aws-cdk-lib.aws_ecs.CfnTaskDefinition

class CfnTaskDefinition (construct)

LanguageType name
.NETAmazon.CDK.AWS.ECS.CfnTaskDefinition
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsecs#CfnTaskDefinition
Javasoftware.amazon.awscdk.services.ecs.CfnTaskDefinition
Pythonaws_cdk.aws_ecs.CfnTaskDefinition
TypeScript aws-cdk-lib » aws_ecs » CfnTaskDefinition

Implements IConstruct, IDependable, IInspectable

A CloudFormation AWS::ECS::TaskDefinition.

The details of a task definition which describes the container and volume definitions of an Amazon Elastic Container Service task. You can specify which Docker images to use, the required resources, and other configurations related to launching the task definition through an Amazon ECS service or task.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_ecs as ecs } from 'aws-cdk-lib';
const cfnTaskDefinition = new ecs.CfnTaskDefinition(this, 'MyCfnTaskDefinition', /* all optional props */ {
  containerDefinitions: [{
    image: 'image',
    name: 'name',

    // the properties below are optional
    command: ['command'],
    cpu: 123,
    dependsOn: [{
      condition: 'condition',
      containerName: 'containerName',
    }],
    disableNetworking: false,
    dnsSearchDomains: ['dnsSearchDomains'],
    dnsServers: ['dnsServers'],
    dockerLabels: {
      dockerLabelsKey: 'dockerLabels',
    },
    dockerSecurityOptions: ['dockerSecurityOptions'],
    entryPoint: ['entryPoint'],
    environment: [{
      name: 'name',
      value: 'value',
    }],
    environmentFiles: [{
      type: 'type',
      value: 'value',
    }],
    essential: false,
    extraHosts: [{
      hostname: 'hostname',
      ipAddress: 'ipAddress',
    }],
    firelensConfiguration: {
      options: {
        optionsKey: 'options',
      },
      type: 'type',
    },
    healthCheck: {
      command: ['command'],
      interval: 123,
      retries: 123,
      startPeriod: 123,
      timeout: 123,
    },
    hostname: 'hostname',
    interactive: false,
    links: ['links'],
    linuxParameters: {
      capabilities: {
        add: ['add'],
        drop: ['drop'],
      },
      devices: [{
        containerPath: 'containerPath',
        hostPath: 'hostPath',
        permissions: ['permissions'],
      }],
      initProcessEnabled: false,
      maxSwap: 123,
      sharedMemorySize: 123,
      swappiness: 123,
      tmpfs: [{
        size: 123,

        // the properties below are optional
        containerPath: 'containerPath',
        mountOptions: ['mountOptions'],
      }],
    },
    logConfiguration: {
      logDriver: 'logDriver',

      // the properties below are optional
      options: {
        optionsKey: 'options',
      },
      secretOptions: [{
        name: 'name',
        valueFrom: 'valueFrom',
      }],
    },
    memory: 123,
    memoryReservation: 123,
    mountPoints: [{
      containerPath: 'containerPath',
      readOnly: false,
      sourceVolume: 'sourceVolume',
    }],
    portMappings: [{
      appProtocol: 'appProtocol',
      containerPort: 123,
      containerPortRange: 'containerPortRange',
      hostPort: 123,
      name: 'name',
      protocol: 'protocol',
    }],
    privileged: false,
    pseudoTerminal: false,
    readonlyRootFilesystem: false,
    repositoryCredentials: {
      credentialsParameter: 'credentialsParameter',
    },
    resourceRequirements: [{
      type: 'type',
      value: 'value',
    }],
    secrets: [{
      name: 'name',
      valueFrom: 'valueFrom',
    }],
    startTimeout: 123,
    stopTimeout: 123,
    systemControls: [{
      namespace: 'namespace',
      value: 'value',
    }],
    ulimits: [{
      hardLimit: 123,
      name: 'name',
      softLimit: 123,
    }],
    user: 'user',
    volumesFrom: [{
      readOnly: false,
      sourceContainer: 'sourceContainer',
    }],
    workingDirectory: 'workingDirectory',
  }],
  cpu: 'cpu',
  ephemeralStorage: {
    sizeInGiB: 123,
  },
  executionRoleArn: 'executionRoleArn',
  family: 'family',
  inferenceAccelerators: [{
    deviceName: 'deviceName',
    deviceType: 'deviceType',
  }],
  ipcMode: 'ipcMode',
  memory: 'memory',
  networkMode: 'networkMode',
  pidMode: 'pidMode',
  placementConstraints: [{
    type: 'type',

