• HashiCorp Developer

  • HashiCorp Cloud Platform
  • Terraform
  • Packer
  • Consul
  • Vault
  • Boundary
  • Nomad
  • Waypoint
  • Vagrant
Waypoint
  • Install
  • Tutorials
  • Documentation
  • CLI
  • Plugins
  • Try Cloud(opens in new tab)
  • Sign up
Waypoint Home

Plugins

Skip to main content
  • Plugins
  • aws-ec2
  • aws-ecs
  • aws-lambda
  • aws-ssm
  • azure-container-instance
  • consul
  • docker
  • exec
  • google-cloud-run
  • helm
  • kubernetes
  • nomad
  • pack
  • packer
  • terraform-cloud
  • vault

  • Resources

  • Tutorial Library
  • Community Forum
    (opens in new tab)
  • Support
    (opens in new tab)
  • GitHub
    (opens in new tab)
  1. Developer
  2. Waypoint
  3. Plugins
  4. aws-ecs
  • Waypoint
  • v0.9.x
  • v0.8.x
  • v0.7.x
  • v0.6.x
  • v0.5.x
  • v0.4.x
  • v0.3.x
  • v0.2.x
  • v0.1.x

ยปAWS ECS

For a step by step tutorial, visit HashiCorp Learn.

Builders

ECS uses Docker images for building, which are generated by these builders:

  • Docker
  • Cloud Native Buildpacks

aws-ecr (registry)

Store a docker image within an Elastic Container Registry on AWS.

Interface

  • Input: docker.Image
  • Output: ecr.Image

Examples

registry {
    use "aws-ecr" {
      region = "us-east-1"
      tag = "latest"
    }
}

Mappers

Allow an ECR Image to be used as a standard docker.Image

  • Input: ecr.Image
  • Output: docker.Image

Required Parameters

These parameters are used in the use stanza for this plugin.

tag

The docker tag to assign to the new image.

  • Type: string

Optional Parameters

These parameters are used in the use stanza for this plugin.

region

The AWS region the ECR repository is in.

If not set uses the environment variable AWS_REGION or AWS_REGION_DEFAULT.

  • Type: string
  • Optional
  • Environment Variable: AWS_REGION_DEFAULT

repository

The ECR repository to store the image into.

This defaults to waypoint- then the application name. The repository will be automatically created if needed.

  • Type: string
  • Optional

Output Attributes

Output attributes can be used in your waypoint.hcl as variables via artifact or deploy.

architecture

  • Type: string

image

  • Type: string

tag

  • Type: string

aws-ecs (platform)

Deploy the application into an ECS cluster on AWS.

Interface

  • Input: docker.Image
  • Output: ecs.Deployment

Examples

deploy {
  use "aws-ecs" {
    region = "us-east-1"
    memory = 512
  }
}

Required Parameters

These parameters are used in the use stanza for this plugin.

logging (category)

Provides additional configuration for logging flags for ECS.

Part of the ecs task definition. These configuration flags help control how the awslogs log driver is configured.

logging.create_group

Enables creation of the aws logs group if not present.

  • Type: bool
  • Optional
logging.datetime_format

Defines the multiline start pattern in Python strftime format.

  • Type: string
  • Optional
logging.max_buffer_size

When using non-blocking logging mode, this is the buffer size for message storage.

  • Type: string
  • Optional
logging.mode

Delivery method for log messages, either 'blocking' or 'non-blocking'.

  • Type: string
  • Optional
logging.multiline_pattern

Defines the multiline start pattern using a regular expression.

  • Type: string
  • Optional
logging.region

The region the logs are to be shipped to.

logging.stream_prefix

Prefix for application in cloudwatch logs path.

  • Type: string
  • Optional
  • Default: Generated based off timestamp

memory

How much memory to assign to the container running the application.

When running in Fargate, this must be one of a few values, specified in MB: 512, 1024, 2048, 3072, 4096, 5120, and up to 16384 in increments of 1024. The memory value also controls the possible values for cpu.

  • Type: int

region

The AWS region for the ECS cluster.

  • Type: string

sidecar (category)

Additional container to run as a sidecar.

This runs additional containers in addition to the main container that comes from the build phase.

sidecar.container_port

The port number for the container.

