AWS Amazon ECS Service
This page shows how to write Terraform and CloudFormation for Amazon ECS Service and write them securely.
aws_ecs_service (Terraform)
The Service in Amazon ECS can be configured in Terraform with the resource name aws_ecs_service. The following sections describe 4 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_ecs_service" "nginx-service" {
count = 1
name = "nginx"
cluster = aws_ecs_cluster.platform.id
task_definition = aws_ecs_task_definition.nginx-task-definition.arn
scheduling_strategy = "REPLICA"
resource "aws_ecs_service" "kad-kafka-schema-registry" {
cluster = aws_ecs_cluster.kad-ecs.id
desired_count = 1
launch_type = "EC2"
name = "kad-kafka-schema-registry"
scheduling_strategy = "REPLICA"
resource "aws_ecs_service" "es_usw2a" {
name = "es_usw2a"
cluster = aws_ecs_cluster.es_cluster.id
task_definition = aws_ecs_task_definition.es_usw2a.arn
desired_count = 1
launch_type = "FARGATE"
resource "aws_ecs_service" "ecs_fargate1" {
name = "ecs_fargate1"
launch_type = "FARGATE"
cluster = aws_ecs_cluster.ecs1.id
task_definition = aws_ecs_task_definition.ecs_task1.arn
desired_count = 2
Parameters
-
clusteroptional computed - string -
deployment_maximum_percentoptional - number -
deployment_minimum_healthy_percentoptional - number -
desired_countoptional - number -
enable_ecs_managed_tagsoptional - bool -
enable_execute_commandoptional - bool -
force_new_deploymentoptional - bool -
health_check_grace_period_secondsoptional - number -
iam_roleoptional computed - string -
idoptional computed - string -
launch_typeoptional computed - string -
namerequired - string -
platform_versionoptional computed - string -
propagate_tagsoptional - string -
scheduling_strategyoptional - string -
tagsoptional - map from string to string -
task_definitionoptional - string -
wait_for_steady_stateoptional - bool -
capacity_provider_strategyset block-
baseoptional - number -
capacity_providerrequired - string -
weightoptional - number
-
-
deployment_circuit_breakerlist block -
deployment_controllerlist block-
typeoptional - string
-
-
load_balancerset block-
container_namerequired - string -
container_portrequired - number -
elb_nameoptional - string -
target_group_arnoptional - string
-
-
network_configurationlist block-
assign_public_ipoptional - bool -
security_groupsoptional - set of string -
subnetsrequired - set of string
-
-
ordered_placement_strategylist block -
placement_constraintsset block-
expressionoptional - string -
typerequired - string
-
-
service_registrieslist block-
container_nameoptional - string -
container_portoptional - number -
portoptional - number -
registry_arnrequired - string
-
-
timeoutssingle block-
deleteoptional - string
-
Explanation in Terraform Registry
-> Note: To prevent a race condition during service deletion, make sure to set
depends_onto the relatedaws_iam_role_policy; otherwise, the policy may be destroyed too soon and the ECS service will then get stuck in theDRAININGstate. Provides an ECS service - effectively a task that is expected to run until an error occurs or a user terminates it (typically a webserver or a database). See ECS Services section in AWS developer guide.
Tips: Best Practices for The Other AWS Amazon ECS Resources
In addition to the aws_ecs_cluster, AWS Amazon ECS has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_ecs_cluster
Ensure to enable CloudWatch Container Insights
It's better to enable CloudWatch Container Insights to gain a better perspective on cluster applications. CloudWatch Container Insights collects, aggregates, and summarizes ECS metrics and logs.
aws_ecs_task_definition
Ensure to enable in-transit encryption of EFS volume
It is better to enable in-transit encryption of EFS volume for the protection of data in transit more.
AWS::ECS::Service (CloudFormation)
The Service in ECS can be configured in CloudFormation with the resource name AWS::ECS::Service. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: AWS::ECS::Service
Properties:
Cluster:
Fn::ImportValue: !Sub ${VPCName}-FrontendEcsCluster-${EnvType}
DesiredCount: !FindInMap [FrontendWebAppMap, !Ref EnvType, DesiredCount]
HealthCheckGracePeriodSeconds: 60
Type: AWS::ECS::Service
Properties:
ServiceName: TOKEN-SERVICE
Cluster:
Fn::ImportValue: !Join [':', [!Ref 'EcsClusterStackName', 'ClusterName']]
LaunchType: FARGATE
Type: AWS::ECS::Service
Properties:
TaskDefinition: "arn:aws:ecs:ap-northeast-2:085853160041:task-definition/game-math:12"
LoadBalancerInfo:
ContainerName: "game-math"
ContainerPort: "7001"
Type: AWS::ECS::Service
DependsOn:
- Exim4relayService
- Exim4localService
- DovecotService
- EmailauthService
Type: AWS::ECS::Service
Properties:
Cluster: default
DesiredCount: !Ref DesiredCount
TaskDefinition: !Ref ConfigTaskDefinition
DeploymentConfiguration:
"Type": "AWS::ECS::Service",
"Properties": {
"Cluster": {
"Ref": "EcsCluster"
},
"DesiredCount": 1,
"Type": "AWS::ECS::Service",
"Properties": {
"Cluster": {
"Ref": "EcsCluster"
},
"DesiredCount": 1,
"Type": "AWS::ECS::Service",
"Properties": {
"Cluster": {
"Ref": "EcsCluster"
},
"DesiredCount": 1,
"Type": "AWS::ECS::Service",
"Properties": {
"Cluster": {
"Ref": "EcsCluster"
},
"DesiredCount": 1,
"Type": "AWS::ECS::Service",
"Properties": {
"Cluster": {
"Ref": "EcsCluster"
},
"DesiredCount": 1,
Parameters
-
CapacityProviderStrategyoptional - List of CapacityProviderStrategyItem -
Clusteroptional - String -
DeploymentConfigurationoptional - DeploymentConfiguration -
DeploymentControlleroptional - DeploymentController -
DesiredCountoptional - Integer -
EnableECSManagedTagsoptional - Boolean -
EnableExecuteCommandoptional - Boolean -
HealthCheckGracePeriodSecondsoptional - Integer -
LaunchTypeoptional - String -
LoadBalancersoptional - List of LoadBalancer -
NetworkConfigurationoptional - NetworkConfiguration -
PlacementConstraintsoptional - List of PlacementConstraint -
PlacementStrategiesoptional - List of PlacementStrategy -
PlatformVersionoptional - String -
PropagateTagsoptional - String -
Roleoptional - String -
SchedulingStrategyoptional - String -
ServiceNameoptional - String -
ServiceRegistriesoptional - List of ServiceRegistry -
Tagsoptional - List of Tag -
TaskDefinitionoptional - String
Explanation in CloudFormation Registry
The
AWS::ECS::Serviceresource creates an Amazon Elastic Container Service (Amazon ECS) service that runs and maintains the requested number of tasks and associated load balancers.
Frequently asked questions
What is AWS Amazon ECS Service?
AWS Amazon ECS Service is a resource for Amazon ECS of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Amazon ECS Service?
For Terraform, the jorgechato/platform-tf, maikelpenz/kafka-aws-deployment and exNihlio/terraform source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the debugroom/mynavi-sample-aws-cloudformation, asakchris/api-gateway and bgpark82/game source code examples are useful. See the CloudFormation Example section for further details.