    // the properties below are optional
    expression: 'expression',
  }],
  proxyConfiguration: {
    containerName: 'containerName',

    // the properties below are optional
    proxyConfigurationProperties: [{
      name: 'name',
      value: 'value',
    }],
    type: 'type',
  },
  requiresCompatibilities: ['requiresCompatibilities'],
  runtimePlatform: {
    cpuArchitecture: 'cpuArchitecture',
    operatingSystemFamily: 'operatingSystemFamily',
  },
  tags: [{
    key: 'key',
    value: 'value',
  }],
  taskRoleArn: 'taskRoleArn',
  volumes: [{
    dockerVolumeConfiguration: {
      autoprovision: false,
      driver: 'driver',
      driverOpts: {
        driverOptsKey: 'driverOpts',
      },
      labels: {
        labelsKey: 'labels',
      },
      scope: 'scope',
    },
    efsVolumeConfiguration: {
      filesystemId: 'filesystemId',

      // the properties below are optional
      authorizationConfig: {
        accessPointId: 'accessPointId',
        iam: 'iam',
      },
      rootDirectory: 'rootDirectory',
      transitEncryption: 'transitEncryption',
      transitEncryptionPort: 123,
    },
    host: {
      sourcePath: 'sourcePath',
    },
    name: 'name',
  }],
});

Initializer

new CfnTaskDefinition(scope: Construct, id: string, props?: CfnTaskDefinitionProps)

Parameters

  • scope Construct — - scope in which this resource is defined.
  • id string — - scoped id of the resource.
  • props CfnTaskDefinitionProps — - resource properties.

Create a new AWS::ECS::TaskDefinition.

Construct Props

NameTypeDescription
containerDefinitions?IResolvable | IResolvable | ContainerDefinitionProperty[]A list of container definitions in JSON format that describe the different containers that make up your task.
cpu?stringThe number of cpu units used by the task.
ephemeralStorage?IResolvable | EphemeralStoragePropertyThe ephemeral storage settings to use for tasks run with the task definition.
executionRoleArn?stringThe Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf.
family?stringThe name of a family that this task definition is registered to.
inferenceAccelerators?IResolvable | IResolvable | InferenceAcceleratorProperty[]The Elastic Inference accelerators to use for the containers in the task.
ipcMode?stringThe IPC resource namespace to use for the containers in the task.
memory?stringThe amount (in MiB) of memory used by the task.
networkMode?stringThe Docker networking mode to use for the containers in the task.
pidMode?stringThe process namespace to use for the containers in the task.
placementConstraints?IResolvable | IResolvable | TaskDefinitionPlacementConstraintProperty[]An array of placement constraint objects to use for tasks.
proxyConfiguration?IResolvable | ProxyConfigurationPropertyThe configuration details for the App Mesh proxy.
requiresCompatibilities?string[]The task launch types the task definition was validated against.
runtimePlatform?IResolvable | RuntimePlatformPropertyThe operating system that your tasks definitions run on.
tags?CfnTag[]The metadata that you apply to the task definition to help you categorize and organize them.
taskRoleArn?stringThe short name or full Amazon Resource Name (ARN) of the AWS Identity and Access Management role that grants containers in the task permission to call AWS APIs on your behalf.
volumes?IResolvable | IResolvable | VolumeProperty[]The list of data volume definitions for the task.

containerDefinitions?

Type: IResolvable | IResolvable | ContainerDefinitionProperty[] (optional)

A list of container definitions in JSON format that describe the different containers that make up your task.

For more information about container definition parameters and defaults, see Amazon ECS Task Definitions in the Amazon Elastic Container Service Developer Guide .


cpu?

Type: string (optional)

The number of cpu units used by the task.

If you use the EC2 launch type, this field is optional. Any value can be used. If you use the Fargate launch type, this field is required. You must use one of the following values. The value that you choose determines your range of valid values for the memory parameter.

The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate.