  • Type: int
  • Optional
sidecar.health_check
  • Type: ecs.HealthCheckConfig
sidecar.host_port

The port number on the host to reserve for the container.

  • Type: int
  • Optional
sidecar.image

Image of the sidecar container.

  • Type: string
sidecar.memory

The amount (in MiB) of memory to present to the container.

  • Type: int
  • Optional
sidecar.memory_reservation

The soft limit (in MiB) of memory to reserve for the container.

  • Type: int
  • Optional
sidecar.name

Name of the container.

  • Type: string
sidecar.protocol

The protocol used for port mapping.

  • Type: string
  • Optional
sidecar.secrets

Secrets to expose to this container.

  • Type: map of string to string
  • Optional
sidecar.static_environment

Environment variables to expose to this container.

  • Type: map of string to string
  • Optional

Optional Parameters

These parameters are used in the use stanza for this plugin.

alb (category)

Provides additional configuration for using an ALB with ECS.

alb.certificate

The ARN of an AWS Certificate Manager cert to associate with the ALB.

  • Type: string
  • Optional
alb.domain_name

Fully qualified domain name to set for the ALB.

Set along with zone_id to have DNS automatically setup for the ALB. this value should include the full hostname and domain name, for instance app.example.com.

  • Type: string
  • Optional
alb.ingress_port

Internet-facing traffic port. Defaults to 80 if 'certificate' is unset, 443 if set.

Used to set the ALB listener port, and the ALB security group ingress port.

  • Type: int64
  • Optional
alb.internal

Whether or not the created ALB should be internal.

Used when listener_arn is not set. If set, the created ALB will have a scheme of internal, otherwise by default it has a scheme of internet-facing.

  • Type: bool
  • Optional
alb.listener_arn

The ARN on an existing ALB to configure.

When this is set, no ALB or Listener is created. Instead the application is configured by manipulating this existing Listener. This allows users to configure their ALB outside waypoint but still have waypoint hook the application to that ALB.

  • Type: string
  • Optional
alb.security_group_ids
  • Type: list of string
  • Optional
alb.subnets

The VPC subnets to use for the ALB.

  • Type: list of string
  • Optional
  • Default: public subnets in the default VPC
alb.zone_id

Route53 ZoneID to create a DNS record into.

Set along with alb.domain_name to have DNS automatically setup for the ALB.

  • Type: string
  • Optional

architecture

The instruction set CPU architecture that the Amazon ECS supports. Valid values are: "x86_64", "arm64".

  • Type: string
  • Optional

assign_public_ip

Assign a public ip address to tasks. Defaults to true. Ignored if using an ec2 cluster.

If this is set to false, deployments will fail unless tasks are able to egress to the container registry by some other means (i.e. a subnet default route to a NAT gateway).

  • Type: bool
  • Optional
  • Default: true

cluster

The name of the ECS cluster to deploy into.

The ECS cluster that will run the application as a Service. if there is no ECS cluster with this name, the ECS cluster will be created and configured to use Fargate to run containers.

  • Type: string
  • Optional

count

How many instances of the application should run.

  • Type: int
  • Optional

cpu

How many cpu shares the container running the application is allowed.

On Fargate, possible values for this are configured by the amount of memory the container is using. Here is a complete listing of possible values: 512MB: 256 1024MB: 256, 512 2048MB: 256, 512, 1024 3072MB: 512, 1024 4096MB: 512, 1024 5120MB: 1024 6144MB: 1024 7168MB: 1024 8192MB: 1024.

  • Type: int
  • Optional

disable_alb

Do not create a load balancer assigned to the service.

  • Type: bool
  • Optional

ec2_cluster

Indicate if the ECS cluster should be EC2 type rather than Fargate.

This controls if we should verify the ECS cluster in EC2 type. The cluster will not be created if it doesn't exist, only that there as existing cluster this is using EC2 and not Fargate.

  • Type: bool
  • Optional

execution_role_name

The name of the IAM role to use for ECS execution.

  • Type: string
  • Optional
  • Default: create a new exeuction IAM role based on the application name

log_group

The CloudWatchLogs log group to store container logs into.

  • Type: string
  • Optional
  • Default: derived from the application name

memory_reservation

  • Type: int
  • Optional

secrets

Secret key/values to pass to the ECS container.

