Cluster.getDefault()] will be used.
property deploymentCircuitBreaker
deploymentCircuitBreaker?;
Configuration block for deployment circuit breaker.
property deploymentController
deploymentController?;
Configuration block containing deployment controller configuration.
property deploymentMaximumPercent
deploymentMaximumPercent?: pulumi.Input<number>;
The upper limit (as a percentage of the service’s desiredCount) of the number of running
tasks that can be running in a service during a deployment. Not valid when using the DAEMON
scheduling strategy.
property deploymentMinimumHealthyPercent
deploymentMinimumHealthyPercent?: pulumi.Input<number>;
The lower limit (as a percentage of the service’s desiredCount) of the number of running tasks that must remain running and healthy in a service during a deployment.
property desiredCount
desiredCount?: pulumi.Input<number>;
The number of instances of the task definition to place and keep running. Defaults to 1. Do
not specify if using the DAEMON
scheduling strategy.
property enableEcsManagedTags
enableEcsManagedTags?: pulumi.Input<boolean>;
Specifies whether to enable Amazon ECS managed tags for the tasks within the service.
property enableExecuteCommand
enableExecuteCommand?: pulumi.Input<boolean>;
Specifies whether to enable Amazon ECS Exec for the tasks within the service.
property forceNewDeployment
forceNewDeployment?: pulumi.Input<boolean>;
Enable to force a new task deployment of the service. This can be used to update tasks
to use a newer Docker image with same image/tag combination (e.g. myimage:latest
), roll
Fargate tasks onto a newer platform version, or immediately deploy orderedPlacementStrategy
and placementConstraints
updates.
property healthCheckGracePeriodSeconds
healthCheckGracePeriodSeconds?: pulumi.Input<number>;
Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers.
property iamRole
iamRole?: pulumi.Input<string>;
ARN of the IAM role that allows Amazon ECS to make calls to your load balancer on your
behalf. This parameter is required if you are using a load balancer with your service, but
only if your task definition does not use the awsvpc
network mode. If using awsvpc
network mode, do not specify this role. If your account has already created the Amazon ECS
service-linked role, that role is used by default for your service unless you specify a role
here.
property launchType
launchType?: pulumi.Input<"EC2" | "FARGATE">;
The launch type on which to run your service. The valid values are EC2
and FARGATE
.
Defaults to EC2
.
property loadBalancers
loadBalancers?: ServiceLoadBalancer | Promise<ServiceLoadBalancer> | OutputInstance<ServiceLoadBalancer> | ServiceLoadBalancerProvider[];
A load balancer block. Load balancers documented below.
property name
name?: pulumi.Input<string>;
The name of the service (up to 255 letters, numbers, hyphens, and underscores)
property networkConfiguration
networkConfiguration?: pulumi.Input<NetworkConfiguration>;
The network configuration for the service. This parameter is required for task definitions
that use the awsvpc
network mode to receive their own Elastic Network Interface, and it is
not supported for other network modes.
property orderedPlacementStrategies
orderedPlacementStrategies?;
Service level strategy rules that are taken into consideration during task placement. List
from top to bottom in order of precedence. The maximum number of ordered_placement_strategy
blocks is 5
. Defined below.
property placementConstraints
placementConstraints?;
rules that are taken into consideration during task placement. Maximum number of
placement_constraints
is 10
. Defined below.
property platformVersion
platformVersion?: pulumi.Input<string>;
The platform version on which to run your service. Only applicable for launchType
set to FARGATE
.
Defaults to LATEST
. More information about Fargate platform versions can be found in the
AWS ECS User Guide.
property propagateTags
propagateTags?: pulumi.Input<string>;
Specifies whether to propagate the tags from the task definition or the service
to the tasks. The valid values are SERVICE
and TASK_DEFINITION
.
property schedulingStrategy
schedulingStrategy?: pulumi.Input<string>;
The scheduling strategy to use for the service. The valid values are REPLICA
and DAEMON
.
