AWS Amazon ECS Tag

This page shows how to write Terraform and CloudFormation for Amazon ECS Tag and write them securely.

aws_ecs_tag (Terraform)

The Tag in Amazon ECS can be configured in Terraform with the resource name aws_ecs_tag. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

The following arguments are supported:

  • resource_arn - (Required) Amazon Resource Name (ARN) of the ECS resource to tag.
  • key - (Required) Tag name.
  • value - (Required) Tag value.

In addition to all arguments above, the following attributes are exported:

  • id - ECS resource identifier and key, separated by a comma (,)

Explanation in Terraform Registry

Manages an individual ECS resource tag. This resource should only be used in cases where ECS resources are created outside Terraform (e.g., ECS Clusters implicitly created by Batch Compute Environments).

NOTE: This tagging resource should not be combined with the Terraform resource for managing the parent resource. For example, using aws_ecs_cluster and aws_ecs_tag to manage tags of the same ECS Cluster will cause a perpetual difference where the aws_ecs_cluster resource will try to remove the tag being added by the aws_ecs_tag resource. NOTE: This tagging resource does not use the provider ignore_tags configuration.

Tips: Best Practices for The Other AWS Amazon ECS Resources

In addition to the aws_ecs_cluster, AWS Amazon ECS has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

aws_ecs_cluster

Ensure to enable CloudWatch Container Insights

It's better to enable CloudWatch Container Insights to gain a better perspective on cluster applications. CloudWatch Container Insights collects, aggregates, and summarizes ECS metrics and logs.

risk-label

aws_ecs_task_definition

Ensure to enable in-transit encryption of EFS volume

It is better to enable in-transit encryption of EFS volume for the protection of data in transit more.

Review your AWS Amazon ECS settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

AWS::ECS::Cluster (CloudFormation)

The Cluster in ECS can be configured in CloudFormation with the resource name AWS::ECS::Cluster. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

jonathan-aws-ecs.yml#L5
    Type: AWS::ECS::Cluster
    Properties:
      ClusterName: jonathans-cluster
ecs_cluster_cf.yml#L32
#  AWS::ECS::Cluster for DEVELOP
# ------------------------------------------------------------#
  ECSClusterForDevelop:
    Type: 'AWS::ECS::Cluster'
    Properties:
      ClusterName: !Sub ${ProjectName}-develop
ECS-cluster.yml#L30
    Type: 'AWS::ECS::Cluster'
    Properties:
      ClusterName: !Sub '${EnvironmentName}_${AppClusterName}'
      ClusterSettings:
        - Name: 'containerInsights'
          Value: 'disabled'
ECS-cluster.yml#L30
    Type: 'AWS::ECS::Cluster'
    Properties:
      ClusterName: !Sub '${EnvironmentName}_${AppClusterName}'
      ClusterSettings:
        - Name: 'containerInsights'
          Value: 'disabled'
60-ecs-cluster.template.yml#L16
    Type: AWS::ECS::Cluster
    Properties:
      CapacityProviders: ['FARGATE', 'FARGATE_SPOT']
      Tags:
        - Key: Name
          Value: !Sub "${PJPrefix}-${TagSuffix}-production"
aws-cloudformation-update-stack-DescribeStackEvents-bebfc2df3eb732ac903d2a3214f0d13f-19.json#L31
        "ResourceType": "AWS::ECS::Cluster",
        "StackId": "arn:aws:cloudformation:%AWS_REGION%:%AWS_ACC_ID%:stack/stastest-%SCENARIO_ID%/e4606190-b6bc-11ea-91d5-0ac92d082ee0",
        "StackName": "stastest-%SCENARIO_ID%",
        "Timestamp": "2020-06-25T08:22:18.299Z"
      },
      {
aws-cloudformation-update-stack-DescribeStackEvents-bebfc2df3eb732ac903d2a3214f0d13f-18.json#L31
        "ResourceType": "AWS::ECS::Cluster",
        "StackId": "arn:aws:cloudformation:%AWS_REGION%:%AWS_ACC_ID%:stack/stastest-%SCENARIO_ID%/e4606190-b6bc-11ea-91d5-0ac92d082ee0",
        "StackName": "stastest-%SCENARIO_ID%",
        "Timestamp": "2020-06-25T08:22:18.299Z"
      },
      {
sync-single-valid-template-with-parameters-DescribeStackEvents-80dd3670f03efb8aec5efb2ff987d863-8.json#L31
        "ResourceType": "AWS::ECS::Cluster",
        "StackId": "arn:aws:cloudformation:%AWS_REGION%:%AWS_ACC_ID%:stack/stastest-param-%SCENARIO_ID%/301220b0-b6bd-11ea-8e93-0ad4772b7a1e",
        "StackName": "stastest-param-%SCENARIO_ID%",
        "Timestamp": "2020-06-25T08:24:00.723Z"
      },
      {
sync-single-valid-template-with-parameters-DescribeStackEvents-80dd3670f03efb8aec5efb2ff987d863-9.json#L31
        "ResourceType": "AWS::ECS::Cluster",
        "StackId": "arn:aws:cloudformation:%AWS_REGION%:%AWS_ACC_ID%:stack/stastest-param-%SCENARIO_ID%/301220b0-b6bd-11ea-8e93-0ad4772b7a1e",
        "StackName": "stastest-param-%SCENARIO_ID%",
        "Timestamp": "2020-06-25T08:24:00.723Z"
      },
      {
sync-single-valid-template-with-parameters-DescribeStackEvents-80dd3670f03efb8aec5efb2ff987d863-7.json#L18
        "ResourceType": "AWS::ECS::Cluster",
        "StackId": "arn:aws:cloudformation:%AWS_REGION%:%AWS_ACC_ID%:stack/stastest-param-%SCENARIO_ID%/301220b0-b6bd-11ea-8e93-0ad4772b7a1e",
        "StackName": "stastest-param-%SCENARIO_ID%",
        "Timestamp": "2020-06-25T08:24:00.723Z"
      },
      {

Parameters

Explanation in CloudFormation Registry

The AWS::ECS::Cluster resource creates an Amazon Elastic Container Service (Amazon ECS) cluster.

Frequently asked questions

What is AWS Amazon ECS Tag?

AWS Amazon ECS Tag is a resource for Amazon ECS of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Amazon ECS Tag?

For CloudFormation, the jonathanschoeller/jonathan-aws, TheGK-rh/CloudFormation and kybrdbnd/devops-hiring-challenge source code examples are useful. See the CloudFormation Example section for further details.