  • 256 (.25 vCPU) - Available memory values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB)
  • 512 (.5 vCPU) - Available memory values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB)
  • 1024 (1 vCPU) - Available memory values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB)
  • 2048 (2 vCPU) - Available memory values: 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB)
  • 4096 (4 vCPU) - Available memory values: 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB)
  • 8192 (8 vCPU) - Available memory values: 16 GB and 60 GB in 4 GB increments

This option requires Linux platform 1.4.0 or later.

  • 16384 (16vCPU) - Available memory values: 32GB and 120 GB in 8 GB increments

This option requires Linux platform 1.4.0 or later.


ephemeralStorage?

Type: IResolvable | EphemeralStorageProperty (optional)

The ephemeral storage settings to use for tasks run with the task definition.


executionRoleArn?

Type: string (optional)

The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf.

The task execution IAM role is required depending on the requirements of your task. For more information, see Amazon ECS task execution IAM role in the Amazon Elastic Container Service Developer Guide .


family?

Type: string (optional)

The name of a family that this task definition is registered to.

Up to 255 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed.

A family groups multiple versions of a task definition. Amazon ECS gives the first task definition that you registered to a family a revision number of 1. Amazon ECS gives sequential revision numbers to each task definition that you add.

To use revision numbers when you update a task definition, specify this property. If you don't specify a value, AWS CloudFormation generates a new task definition each time that you update it.


inferenceAccelerators?

Type: IResolvable | IResolvable | InferenceAcceleratorProperty[] (optional)

The Elastic Inference accelerators to use for the containers in the task.


ipcMode?

Type: string (optional)

The IPC resource namespace to use for the containers in the task.

The valid values are host , task , or none . If host is specified, then all containers within the tasks that specified the host IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If task is specified, all containers within the specified task share the same IPC resources. If none is specified, then IPC resources within the containers of a task are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance. For more information, see IPC settings in the Docker run reference .

If the host IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose. For more information, see Docker security .

If you are setting namespaced kernel parameters using systemControls for the containers in the task, the following will apply to your IPC resource namespace. For more information, see System Controls in the Amazon Elastic Container Service Developer Guide .

  • For tasks that use the host IPC mode, IPC namespace related systemControls are not supported.
  • For tasks that use the task IPC mode, IPC namespace related systemControls will apply to all containers within a task.

This parameter is not supported for Windows containers or tasks run on AWS Fargate .


memory?

Type: string (optional)

The amount (in MiB) of memory used by the task.

If your tasks runs on Amazon EC2 instances, you must specify either a task-level memory value or a container-level memory value. This field is optional and any value can be used. If a task-level memory value is specified, the container-level memory value is optional. For more information regarding container-level memory and memory reservation, see ContainerDefinition .

If your tasks runs on AWS Fargate , this field is required. You must use one of the following values. The value you choose determines your range of valid values for the cpu parameter.

  • 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - Available cpu values: 256 (.25 vCPU)
  • 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - Available cpu values: 512 (.5 vCPU)
  • 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - Available cpu values: 1024 (1 vCPU)
  • Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - Available cpu values: 2048 (2 vCPU)
  • Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - Available cpu values: 4096 (4 vCPU)
  • Between 16 GB and 60 GB in 4 GB increments - Available cpu values: 8192 (8 vCPU)

This option requires Linux platform 1.4.0 or later.

  • Between 32GB and 120 GB in 8 GB increments - Available cpu values: 16384 (16 vCPU)

This option requires Linux platform 1.4.0 or later.


networkMode?

Type: string (optional)

The Docker networking mode to use for the containers in the task.

The valid values are none , bridge , awsvpc , and host . If no network mode is specified, the default is bridge .

For Amazon ECS tasks on Fargate, the awsvpc network mode is required. For Amazon ECS tasks on Amazon EC2 Linux instances, any network mode can be used. For Amazon ECS tasks on Amazon EC2 Windows instances, <default> or awsvpc can be used. If the network mode is set to none , you cannot specify port mappings in your container definitions, and the tasks containers do not have external connectivity. The host and awsvpc network modes offer the highest networking performance for containers because they use the EC2 network stack instead of the virtualized network stack provided by the bridge mode.

With the host and awsvpc network modes, exposed container ports are mapped directly to the corresponding host port (for the host network mode) or the attached elastic network interface port (for the awsvpc network mode), so you cannot take advantage of dynamic host port mappings.

