»AWS ECS

For a step by step tutorial, visit HashiCorp Learn.

Builders

ECS uses Docker images for building, which are generated by these builders:

aws-ecr (registry)

Store a docker image within an Elastic Container Registry on AWS.

Interface

Input: docker.Image
Output: ecr.Image

Examples

registry {
    use "aws-ecr" {
      region = "us-east-1"
      tag = "latest"
    }
}

Mappers

Allow an ECR Image to be used as a standard docker.Image

Input: ecr.Image
Output: docker.Image

Required Parameters

These parameters are used in the use stanza for this plugin.

Optional Parameters

These parameters are used in the use stanza for this plugin.

region

The AWS region the ECR repository is in.

If not set uses the environment variable AWS_REGION or AWS_REGION_DEFAULT.

Type: string
Optional
Environment Variable: AWS_REGION_DEFAULT

repository

The ECR repository to store the image into.

This defaults to waypoint- then the application name. The repository will be automatically created if needed.

Type: string
Optional

Output Attributes

Output attributes can be used in your waypoint.hcl as variables via artifact or deploy.

architecture

Type: string

image

Type: string

aws-ecs (platform)

Deploy the application into an ECS cluster on AWS.

Interface

Input: docker.Image
Output: ecs.Deployment

Examples

deploy {
  use "aws-ecs" {
    region = "us-east-1"
    memory = 512
  }
}

Required Parameters

These parameters are used in the use stanza for this plugin.

logging (category)

Provides additional configuration for logging flags for ECS.

Part of the ecs task definition. These configuration flags help control how the awslogs log driver is configured.

logging.create_group

Enables creation of the aws logs group if not present.

Type: bool
Optional

logging.datetime_format

Defines the multiline start pattern in Python strftime format.

Type: string
Optional

logging.max_buffer_size

When using non-blocking logging mode, this is the buffer size for message storage.

Type: string
Optional

logging.mode

Delivery method for log messages, either 'blocking' or 'non-blocking'.

Type: string
Optional

logging.multiline_pattern

Defines the multiline start pattern using a regular expression.

Type: string
Optional

logging.region

The region the logs are to be shipped to.

logging.stream_prefix

Prefix for application in cloudwatch logs path.

Type: string
Optional
Default: Generated based off timestamp

memory

How much memory to assign to the container running the application.

When running in Fargate, this must be one of a few values, specified in MB: 512, 1024, 2048, 3072, 4096, 5120, and up to 16384 in increments of 1024. The memory value also controls the possible values for cpu.

Type: int

region

The AWS region for the ECS cluster.

Type: string

sidecar (category)

Additional container to run as a sidecar.

This runs additional containers in addition to the main container that comes from the build phase.

sidecar.container_port

The port number for the container.

Type: int
Optional

sidecar.health_check

Type: ecs.HealthCheckConfig

sidecar.host_port

The port number on the host to reserve for the container.

Type: int
Optional

sidecar.image

Image of the sidecar container.

Type: string

sidecar.memory

The amount (in MiB) of memory to present to the container.

Type: int
Optional

sidecar.memory_reservation

The soft limit (in MiB) of memory to reserve for the container.

Type: int
Optional

sidecar.name

Name of the container.

Type: string

sidecar.protocol

The protocol used for port mapping.

Type: string
Optional

sidecar.secrets

Secrets to expose to this container.

Type: map of string to string
Optional

sidecar.static_environment

Environment variables to expose to this container.

Type: map of string to string
Optional

Optional Parameters

These parameters are used in the use stanza for this plugin.

alb (category)

Provides additional configuration for using an ALB with ECS.

alb.certificate

The ARN of an AWS Certificate Manager cert to associate with the ALB.

Type: string
Optional

alb.domain_name

Fully qualified domain name to set for the ALB.

Set along with zone_id to have DNS automatically setup for the ALB. this value should include the full hostname and domain name, for instance app.example.com.

Type: string
Optional

alb.ingress_port

Internet-facing traffic port. Defaults to 80 if 'certificate' is unset, 443 if set.

Used to set the ALB listener port, and the ALB security group ingress port.

Type: int64
Optional

alb.internal

Whether or not the created ALB should be internal.

Used when listener_arn is not set. If set, the created ALB will have a scheme of internal, otherwise by default it has a scheme of internet-facing.

Type: bool
Optional

alb.listener_arn

The ARN on an existing ALB to configure.

When this is set, no ALB or Listener is created. Instead the application is configured by manipulating this existing Listener. This allows users to configure their ALB outside waypoint but still have waypoint hook the application to that ALB.

Type: string
Optional

alb.security_group_ids

Type: list of string
Optional

alb.subnets

The VPC subnets to use for the ALB.

Type: list of string
Optional
Default: public subnets in the default VPC

alb.zone_id

Route53 ZoneID to create a DNS record into.

Set along with alb.domain_name to have DNS automatically setup for the ALB.

Type: string
Optional

architecture

The instruction set CPU architecture that the Amazon ECS supports. Valid values are: "x86_64", "arm64".

Type: string
Optional

assign_public_ip

Assign a public ip address to tasks. Defaults to true. Ignored if using an ec2 cluster.

