Top / Amazon Web Service / AWS Amazon ECS / Cluster

AWS Amazon ECS Cluster

This page shows how to write Terraform and CloudFormation for Amazon ECS Cluster and write them securely.

terraform-logo

Review your .tf file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

aws_ecs_cluster (Terraform)

The Cluster in Amazon ECS can be configured in Terraform with the resource name aws_ecs_cluster. The following sections describe 4 examples of how to use the resource and its parameters.

Example Usage from GitHub

main.tf#L5
resource "aws_ecs_cluster" "qa" {
  name = "QA"
}

resource "aws_ecs_cluster" "Prod" {
  name = "Prod"
ecs_service_test.tf#L12
resource "aws_ecs_cluster" "ecs1" {
  name               = "ecs1"
  capacity_providers = ["FARGATE"]
}

resource "aws_ecs_task_definition" "ecs_task1" {
aws_ecs_cluster.tf#L1
resource "aws_ecs_cluster" "repgram-front" {
  name = "repgram-front"
}

resource "aws_ecs_cluster" "repgram-backend" {
  name = "repgram-backend"
aws_ecs_cluster_insights_denied.tf#L1
resource "aws_ecs_cluster" "denied" {
}

resource "aws_ecs_cluster" "denied_2" {
  setting {
    name = "containerInsights"

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Security Best Practices for aws_ecs_cluster

There is 1 setting in aws_ecs_cluster that should be taken care of for security reasons. The following section explain an overview and example code.

risk-label

Ensure to enable CloudWatch Container Insights

It's better to enable CloudWatch Container Insights to gain a better perspective on cluster applications. CloudWatch Container Insights collects, aggregates, and summarizes ECS metrics and logs.

Review your AWS Amazon ECS settings

You can check if the aws_ecs_cluster setting in your .tf file is correct in 3 min with Shisho Cloud.

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Provides an ECS cluster.

>> from Terraform Registry

Tips: Best Practices for The Other AWS Amazon ECS Resources

In addition to the aws_ecs_task_definition, AWS Amazon ECS has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

aws_ecs_task_definition

Ensure to enable in-transit encryption of EFS volume

It is better to enable in-transit encryption of EFS volume for the protection of data in transit more.

Review your AWS Amazon ECS settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

AWS::ECS::Cluster (CloudFormation)

The Cluster in ECS can be configured in CloudFormation with the resource name AWS::ECS::Cluster. The following sections describe 6 examples of how to use the resource and its parameters.

Example Usage from GitHub

jonathan-aws-ecs.yml#L5
    Type: AWS::ECS::Cluster
    Properties:
      ClusterName: jonathans-cluster
ecs_cluster_cf.yml#L32
#  AWS::ECS::Cluster for DEVELOP
# ------------------------------------------------------------#
  ECSClusterForDevelop:
    Type: 'AWS::ECS::Cluster'
    Properties:
      ClusterName: !Sub ${ProjectName}-develop
ECS-cluster.yml#L30
    Type: 'AWS::ECS::Cluster'
    Properties:
      ClusterName: !Sub '${EnvironmentName}_${AppClusterName}'
      ClusterSettings:
        - Name: 'containerInsights'
          Value: 'disabled'
ECS-cluster.yml#L30
    Type: 'AWS::ECS::Cluster'
    Properties:
      ClusterName: !Sub '${EnvironmentName}_${AppClusterName}'
      ClusterSettings:
        - Name: 'containerInsights'
          Value: 'disabled'
60-ecs-cluster.template.yml#L16
    Type: AWS::ECS::Cluster
    Properties:
      CapacityProviders: ['FARGATE', 'FARGATE_SPOT']
      Tags:
        - Key: Name
          Value: !Sub "${PJPrefix}-${TagSuffix}-production"
Cluster.json#L17
         "Type":"AWS::ECS::Cluster",
         "Properties":{
            "ClusterName":{
               "Fn::Sub":"${NameTag}-${Environment}-WEB-CLUSTER"
            }
         }

Parameters

>> from AWS CloudFormation Documentation

Explanation in CloudFormation Registry

The AWS::ECS::Cluster resource creates an Amazon Elastic Container Service (Amazon ECS) cluster.

>> from AWS CloudFormation Documentation

The Other Related AWS Amazon ECS Resources

Frequently asked questions

What is AWS Amazon ECS Cluster?

AWS Amazon ECS Cluster is a resource for Amazon ECS of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Amazon ECS Cluster?

For Terraform, the lciamp/terra-test, gilyas/infracost and DaichiHoshina/go_react_app source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the jonathanschoeller/jonathan-aws, TheGK-rh/CloudFormation and kybrdbnd/devops-hiring-challenge source code examples are useful. See the CloudFormation Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents