ยปAWS ECS
For a step by step tutorial, visit HashiCorp Learn.
Builders
ECS uses Docker images for building, which are generated by these builders:
aws-ecr (registry)
Store a docker image within an Elastic Container Registry on AWS.
Interface
- Input: docker.Image
- Output: ecr.Image
Examples
Mappers
Allow an ECR Image to be used as a standard docker.Image
- Input: ecr.Image
- Output: docker.Image
Required Parameters
These parameters are used in the use
stanza for this plugin.
tag
The docker tag to assign to the new image.
- Type: string
Optional Parameters
These parameters are used in the use
stanza for this plugin.
region
The AWS region the ECR repository is in.
If not set uses the environment variable AWS_REGION or AWS_REGION_DEFAULT.
- Type: string
- Optional
- Environment Variable: AWS_REGION_DEFAULT
repository
The ECR repository to store the image into.
This defaults to waypoint- then the application name. The repository will be automatically created if needed.
- Type: string
- Optional
Output Attributes
Output attributes can be used in your waypoint.hcl
as variables via artifact
or deploy
.
architecture
- Type: string
image
- Type: string
tag
- Type: string
aws-ecs (platform)
Deploy the application into an ECS cluster on AWS.
Interface
- Input: docker.Image
- Output: ecs.Deployment
Examples
Required Parameters
These parameters are used in the use
stanza for this plugin.
logging (category)
Provides additional configuration for logging flags for ECS.
Part of the ecs task definition. These configuration flags help control how the awslogs log driver is configured.
logging.create_group
Enables creation of the aws logs group if not present.
- Type: bool
- Optional
logging.datetime_format
Defines the multiline start pattern in Python strftime format.
- Type: string
- Optional
logging.max_buffer_size
When using non-blocking logging mode, this is the buffer size for message storage.
- Type: string
- Optional
logging.mode
Delivery method for log messages, either 'blocking' or 'non-blocking'.
- Type: string
- Optional
logging.multiline_pattern
Defines the multiline start pattern using a regular expression.
- Type: string
- Optional
logging.region
The region the logs are to be shipped to.
logging.stream_prefix
Prefix for application in cloudwatch logs path.
- Type: string
- Optional
- Default: Generated based off timestamp
memory
How much memory to assign to the container running the application.
When running in Fargate, this must be one of a few values, specified in MB: 512, 1024, 2048, 3072, 4096, 5120, and up to 16384 in increments of 1024. The memory value also controls the possible values for cpu.
- Type: int
region
The AWS region for the ECS cluster.
- Type: string
sidecar (category)
Additional container to run as a sidecar.
This runs additional containers in addition to the main container that comes from the build phase.
sidecar.container_port
The port number for the container.
- Type: int
- Optional
sidecar.health_check
- Type: ecs.HealthCheckConfig
sidecar.host_port
The port number on the host to reserve for the container.
- Type: int
- Optional
sidecar.image
Image of the sidecar container.
- Type: string
sidecar.memory
The amount (in MiB) of memory to present to the container.
- Type: int
- Optional
sidecar.memory_reservation
The soft limit (in MiB) of memory to reserve for the container.
- Type: int
- Optional
sidecar.name
Name of the container.
- Type: string
sidecar.protocol
The protocol used for port mapping.
- Type: string
- Optional
sidecar.secrets
Secrets to expose to this container.
- Type: map of string to string
- Optional
sidecar.static_environment
Environment variables to expose to this container.
- Type: map of string to string
- Optional
Optional Parameters
These parameters are used in the use
stanza for this plugin.
alb (category)
Provides additional configuration for using an ALB with ECS.
alb.certificate
The ARN of an AWS Certificate Manager cert to associate with the ALB.
- Type: string
- Optional
alb.domain_name
Fully qualified domain name to set for the ALB.
Set along with zone_id to have DNS automatically setup for the ALB. this value should include the full hostname and domain name, for instance app.example.com.
- Type: string
- Optional
alb.ingress_port
Internet-facing traffic port. Defaults to 80 if 'certificate' is unset, 443 if set.
Used to set the ALB listener port, and the ALB security group ingress port.
- Type: int64
- Optional
alb.internal
Whether or not the created ALB should be internal.
Used when listener_arn is not set. If set, the created ALB will have a scheme of internal
, otherwise by default it has a scheme of internet-facing
.
- Type: bool
- Optional
alb.listener_arn
The ARN on an existing ALB to configure.
When this is set, no ALB or Listener is created. Instead the application is configured by manipulating this existing Listener. This allows users to configure their ALB outside waypoint but still have waypoint hook the application to that ALB.
- Type: string
- Optional
alb.security_group_ids
- Type: list of string
- Optional
alb.subnets
The VPC subnets to use for the ALB.
- Type: list of string
- Optional
- Default: public subnets in the default VPC
alb.zone_id
Route53 ZoneID to create a DNS record into.
Set along with alb.domain_name to have DNS automatically setup for the ALB.
- Type: string
- Optional
architecture
The instruction set CPU architecture that the Amazon ECS supports. Valid values are: "x86_64", "arm64".
- Type: string
- Optional
assign_public_ip
Assign a public ip address to tasks. Defaults to true. Ignored if using an ec2 cluster.
If this is set to false, deployments will fail unless tasks are able to egress to the container registry by some other means (i.e. a subnet default route to a NAT gateway).