When using the host network mode, you should not run containers using the root user (UID 0). It is considered best practice to use a non-root user.

If the network mode is awsvpc , the task is allocated an elastic network interface, and you must specify a NetworkConfiguration value when you create a service or run a task with the task definition. For more information, see Task Networking in the Amazon Elastic Container Service Developer Guide .

If the network mode is host , you cannot run multiple instantiations of the same task on a single container instance when port mappings are used.

For more information, see Network settings in the Docker run reference .


pidMode?

Type: string (optional)

The process namespace to use for the containers in the task.

The valid values are host or task . If host is specified, then all containers within the tasks that specified the host PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance. If task is specified, all containers within the specified task share the same process namespace. If no value is specified, the default is a private namespace. For more information, see PID settings in the Docker run reference .

If the host PID mode is used, be aware that there is a heightened risk of undesired process namespace expose. For more information, see Docker security .

This parameter is not supported for Windows containers or tasks run on AWS Fargate .


placementConstraints?

Type: IResolvable | IResolvable | TaskDefinitionPlacementConstraintProperty[] (optional)

An array of placement constraint objects to use for tasks.

This parameter isn't supported for tasks run on AWS Fargate .


proxyConfiguration?

Type: IResolvable | ProxyConfigurationProperty (optional)

The configuration details for the App Mesh proxy.

Your Amazon ECS container instances require at least version 1.26.0 of the container agent and at least version 1.26.0-1 of the ecs-init package to use a proxy configuration. If your container instances are launched from the Amazon ECS optimized AMI version 20190301 or later, they contain the required versions of the container agent and ecs-init . For more information, see Amazon ECS-optimized Linux AMI in the Amazon Elastic Container Service Developer Guide .


requiresCompatibilities?

Type: string[] (optional)

The task launch types the task definition was validated against.

For more information, see Amazon ECS launch types in the Amazon Elastic Container Service Developer Guide .


runtimePlatform?

Type: IResolvable | RuntimePlatformProperty (optional)

The operating system that your tasks definitions run on.

A platform family is specified only for tasks using the Fargate launch type.

When you specify a task definition in a service, this value must match the runtimePlatform value of the service.


tags?

Type: CfnTag[] (optional)

The metadata that you apply to the task definition to help you categorize and organize them.

Each tag consists of a key and an optional value. You define both of them.

The following basic restrictions apply to tags:

  • Maximum number of tags per resource - 50
  • For each resource, each tag key must be unique, and each tag key can have only one value.
  • Maximum key length - 128 Unicode characters in UTF-8
  • Maximum value length - 256 Unicode characters in UTF-8
  • If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.
  • Tag keys and values are case-sensitive.
  • Do not use aws: , AWS: , or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.

taskRoleArn?

Type: string (optional)

The short name or full Amazon Resource Name (ARN) of the AWS Identity and Access Management role that grants containers in the task permission to call AWS APIs on your behalf.

For more information, see Amazon ECS Task Role in the Amazon Elastic Container Service Developer Guide .

IAM roles for tasks on Windows require that the -EnableTaskIAMRole option is set when you launch the Amazon ECS-optimized Windows AMI. Your containers must also run some configuration code to use the feature. For more information, see Windows IAM roles for tasks in the Amazon Elastic Container Service Developer Guide .


volumes?

Type: IResolvable | IResolvable | VolumeProperty[] (optional)

The list of data volume definitions for the task.

For more information, see Using data volumes in tasks in the Amazon Elastic Container Service Developer Guide .

The host and sourcePath parameters aren't supported for tasks run on AWS Fargate .