  • Type: map of string to string
  • Optional

security_group_ids

Security Group IDs of existing security groups to use for the ECS service's network access.

List of existing group IDs to use for the ECS service's network access. If none are specified, waypoint will create one. If DisableALB is false (the default), waypoint will only allow ingress from the ALB's security group.

  • Type: list of string
  • Optional

service_port

The TCP port that the application is listening on.

  • Type: int64
  • Optional
  • Default: 3000

static_environment

Static environment variables to make available.

  • Type: map of string to string
  • Optional

subnets

The VPC subnets to use for the service.

You may set a list of private subnets here to prevent your tasks from being directly exposed publicly.

  • Type: list of string
  • Optional
  • Default: public subnets in the default VPC

task_role_name

The name of the task IAM role to assign.

If no role exists and a one or more task role policies are requested, a role with this name will be created.

  • Type: string
  • Optional

task_role_policy_arns

IAM Policy arns for attaching to the task role.

If no task role name is specified a task role with a default name will be created for this app, and these policies will be attached.

  • Type: list of string
  • Optional

Output Attributes

Output attributes can be used in your waypoint.hcl as variables via artifact or deploy.

cluster

  • Type: string

load_balancer_arn

  • Type: string

resource_state

  • Type: opaqueany.Any

service_arn

  • Type: string

target_group_arn

  • Type: string

task_arn

  • Type: string

url

  • Type: string

aws-ecs (task)

Launch an ECS task for on-demand tasks from the Waypoint server.

This will use the standard AWS environment variables and IAM Role information to source authentication information for AWS, using the configured task role. If no task role name is specified, Waypoint will create one with the required permissions.

Interface

Required Parameters

These parameters are used in the use stanza for this plugin.

odr_image

Docker image for the Waypoint On-Demand Runners.

Docker image for the Waypoint On-Demand Runners. This will default to the server image with the name (not label) suffixed with '-odr'.".

security_group_id

Security Group ID to place the On-Demand Runner task in.

Security Group ID to place the On-Demand Runner task in. This defaults to the security group used for the Waypoint server.

  • Type: string

subnets

List of subnets to place the On-Demand Runner task in.

List of subnets to place the On-Demand Runner task in. This defaults to the list of subnets configured for the Waypoint server and must be either identical or a subset of the subnets used by the Waypoint server.

  • Type: string

Optional Parameters

These parameters are used in the use stanza for this plugin.

cluster

Cluster name to place On-Demand runner tasks in.

ECS Cluster to place On-Demand runners in. This defaults to the cluster used by the Waypoint server.

  • Type: string
  • Optional

execution_role_name

The name of the AWS IAM role to apply to the task's Execution Role.

ExecutionRoleName is the name of the AWS IAM role to apply to the task's Execution Role. At this time we reuse the same Role as the Waypoint server Execution Role.

  • Type: string
  • Optional

log_group

Cloud Watch Log Group to use for On-Demand Runners.

Cloud Watch Log Group to use for On-Demand Runners. Defaults to the log group used for runners (waypoint-runner).

  • Type: string
  • Optional

odr_cpu

CPU to use for the On-Demand runners.

Configure the CPU for the On-Demand runners. The default is 512. See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html for valid values.

  • Type: string
  • Optional

odr_memory

Memory to use for the On-Demand runners.

Configure the memory for the On-Demand runners. The default is 1024. See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html for valid values.

  • Type: string
  • Optional

region

AWS Region to use.

AWS region to use. Defaults to the region used for the Waypoint Server.

  • Type: string
  • Optional

task_role_name

The name of the AWS IAM role to apply to the task's Task Role.

TaskRoleName is the name of the AWS IAM role to apply to the task. This role determines the privileges the ODR builder. If no role name is given, an IAM role will be created with the required policies.

  • Type: string
  • Optional

Output Attributes

Output attributes can be used in your waypoint.hcl as variables via artifact or deploy.

id

  • Type: string
Edit this page on GitHub

On this page

  1. AWS ECS
  2. Builders
  3. aws-ecr (registry)
  4. aws-ecs (platform)
  5. aws-ecs (task)
Give Feedback(opens in new tab)
  • Certifications
  • System Status
  • Terms of Use
  • Security
  • Privacy
  • Trademark Policy
  • Trade Controls
  • Give Feedback(opens in new tab)