- Type: bool
- Optional
- Default: true
cluster
The name of the ECS cluster to deploy into.
The ECS cluster that will run the application as a Service. if there is no ECS cluster with this name, the ECS cluster will be created and configured to use Fargate to run containers.
- Type: string
- Optional
count
How many instances of the application should run.
- Type: int
- Optional
cpu
How many cpu shares the container running the application is allowed.
On Fargate, possible values for this are configured by the amount of memory the container is using. Here is a complete listing of possible values: 512MB: 256 1024MB: 256, 512 2048MB: 256, 512, 1024 3072MB: 512, 1024 4096MB: 512, 1024 5120MB: 1024 6144MB: 1024 7168MB: 1024 8192MB: 1024.
- Type: int
- Optional
disable_alb
Do not create a load balancer assigned to the service.
- Type: bool
- Optional
ec2_cluster
Indicate if the ECS cluster should be EC2 type rather than Fargate.
This controls if we should verify the ECS cluster in EC2 type. The cluster will not be created if it doesn't exist, only that there as existing cluster this is using EC2 and not Fargate.
- Type: bool
- Optional
execution_role_name
The name of the IAM role to use for ECS execution.
- Type: string
- Optional
- Default: create a new exeuction IAM role based on the application name
log_group
The CloudWatchLogs log group to store container logs into.
- Type: string
- Optional
- Default: derived from the application name
memory_reservation
- Type: int
- Optional
secrets
Secret key/values to pass to the ECS container.
- Type: map of string to string
- Optional
security_group_ids
Security Group IDs of existing security groups to use for the ECS service's network access.
List of existing group IDs to use for the ECS service's network access. If none are specified, waypoint will create one. If DisableALB is false (the default), waypoint will only allow ingress from the ALB's security group.
- Type: list of string
- Optional
service_port
The TCP port that the application is listening on.
- Type: int64
- Optional
- Default: 3000
static_environment
Static environment variables to make available.
- Type: map of string to string
- Optional
subnets
The VPC subnets to use for the service.
You may set a list of private subnets here to prevent your tasks from being directly exposed publicly.
- Type: list of string
- Optional
- Default: public subnets in the default VPC
task_role_name
The name of the task IAM role to assign.
If no role exists and a one or more task role policies are requested, a role with this name will be created.
- Type: string
- Optional
task_role_policy_arns
IAM Policy arns for attaching to the task role.
If no task role name is specified a task role with a default name will be created for this app, and these policies will be attached.
- Type: list of string
- Optional
Output Attributes
Output attributes can be used in your waypoint.hcl
as variables via artifact
or deploy
.
cluster
- Type: string
load_balancer_arn
- Type: string
resource_state
- Type: opaqueany.Any
service_arn
- Type: string
target_group_arn
- Type: string
task_arn
- Type: string
url
- Type: string
aws-ecs (task)
Launch an ECS task for on-demand tasks from the Waypoint server.
This will use the standard AWS environment variables and IAM Role information to source authentication information for AWS, using the configured task role. If no task role name is specified, Waypoint will create one with the required permissions.
Interface
Required Parameters
These parameters are used in the use
stanza for this plugin.
odr_image
Docker image for the Waypoint On-Demand Runners.
Docker image for the Waypoint On-Demand Runners. This will default to the server image with the name (not label) suffixed with '-odr'.".
security_group_id
Security Group ID to place the On-Demand Runner task in.
Security Group ID to place the On-Demand Runner task in. This defaults to the security group used for the Waypoint server.
- Type: string
subnets
List of subnets to place the On-Demand Runner task in.
List of subnets to place the On-Demand Runner task in. This defaults to the list of subnets configured for the Waypoint server and must be either identical or a subset of the subnets used by the Waypoint server.
- Type: string
Optional Parameters
These parameters are used in the use
stanza for this plugin.
cluster
Cluster name to place On-Demand runner tasks in.
ECS Cluster to place On-Demand runners in. This defaults to the cluster used by the Waypoint server.
- Type: string
- Optional
execution_role_name
The name of the AWS IAM role to apply to the task's Execution Role.
ExecutionRoleName is the name of the AWS IAM role to apply to the task's Execution Role. At this time we reuse the same Role as the Waypoint server Execution Role.
- Type: string
- Optional
log_group
Cloud Watch Log Group to use for On-Demand Runners.
Cloud Watch Log Group to use for On-Demand Runners. Defaults to the log group used for runners (waypoint-runner).
- Type: string
- Optional
odr_cpu
CPU to use for the On-Demand runners.
Configure the CPU for the On-Demand runners. The default is 512. See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html for valid values.
- Type: string
- Optional
odr_memory
Memory to use for the On-Demand runners.
Configure the memory for the On-Demand runners. The default is 1024. See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html for valid values.
- Type: string
- Optional
region
AWS Region to use.
AWS region to use. Defaults to the region used for the Waypoint Server.
- Type: string
- Optional
task_role_name
The name of the AWS IAM role to apply to the task's Task Role.
TaskRoleName is the name of the AWS IAM role to apply to the task. This role determines the privileges the ODR builder. If no role name is given, an IAM role will be created with the required policies.
- Type: string
- Optional
Output Attributes
Output attributes can be used in your waypoint.hcl
as variables via artifact
or deploy
.
id
- Type: string