Properties

NameTypeDescription
attrTaskDefinitionArnstring
cfnOptionsICfnResourceOptionsOptions for this resource, such as condition, update policy etc.
cfnProperties{ [string]: any }
cfnResourceTypestringAWS resource type.
creationStackstring[]
logicalIdstringThe logical ID for this CloudFormation stack element.
nodeNodeThe tree node.
refstringReturn a string that will be resolved to a CloudFormation { Ref } for this element.
stackStackThe stack in which this element is defined.
tagsTagManagerThe metadata that you apply to the task definition to help you categorize and organize them.
containerDefinitions?IResolvable | IResolvable | ContainerDefinitionProperty[]A list of container definitions in JSON format that describe the different containers that make up your task.
cpu?stringThe number of cpu units used by the task.
ephemeralStorage?IResolvable | EphemeralStoragePropertyThe ephemeral storage settings to use for tasks run with the task definition.
executionRoleArn?stringThe Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf.
family?stringThe name of a family that this task definition is registered to.
inferenceAccelerators?IResolvable | IResolvable | InferenceAcceleratorProperty[]The Elastic Inference accelerators to use for the containers in the task.
ipcMode?stringThe IPC resource namespace to use for the containers in the task.
memory?stringThe amount (in MiB) of memory used by the task.
networkMode?stringThe Docker networking mode to use for the containers in the task.
pidMode?stringThe process namespace to use for the containers in the task.
placementConstraints?IResolvable | IResolvable | TaskDefinitionPlacementConstraintProperty[]An array of placement constraint objects to use for tasks.
proxyConfiguration?IResolvable | ProxyConfigurationPropertyThe configuration details for the App Mesh proxy.
requiresCompatibilities?string[]The task launch types the task definition was validated against.
runtimePlatform?IResolvable | RuntimePlatformPropertyThe operating system that your tasks definitions run on.
taskRoleArn?stringThe short name or full Amazon Resource Name (ARN) of the AWS Identity and Access Management role that grants containers in the task permission to call AWS APIs on your behalf.
volumes?IResolvable | IResolvable | VolumeProperty[]The list of data volume definitions for the task.
static CFN_RESOURCE_TYPE_NAMEstringThe CloudFormation resource type name for this resource class.

attrTaskDefinitionArn

Type: string


cfnOptions

Type: ICfnResourceOptions

Options for this resource, such as condition, update policy etc.


cfnProperties

Type: { [string]: any }


cfnResourceType

Type: string

AWS resource type.


creationStack

Type: string[]


logicalId

Type: string

The logical ID for this CloudFormation stack element.

The logical ID of the element is calculated from the path of the resource node in the construct tree.

To override this value, use overrideLogicalId(newLogicalId).


node

Type: Node

The tree node.


ref

Type: string

Return a string that will be resolved to a CloudFormation { Ref } for this element.

If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through Lazy.any({ produce: resource.ref }).


stack

Type: Stack

The stack in which this element is defined.

CfnElements must be defined within a stack scope (directly or indirectly).


tags

Type: TagManager

The metadata that you apply to the task definition to help you categorize and organize them.

Each tag consists of a key and an optional value. You define both of them.

The following basic restrictions apply to tags:

  • Maximum number of tags per resource - 50
  • For each resource, each tag key must be unique, and each tag key can have only one value.
  • Maximum key length - 128 Unicode characters in UTF-8
  • Maximum value length - 256 Unicode characters in UTF-8
  • If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.
  • Tag keys and values are case-sensitive.
  • Do not use aws: , AWS: , or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.

containerDefinitions?

Type: IResolvable | IResolvable | ContainerDefinitionProperty[] (optional)

A list of container definitions in JSON format that describe the different containers that make up your task.

For more information about container definition parameters and defaults, see Amazon ECS Task Definitions in the Amazon Elastic Container Service Developer Guide .


cpu?

Type: string (optional)

The number of cpu units used by the task.

If you use the EC2 launch type, this field is optional. Any value can be used. If you use the Fargate launch type, this field is required. You must use one of the following values. The value that you choose determines your range of valid values for the memory parameter.

The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate.

  • 256 (.25 vCPU) - Available memory values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB)
  • 512 (.5 vCPU) - Available memory values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB)
  • 1024 (1 vCPU) - Available memory values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB)
  • 2048 (2 vCPU) - Available memory values: 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB)
  • 4096 (4 vCPU) - Available memory values: 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB)
  • 8192 (8 vCPU) - Available memory values: 16 GB and 60 GB in 4 GB increments

This option requires Linux platform 1.4.0 or later.

  • 16384 (16vCPU) - Available memory values: 32GB and 120 GB in 8 GB increments

This option requires Linux platform 1.4.0 or later.


ephemeralStorage?

Type: IResolvable | EphemeralStorageProperty (optional)

The ephemeral storage settings to use for tasks run with the task definition.


executionRoleArn?

Type: string (optional)

The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf.

