Waypoint Home

»AWS ECS

For a step by step tutorial, visit HashiCorp Learn.

»Builders

ECS uses Docker images for building, which are generated by these builders:

»aws-ecr (registry)

Store a docker image within an Elastic Container Registry on AWS.

»Interface

  • Input: docker.Image
  • Output: ecr.Image

»Examples

registry {
    use "aws-ecr" {
      region = "us-east-1"
      tag = "latest"
    }
}

registry {
    use "aws-ecr" {
      region = "us-east-1"
      tag = "latest"
    }
}

»Mappers

»Allow an ECR Image to be used as a standard docker.Image

  • Input: ecr.Image
  • Output: docker.Image

»Required Parameters

These parameters are used in the use stanza for this plugin.

»tag

The docker tag to assign to the new image.

  • Type: string

»Optional Parameters

These parameters are used in the use stanza for this plugin.

»region

The AWS region the ECR repository is in.

If not set uses the environment variable AWS_REGION or AWS_REGION_DEFAULT.

  • Type: string
  • Optional
  • Environment Variable: AWS_REGION_DEFAULT

»repository

The ECR repository to store the image into.

This defaults to waypoint- then the application name. The repository will be automatically created if needed.

  • Type: string
  • Optional

»Output Attributes

Output attributes can be used in your waypoint.hcl as variables via artifact or deploy.

»architecture

  • Type: string

»image

  • Type: string

»tag

  • Type: string

»aws-ecs (platform)

Deploy the application into an ECS cluster on AWS.

»Interface

  • Input: docker.Image
  • Output: ecs.Deployment

»Examples

deploy {
  use "aws-ecs" {
    region = "us-east-1"
    memory = 512
  }
}

deploy {
  use "aws-ecs" {
    region = "us-east-1"
    memory = 512
  }
}

»Required Parameters

These parameters are used in the use stanza for this plugin.

»logging (category)

Provides additional configuration for logging flags for ECS.

Part of the ecs task definition. These configuration flags help control how the awslogs log driver is configured.

»logging.create_group

Enables creation of the aws logs group if not present.

  • Type: bool
  • Optional
»logging.datetime_format

Defines the multiline start pattern in Python strftime format.

  • Type: string
  • Optional
»logging.max_buffer_size

When using non-blocking logging mode, this is the buffer size for message storage.

  • Type: string
  • Optional
»logging.mode

Delivery method for log messages, either 'blocking' or 'non-blocking'.

  • Type: string
  • Optional
»logging.multiline_pattern

Defines the multiline start pattern using a regular expression.

  • Type: string
  • Optional
»logging.region

The region the logs are to be shipped to.

»logging.stream_prefix

Prefix for application in cloudwatch logs path.

  • Type: string
  • Optional
  • Default: Generated based off timestamp

»memory

How much memory to assign to the container running the application.

When running in Fargate, this must be one of a few values, specified in MB: 512, 1024, 2048, 3072, 4096, 5120, and up to 16384 in increments of 1024. The memory value also controls the possible values for cpu.

  • Type: int

»region

The AWS region for the ECS cluster.

  • Type: string

»sidecar (category)

Additional container to run as a sidecar.

This runs additional containers in addition to the main container that comes from the build phase.

»sidecar.container_port

The port number for the container.

  • Type: int
  • Optional
»sidecar.health_check
  • Type: ecs.HealthCheckConfig
»sidecar.host_port

The port number on the host to reserve for the container.

  • Type: int
  • Optional
»sidecar.image

Image of the sidecar container.

  • Type: string
»sidecar.memory

The amount (in MiB) of memory to present to the container.

  • Type: int
  • Optional
»sidecar.memory_reservation

The soft limit (in MiB) of memory to reserve for the container.

  • Type: int
  • Optional
»sidecar.name

Name of the container.

  • Type: string
»sidecar.protocol

The protocol used for port mapping.

  • Type: string
  • Optional
»sidecar.secrets

Secrets to expose to this container.

  • Type: map of string to string
  • Optional
»sidecar.static_environment

Environment variables to expose to this container.

  • Type: map of string to string
  • Optional

»Optional Parameters

These parameters are used in the use stanza for this plugin.

»alb (category)

Provides additional configuration for using an ALB with ECS.

»alb.certificate

The ARN of an AWS Certificate Manager cert to associate with the ALB.

  • Type: string
  • Optional
»alb.domain_name

Fully qualified domain name to set for the ALB.

Set along with zone_id to have DNS automatically setup for the ALB. this value should include the full hostname and domain name, for instance app.example.com.

  • Type: string
  • Optional
»alb.ingress_port

Internet-facing traffic port. Defaults to 80 if 'certificate' is unset, 443 if set.

Used to set the ALB listener port, and the ALB security group ingress port.

  • Type: int64
  • Optional
»alb.internal

Whether or not the created ALB should be internal.

Used when listener_arn is not set. If set, the created ALB will have a scheme of internal, otherwise by default it has a scheme of internet-facing.

  • Type: bool
  • Optional
»alb.listener_arn

The ARN on an existing ALB to configure.

When this is set, no ALB or Listener is created. Instead the application is configured by manipulating this existing Listener. This allows users to configure their ALB outside waypoint but still have waypoint hook the application to that ALB.

  • Type: string
  • Optional
»alb.subnets

The VPC subnets to use for the ALB.

  • Type: list of string
  • Optional
  • Default: public subnets in the default VPC
»alb.zone_id

Route53 ZoneID to create a DNS record into.

Set along with alb.domain_name to have DNS automatically setup for the ALB.

  • Type: string
  • Optional

»architecture

The instruction set CPU architecture that the Amazon ECS supports. Valid values are: "x86_64", "arm64".