Defaults to REPLICA
. Note that Fargate tasks do not support the DAEMON
scheduling
strategy.
property securityGroups
securityGroups: SecurityGroup[];
Security groups determining how this service can be reached.
property serviceRegistries
serviceRegistries?;
The service discovery registries for the service. The maximum number of service_registries
blocks is 1
.
property tags
tags?: pulumi.Input<Tags>;
Key-value mapping of resource tags
property taskDefinition
taskDefinition: TaskDefinition;
The task definition to create the service from.
property waitForSteadyState
waitForSteadyState?: pulumi.Input<boolean>;
Wait for the service to reach a steady state (like aws ecs wait services-stable
)
before continuing. Defaults to true
.
interface ServiceLoadBalancer
interface ServiceLoadBalancer
property containerName
containerName: pulumi.Input<string>;
property containerPort
containerPort: pulumi.Input<number>;
property elbName
elbName?: pulumi.Input<string>;
property targetGroupArn
targetGroupArn?: pulumi.Input<string>;
interface ServiceLoadBalancerProvider
interface ServiceLoadBalancerProvider
method serviceLoadBalancer
serviceLoadBalancer(name: string, parent: Resource): pulumi.Input<ServiceLoadBalancer>
interface TaskDefinitionArgs
interface TaskDefinitionArgs
property containers
containers: Record<string, Container>;
All the containers to make a ClusterTaskDefinition from. Useful when creating a ClusterService that will contain many containers within.
Either [container] or [containers] must be provided.
property cpu
cpu?: pulumi.Input<string>;
The number of cpu units used by the task. If not provided, a default will be computed based on the cumulative needs specified by [containerDefinitions]
property executionRole
executionRole?: Role | null;
The execution role that the Amazon ECS container agent and the Docker daemon can assume.
If undefined
, a default will be created for the task. If null
, no task will be created.
property family
family?: pulumi.Input<string>;
An optional family name for the Task Definition. If not specified, then a suitable default will be created.
property inferenceAccelerators
inferenceAccelerators?: pulumi.Input<pulumi.Input<TaskDefinitionInferenceAccelerator>[]>;
Configuration block(s) with Inference Accelerators settings. Detailed below.
property ipcMode
ipcMode?: pulumi.Input<string>;
The IPC resource namespace to be used for the containers in the task The valid values are host
, task
, and none
.
property logGroup
logGroup?: LogGroup | null;
Log group for logging information related to the service. If undefined
a default instance
with a one-day retention policy will be created. If null
, no log group will be created.
property memory
memory?: pulumi.Input<string>;
The amount (in MiB) of memory used by the task. If not provided, a default will be computed based on the cumulative needs specified by [containerDefinitions]
property networkMode
networkMode?: pulumi.Input<"none" | "bridge" | "awsvpc" | "host">;
The Docker networking mode to use for the containers in the task. The valid values are
none
, bridge
, awsvpc
, and host
.
property pidMode
pidMode?: pulumi.Input<string>;
The process namespace to use for the containers in the task. The valid values are host
and task
.
property placementConstraints
placementConstraints?;
A set of placement constraints rules that are taken into consideration during task placement.
Maximum number of placement_constraints
is 10
.
property proxyConfiguration
proxyConfiguration?;
The proxy configuration details for the App Mesh proxy.
property requiresCompatibilities
requiresCompatibilities: pulumi.Input<[, "FARGATE"] | [, "EC2"]>;
A set of launch types required by the task. The valid values are EC2
and FARGATE
.
property tags
tags?: pulumi.Input<Tags>;
Key-value mapping of resource tags
property taskRole
taskRole?: Role | null;
IAM role that allows your Amazon ECS container task to make calls to other AWS services. If
undefined
, a default will be created for the task. If null
, no task will be created.
property volumes
volumes?;
A set of volume blocks that containers in your task may use.
property vpc
vpc?: ec2.Vpc;
The vpc that the service for this task will run in. Does not normally need to be explicitly provided as it will be inferred from the cluster the service is associated with.
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.