The task execution IAM role is required depending on the requirements of your task. For more information, see Amazon ECS task execution IAM role in the Amazon Elastic Container Service Developer Guide .


family?

Type: string (optional)

The name of a family that this task definition is registered to.

Up to 255 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed.

A family groups multiple versions of a task definition. Amazon ECS gives the first task definition that you registered to a family a revision number of 1. Amazon ECS gives sequential revision numbers to each task definition that you add.

To use revision numbers when you update a task definition, specify this property. If you don't specify a value, AWS CloudFormation generates a new task definition each time that you update it.


inferenceAccelerators?

Type: IResolvable | IResolvable | InferenceAcceleratorProperty[] (optional)

The Elastic Inference accelerators to use for the containers in the task.


ipcMode?

Type: string (optional)

The IPC resource namespace to use for the containers in the task.

The valid values are host , task , or none . If host is specified, then all containers within the tasks that specified the host IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If task is specified, all containers within the specified task share the same IPC resources. If none is specified, then IPC resources within the containers of a task are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance. For more information, see IPC settings in the Docker run reference .

If the host IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose. For more information, see Docker security .

If you are setting namespaced kernel parameters using systemControls for the containers in the task, the following will apply to your IPC resource namespace. For more information, see System Controls in the Amazon Elastic Container Service Developer Guide .

  • For tasks that use the host IPC mode, IPC namespace related systemControls are not supported.
  • For tasks that use the task IPC mode, IPC namespace related systemControls will apply to all containers within a task.

This parameter is not supported for Windows containers or tasks run on AWS Fargate .


memory?

Type: string (optional)

The amount (in MiB) of memory used by the task.

If your tasks runs on Amazon EC2 instances, you must specify either a task-level memory value or a container-level memory value. This field is optional and any value can be used. If a task-level memory value is specified, the container-level memory value is optional. For more information regarding container-level memory and memory reservation, see ContainerDefinition .

If your tasks runs on AWS Fargate , this field is required. You must use one of the following values. The value you choose determines your range of valid values for the cpu parameter.

  • 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - Available cpu values: 256 (.25 vCPU)
  • 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - Available cpu values: 512 (.5 vCPU)
  • 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - Available cpu values: 1024 (1 vCPU)
  • Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - Available cpu values: 2048 (2 vCPU)
  • Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - Available cpu values: 4096 (4 vCPU)
  • Between 16 GB and 60 GB in 4 GB increments - Available cpu values: 8192 (8 vCPU)

This option requires Linux platform 1.4.0 or later.

  • Between 32GB and 120 GB in 8 GB increments - Available cpu values: 16384 (16 vCPU)

This option requires Linux platform 1.4.0 or later.


networkMode?

Type: string (optional)

The Docker networking mode to use for the containers in the task.

The valid values are none , bridge , awsvpc , and host . If no network mode is specified, the default is bridge .

For Amazon ECS tasks on Fargate, the awsvpc network mode is required. For Amazon ECS tasks on Amazon EC2 Linux instances, any network mode can be used. For Amazon ECS tasks on Amazon EC2 Windows instances, <default> or awsvpc can be used. If the network mode is set to none , you cannot specify port mappings in your container definitions, and the tasks containers do not have external connectivity. The host and awsvpc network modes offer the highest networking performance for containers because they use the EC2 network stack instead of the virtualized network stack provided by the bridge mode.

With the host and awsvpc network modes, exposed container ports are mapped directly to the corresponding host port (for the host network mode) or the attached elastic network interface port (for the awsvpc network mode), so you cannot take advantage of dynamic host port mappings.

When using the host network mode, you should not run containers using the root user (UID 0). It is considered best practice to use a non-root user.

If the network mode is awsvpc , the task is allocated an elastic network interface, and you must specify a NetworkConfiguration value when you create a service or run a task with the task definition. For more information, see Task Networking in the Amazon Elastic Container Service Developer Guide .

If the network mode is host , you cannot run multiple instantiations of the same task on a single container instance when port mappings are used.

For more information, see Network settings in the Docker run reference .


pidMode?

Type: string (optional)

The process namespace to use for the containers in the task.

The valid values are host or task . If host is specified, then all containers within the tasks that specified the host PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance. If task is specified, all containers within the specified task share the same process namespace. If no value is specified, the default is a private namespace. For more information, see PID settings in the Docker run reference .