If this is set to false, deployments will fail unless tasks are able to egress to the container registry by some other means (i.e. a subnet default route to a NAT gateway).

Type: bool
Optional
Default: true

cluster

The name of the ECS cluster to deploy into.

The ECS cluster that will run the application as a Service. if there is no ECS cluster with this name, the ECS cluster will be created and configured to use Fargate to run containers.

Type: string
Optional

count

How many instances of the application should run.

Type: int
Optional

cpu

How many cpu shares the container running the application is allowed.

On Fargate, possible values for this are configured by the amount of memory the container is using. Here is a complete listing of possible values: 512MB: 256 1024MB: 256, 512 2048MB: 256, 512, 1024 3072MB: 512, 1024 4096MB: 512, 1024 5120MB: 1024 6144MB: 1024 7168MB: 1024 8192MB: 1024.

Type: int
Optional

disable_alb

Do not create a load balancer assigned to the service.

Type: bool
Optional

ec2_cluster

Indicate if the ECS cluster should be EC2 type rather than Fargate.

This controls if we should verify the ECS cluster in EC2 type. The cluster will not be created if it doesn't exist, only that there as existing cluster this is using EC2 and not Fargate.

Type: bool
Optional

execution_role_name

The name of the IAM role to use for ECS execution.

Type: string
Optional
Default: create a new exeuction IAM role based on the application name

log_group

The CloudWatchLogs log group to store container logs into.

Type: string
Optional
Default: derived from the application name

memory_reservation

Type: int
Optional

secrets

Secret key/values to pass to the ECS container.

Type: map of string to string
Optional

security_group_ids

Security Group IDs of existing security groups to use for the ECS service's network access.

List of existing group IDs to use for the ECS service's network access. If none are specified, waypoint will create one. If DisableALB is false (the default), waypoint will only allow ingress from the ALB's security group.

Type: list of string
Optional

service_port

The TCP port that the application is listening on.

Type: int64
Optional
Default: 3000

static_environment

Static environment variables to make available.

Type: map of string to string
Optional

subnets

The VPC subnets to use for the service.

You may set a list of private subnets here to prevent your tasks from being directly exposed publicly.

Type: list of string
Optional
Default: public subnets in the default VPC

task_role_name

The name of the task IAM role to assign.

If no role exists and a one or more task role policies are requested, a role with this name will be created.

Type: string
Optional

task_role_policy_arns

IAM Policy arns for attaching to the task role.

If no task role name is specified a task role with a default name will be created for this app, and these policies will be attached.

Type: list of string
Optional

Output Attributes

Output attributes can be used in your waypoint.hcl as variables via artifact or deploy.

cluster

Type: string

load_balancer_arn

Type: string

resource_state

Type: opaqueany.Any

service_arn

Type: string

target_group_arn

Type: string

task_arn

Type: string

url

Type: string

aws-ecs (task)

Launch an ECS task for on-demand tasks from the Waypoint server.

This will use the standard AWS environment variables and IAM Role information to source authentication information for AWS, using the configured task role. If no task role name is specified, Waypoint will create one with the required permissions.

Interface

Required Parameters

These parameters are used in the use stanza for this plugin.

odr_image

Docker image for the Waypoint On-Demand Runners.

Docker image for the Waypoint On-Demand Runners. This will default to the server image with the name (not label) suffixed with '-odr'.".

security_group_id

Security Group ID to place the On-Demand Runner task in.

Security Group ID to place the On-Demand Runner task in. This defaults to the security group used for the Waypoint server.

Type: string

subnets

List of subnets to place the On-Demand Runner task in.

List of subnets to place the On-Demand Runner task in. This defaults to the list of subnets configured for the Waypoint server and must be either identical or a subset of the subnets used by the Waypoint server.

Type: string

Optional Parameters

These parameters are used in the use stanza for this plugin.

cluster

Cluster name to place On-Demand runner tasks in.

ECS Cluster to place On-Demand runners in. This defaults to the cluster used by the Waypoint server.

Type: string
Optional

execution_role_name

The name of the AWS IAM role to apply to the task's Execution Role.

ExecutionRoleName is the name of the AWS IAM role to apply to the task's Execution Role. At this time we reuse the same Role as the Waypoint server Execution Role.

Type: string
Optional

log_group

Cloud Watch Log Group to use for On-Demand Runners.

Cloud Watch Log Group to use for On-Demand Runners. Defaults to the log group used for runners (waypoint-runner).

Type: string
Optional

odr_cpu

CPU to use for the On-Demand runners.

Configure the CPU for the On-Demand runners. The default is 512. See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html for valid values.

Type: string
Optional

odr_memory

Memory to use for the On-Demand runners.

Configure the memory for the On-Demand runners. The default is 1024. See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html for valid values.

Type: string
Optional

region

AWS Region to use.

AWS region to use. Defaults to the region used for the Waypoint Server.

Type: string
Optional

task_role_name

The name of the AWS IAM role to apply to the task's Task Role.

TaskRoleName is the name of the AWS IAM role to apply to the task. This role determines the privileges the ODR builder. If no role name is given, an IAM role will be created with the required policies.

Type: string
Optional

Output Attributes

Output attributes can be used in your waypoint.hcl as variables via artifact or deploy.

id

Type: string