  • Type: string
  • Optional

»assign_public_ip

Assign a public ip address to tasks. Defaults to true. Ignored if using an ec2 cluster.

If this is set to false, deployments will fail unless tasks are able to egress to the container registry by some other means (i.e. a subnet default route to a NAT gateway).

  • Type: bool
  • Optional
  • Default: true

»cluster

The name of the ECS cluster to deploy into.

The ECS cluster that will run the application as a Service. if there is no ECS cluster with this name, the ECS cluster will be created and configured to use Fargate to run containers.

  • Type: string
  • Optional

»count

How many instances of the application should run.

  • Type: int
  • Optional

»cpu

How many cpu shares the container running the application is allowed.

On Fargate, possible values for this are configured by the amount of memory the container is using. Here is a complete listing of possible values: 512MB: 256 1024MB: 256, 512 2048MB: 256, 512, 1024 3072MB: 512, 1024 4096MB: 512, 1024 5120MB: 1024 6144MB: 1024 7168MB: 1024 8192MB: 1024.

  • Type: int
  • Optional

»disable_alb

Do not create a load balancer assigned to the service.

  • Type: bool
  • Optional

»ec2_cluster

Indicate if the ECS cluster should be EC2 type rather than Fargate.

This controls if we should verify the ECS cluster in EC2 type. The cluster will not be created if it doesn't exist, only that there as existing cluster this is using EC2 and not Fargate.

  • Type: bool
  • Optional

»execution_role_name

The name of the IAM role to use for ECS execution.

  • Type: string
  • Optional
  • Default: create a new exeuction IAM role based on the application name

»log_group

The CloudWatchLogs log group to store container logs into.

  • Type: string
  • Optional
  • Default: derived from the application name

»memory_reservation

  • Type: int
  • Optional

»secrets

Secret key/values to pass to the ECS container.

  • Type: map of string to string
  • Optional

»security_group_ids

Security Group IDs of existing security groups to use for the ECS service's network access.

List of existing group IDs to use for the ECS service's network access. If none are specified, waypoint will create one. If DisableALB is false (the default), waypoint will only allow ingress from the ALB's security group.

  • Type: list of string
  • Optional

»service_port

The TCP port that the application is listening on.

  • Type: int64
  • Optional
  • Default: 3000

»static_environment

Static environment variables to make available.

  • Type: map of string to string
  • Optional

»subnets

The VPC subnets to use for the service.

You may set a list of private subnets here to prevent your tasks from being directly exposed publicly.

  • Type: list of string
  • Optional
  • Default: public subnets in the default VPC

»task_role_name

The name of the task IAM role to assign.

If no role exists and a one or more task role policies are requested, a role with this name will be created.

  • Type: string
  • Optional

»task_role_policy_arns

IAM Policy arns for attaching to the task role.

If no task role name is specified a task role with a default name will be created for this app, and these policies will be attached.

  • Type: list of string
  • Optional

»Output Attributes

Output attributes can be used in your waypoint.hcl as variables via artifact or deploy.

»cluster

  • Type: string

»load_balancer_arn

  • Type: string

»resource_state

  • Type: opaqueany.Any

»service_arn

  • Type: string

»target_group_arn

  • Type: string

»task_arn

  • Type: string

»url

  • Type: string

»aws-ecs (task)

Launch an ECS task for on-demand tasks from the Waypoint server.

This will use the standard AWS environment variables and IAM Role information to source authentication information for AWS, using the configured task role. If no task role name is specified, Waypoint will create one with the required permissions.

»Interface

»Required Parameters

These parameters are used in the use stanza for this plugin.

»odr_image

Docker image for the Waypoint On-Demand Runners.

Docker image for the Waypoint On-Demand Runners. This will default to the server image with the name (not label) suffixed with '-odr'.".

»security_group_id

Security Group ID to place the On-Demand Runner task in.

Security Group ID to place the On-Demand Runner task in. This defaults to the security group used for the Waypoint server.

  • Type: string

»subnets

List of subnets to place the On-Demand Runner task in.

List of subnets to place the On-Demand Runner task in. This defaults to the list of subnets configured for the Waypoint server and must be either identical or a subset of the subnets used by the Waypoint server.

  • Type: string

»Optional Parameters

These parameters are used in the use stanza for this plugin.

»cluster

Cluster name to place On-Demand runner tasks in.

ECS Cluster to place On-Demand runners in. This defaults to the cluster used by the Waypoint server.

  • Type: string
  • Optional

»execution_role_name

The name of the AWS IAM role to apply to the task's Execution Role.

ExecutionRoleName is the name of the AWS IAM role to apply to the task's Execution Role. At this time we reuse the same Role as the Waypoint server Execution Role.

  • Type: string
  • Optional

»log_group

Cloud Watch Log Group to use for On-Demand Runners.

Cloud Watch Log Group to use for On-Demand Runners. Defaults to the log group used for runners (waypoint-runner).

  • Type: string
  • Optional

»odr_cpu

CPU to use for the On-Demand runners.

Configure the CPU for the On-Demand runners. The default is 512. See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html for valid values.

  • Type: string
  • Optional

»odr_memory

Memory to use for the On-Demand runners.

Configure the memory for the On-Demand runners. The default is 1024. See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html for valid values.

  • Type: string
  • Optional

»region

AWS Region to use.

AWS region to use. Defaults to the region used for the Waypoint Server.

  • Type: string
  • Optional

»task_role_name

The name of the AWS IAM role to apply to the task's Task Role.

TaskRoleName is the name of the AWS IAM role to apply to the task. This role determines the privileges the ODR builder. If no role name is given, an IAM role will be created with the required policies.

  • Type: string
  • Optional

»Output Attributes

Output attributes can be used in your waypoint.hcl as variables via artifact or deploy.

»id

  • Type: string
Edit this page on GitHub