If the host PID mode is used, be aware that there is a heightened risk of undesired process namespace expose. For more information, see Docker security .

This parameter is not supported for Windows containers or tasks run on AWS Fargate .


placementConstraints?

Type: IResolvable | IResolvable | TaskDefinitionPlacementConstraintProperty[] (optional)

An array of placement constraint objects to use for tasks.

This parameter isn't supported for tasks run on AWS Fargate .


proxyConfiguration?

Type: IResolvable | ProxyConfigurationProperty (optional)

The configuration details for the App Mesh proxy.

Your Amazon ECS container instances require at least version 1.26.0 of the container agent and at least version 1.26.0-1 of the ecs-init package to use a proxy configuration. If your container instances are launched from the Amazon ECS optimized AMI version 20190301 or later, they contain the required versions of the container agent and ecs-init . For more information, see Amazon ECS-optimized Linux AMI in the Amazon Elastic Container Service Developer Guide .


requiresCompatibilities?

Type: string[] (optional)

The task launch types the task definition was validated against.

For more information, see Amazon ECS launch types in the Amazon Elastic Container Service Developer Guide .


runtimePlatform?

Type: IResolvable | RuntimePlatformProperty (optional)

The operating system that your tasks definitions run on.

A platform family is specified only for tasks using the Fargate launch type.

When you specify a task definition in a service, this value must match the runtimePlatform value of the service.


taskRoleArn?

Type: string (optional)

The short name or full Amazon Resource Name (ARN) of the AWS Identity and Access Management role that grants containers in the task permission to call AWS APIs on your behalf.

For more information, see Amazon ECS Task Role in the Amazon Elastic Container Service Developer Guide .

IAM roles for tasks on Windows require that the -EnableTaskIAMRole option is set when you launch the Amazon ECS-optimized Windows AMI. Your containers must also run some configuration code to use the feature. For more information, see Windows IAM roles for tasks in the Amazon Elastic Container Service Developer Guide .


volumes?

Type: IResolvable | IResolvable | VolumeProperty[] (optional)

The list of data volume definitions for the task.

For more information, see Using data volumes in tasks in the Amazon Elastic Container Service Developer Guide .

The host and sourcePath parameters aren't supported for tasks run on AWS Fargate .


static CFN_RESOURCE_TYPE_NAME

Type: string

The CloudFormation resource type name for this resource class.

Methods

NameDescription
addDeletionOverride(path)Syntactic sugar for addOverride(path, undefined).
addDependency(target)Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
addDependsOn(target)⚠️Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
addMetadata(key, value)Add a value to the CloudFormation Resource Metadata.
addOverride(path, value)Adds an override to the synthesized CloudFormation resource.
addPropertyDeletionOverride(propertyPath)Adds an override that deletes the value of a property from the resource definition.
addPropertyOverride(propertyPath, value)Adds an override to a resource property.
applyRemovalPolicy(policy?, options?)Sets the deletion policy of the resource based on the removal policy specified.
getAtt(attributeName, typeHint?)Returns a token for an runtime attribute of this resource.
getMetadata(key)Retrieve a value value from the CloudFormation Resource Metadata.
inspect(inspector)Examines the CloudFormation resource and discloses attributes.
obtainDependencies()Retrieves an array of resources this resource depends on.
obtainResourceDependencies()Get a shallow copy of dependencies between this resource and other resources in the same stack.
overrideLogicalId(newLogicalId)Overrides the auto-generated logical ID with a specific ID.
removeDependency(target)Indicates that this resource no longer depends on another resource.
replaceDependency(target, newTarget)Replaces one dependency with another.
toString()Returns a string representation of this construct.
protected renderProperties(props)

addDeletionOverride(path)

public addDeletionOverride(path: string): void

Parameters

  • path string — The path of the value to delete.

Syntactic sugar for addOverride(path, undefined).


addDependency(target)

public addDependency(target: CfnResource): void

Parameters

  • target CfnResource

Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.

This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope.


addDependsOn(target)⚠️

public addDependsOn(target: CfnResource): void

⚠️ Deprecated: use addDependency

Parameters

  • target CfnResource

Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.


addMetadata(key, value)

public addMetadata(key: string, value: any): void

Parameters

  • key string
  • value any

Add a value to the CloudFormation Resource Metadata.

