AWS Amazon ECS Service

This page shows how to write Terraform and CloudFormation for Amazon ECS Service and write them securely.

aws_ecs_service (Terraform)

The Service in Amazon ECS can be configured in Terraform with the resource name aws_ecs_service. The following sections describe 4 examples of how to use the resource and its parameters.

Example Usage from GitHub

service.tf#L1
resource "aws_ecs_service" "nginx-service" {
  count               = 1
  name                = "nginx"
  cluster             = aws_ecs_cluster.platform.id
  task_definition     = aws_ecs_task_definition.nginx-task-definition.arn
  scheduling_strategy = "REPLICA"
service.tf#L1
resource "aws_ecs_service" "kad-kafka-schema-registry" {
  cluster                            = aws_ecs_cluster.kad-ecs.id
  desired_count                      = 1
  launch_type                        = "EC2"
  name                               = "kad-kafka-schema-registry"
  scheduling_strategy                = "REPLICA"
ecs_services.tf#L2
resource "aws_ecs_service" "es_usw2a" {
    name = "es_usw2a"
    cluster = aws_ecs_cluster.es_cluster.id
    task_definition = aws_ecs_task_definition.es_usw2a.arn
    desired_count = 1
    launch_type = "FARGATE"
ecs_service_test.tf#L40
resource "aws_ecs_service" "ecs_fargate1" {
  name            = "ecs_fargate1"
  launch_type     = "FARGATE"
  cluster         = aws_ecs_cluster.ecs1.id
  task_definition = aws_ecs_task_definition.ecs_task1.arn
  desired_count   = 2

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

Explanation in Terraform Registry

-> Note: To prevent a race condition during service deletion, make sure to set depends_on to the related aws_iam_role_policy; otherwise, the policy may be destroyed too soon and the ECS service will then get stuck in the DRAINING state. Provides an ECS service - effectively a task that is expected to run until an error occurs or a user terminates it (typically a webserver or a database). See ECS Services section in AWS developer guide.

Tips: Best Practices for The Other AWS Amazon ECS Resources

In addition to the aws_ecs_cluster, AWS Amazon ECS has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

aws_ecs_cluster

Ensure to enable CloudWatch Container Insights

It's better to enable CloudWatch Container Insights to gain a better perspective on cluster applications. CloudWatch Container Insights collects, aggregates, and summarizes ECS metrics and logs.

risk-label

aws_ecs_task_definition

Ensure to enable in-transit encryption of EFS volume

It is better to enable in-transit encryption of EFS volume for the protection of data in transit more.

Review your AWS Amazon ECS settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

AWS::ECS::Service (CloudFormation)

The Service in ECS can be configured in CloudFormation with the resource name AWS::ECS::Service. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

sample-ecs-service-cfn.yml#L62
    Type: AWS::ECS::Service
    Properties:
      Cluster:
        Fn::ImportValue: !Sub ${VPCName}-FrontendEcsCluster-${EnvType}
      DesiredCount: !FindInMap [FrontendWebAppMap, !Ref EnvType, DesiredCount]
      HealthCheckGracePeriodSeconds: 60
service.yml#L61
    Type: AWS::ECS::Service
    Properties:
      ServiceName: TOKEN-SERVICE
      Cluster:
        Fn::ImportValue: !Join [':', [!Ref 'EcsClusterStackName', 'ClusterName']]
      LaunchType: FARGATE
appspec.yml#L4
      Type: AWS::ECS::Service
      Properties:
        TaskDefinition: "arn:aws:ecs:ap-northeast-2:085853160041:task-definition/game-math:12"
        LoadBalancerInfo:
          ContainerName: "game-math"
          ContainerPort: "7001"
ecs.yml#L322
    Type: AWS::ECS::Service
    DependsOn:
      - Exim4relayService
      - Exim4localService
      - DovecotService
      - EmailauthService
service.yml#L18
    Type: AWS::ECS::Service
    Properties:
      Cluster: default
      DesiredCount: !Ref DesiredCount
      TaskDefinition: !Ref ConfigTaskDefinition
      DeploymentConfiguration:
cloudformation.json#L353
      "Type": "AWS::ECS::Service",
      "Properties": {
        "Cluster": {
          "Ref": "EcsCluster"
        },
        "DesiredCount": 1,
cloudformation.json#L353
      "Type": "AWS::ECS::Service",
      "Properties": {
        "Cluster": {
          "Ref": "EcsCluster"
        },
        "DesiredCount": 1,
cloudformation.json#L353
      "Type": "AWS::ECS::Service",
      "Properties": {
        "Cluster": {
          "Ref": "EcsCluster"
        },
        "DesiredCount": 1,
cloudformation.json#L353
      "Type": "AWS::ECS::Service",
      "Properties": {
        "Cluster": {
          "Ref": "EcsCluster"
        },
        "DesiredCount": 1,
cloudformation.json#L193
      "Type": "AWS::ECS::Service",
      "Properties": {
        "Cluster": {
          "Ref": "EcsCluster"
        },
        "DesiredCount": 1,

Parameters

Explanation in CloudFormation Registry

The AWS::ECS::Service resource creates an Amazon Elastic Container Service (Amazon ECS) service that runs and maintains the requested number of tasks and associated load balancers.

Frequently asked questions

What is AWS Amazon ECS Service?

AWS Amazon ECS Service is a resource for Amazon ECS of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Amazon ECS Service?

For Terraform, the jorgechato/platform-tf, maikelpenz/kafka-aws-deployment and exNihlio/terraform source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the debugroom/mynavi-sample-aws-cloudformation, asakchris/api-gateway and bgpark82/game source code examples are useful. See the CloudFormation Example section for further details.