See also: [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html

Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html

Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.)


addOverride(path, value)

public addOverride(path: string, value: any): void

Parameters

  • path string — - The path of the property, you can use dot notation to override values in complex types.
  • value any — - The value.

Adds an override to the synthesized CloudFormation resource.

To add a property override, either use addPropertyOverride or prefix path with "Properties." (i.e. Properties.TopicName).

If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path.

To include a literal . in the property name, prefix with a \. In most programming languages you will need to write this as "\\." because the \ itself will need to be escaped.

For example,

cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');

would add the overrides

"Properties": {
  "GlobalSecondaryIndexes": [
    {
      "Projection": {
        "NonKeyAttributes": [ "myattribute" ]
        ...
      }
      ...
    },
    {
      "ProjectionType": "INCLUDE"
      ...
    },
  ]
  ...
}

The value argument to addOverride will not be processed or translated in any way. Pass raw JSON values in here with the correct capitalization for CloudFormation. If you pass CDK classes or structs, they will be rendered with lowercased key names, and CloudFormation will reject the template.


addPropertyDeletionOverride(propertyPath)

public addPropertyDeletionOverride(propertyPath: string): void

Parameters

  • propertyPath string — The path to the property.

Adds an override that deletes the value of a property from the resource definition.


addPropertyOverride(propertyPath, value)

public addPropertyOverride(propertyPath: string, value: any): void

Parameters

  • propertyPath string — The path of the property.
  • value any — The value.

Adds an override to a resource property.

Syntactic sugar for addOverride("Properties.<...>", value).


applyRemovalPolicy(policy?, options?)

public applyRemovalPolicy(policy?: RemovalPolicy, options?: RemovalPolicyOptions): void

Parameters

  • policy RemovalPolicy
  • options RemovalPolicyOptions

Sets the deletion policy of the resource based on the removal policy specified.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN). In some cases, a snapshot can be taken of the resource prior to deletion (RemovalPolicy.SNAPSHOT). A list of resources that support this policy can be found in the following link:

See also: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options


getAtt(attributeName, typeHint?)

public getAtt(attributeName: string, typeHint?: ResolutionTypeHint): Reference

Parameters

  • attributeName string — The name of the attribute.
  • typeHint ResolutionTypeHint

Returns

  • Reference

Returns a token for an runtime attribute of this resource.

Ideally, use generated attribute accessors (e.g. resource.arn), but this can be used for future compatibility in case there is no generated attribute.


getMetadata(key)

public getMetadata(key: string): any

Parameters

  • key string

Returns

  • any

Retrieve a value value from the CloudFormation Resource Metadata.

See also: [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html

Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html

Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.)


inspect(inspector)

public inspect(inspector: TreeInspector): void

Parameters

  • inspector TreeInspector — - tree inspector to collect and process attributes.

Examines the CloudFormation resource and discloses attributes.


obtainDependencies()

public obtainDependencies(): Stack &#124; CfnResource[]

Returns

  • Stack | CfnResource[]

Retrieves an array of resources this resource depends on.

This assembles dependencies on resources across stacks (including nested stacks) automatically.


obtainResourceDependencies()

public obtainResourceDependencies(): CfnResource[]

Returns

  • CfnResource[]

Get a shallow copy of dependencies between this resource and other resources in the same stack.


overrideLogicalId(newLogicalId)

public overrideLogicalId(newLogicalId: string): void

Parameters

  • newLogicalId string — The new logical ID to use for this stack element.

Overrides the auto-generated logical ID with a specific ID.


removeDependency(target)

public removeDependency(target: CfnResource): void

Parameters

  • target CfnResource

Indicates that this resource no longer depends on another resource.

This can be used for resources across stacks (including nested stacks) and the dependency will automatically be removed from the relevant scope.


replaceDependency(target, newTarget)

public replaceDependency(target: CfnResource, newTarget: CfnResource): void

Parameters

  • target CfnResource — The dependency to replace.
  • newTarget CfnResource — The new dependency to add.

Replaces one dependency with another.


toString()

public toString(): string

Returns

  • string

Returns a string representation of this construct.


protected renderProperties(props)

protected renderProperties(props: { [string]: any }): { [string]: any }

Parameters

  • props { [string]: any }

Returns

  • { [string]: any }