The AWS::ECS::Service
resource creates an Amazon Elastic Container Service (Amazon ECS) service that runs and maintains the requested number of tasks and associated load balancers.
The stack update fails if you change any properties that require replacement and at least one Amazon ECS Service Connect ServiceConnectService
is configured. This is because AWS CloudFormation creates the replacement service first, but each ServiceConnectService
must have a name that is unique in the namespace.
Starting April 15, 2023, AWS; will not onboard new customers to Amazon Elastic Inference (EI), and will help current customers migrate their workloads to options that offer better price and performance. After April 15, 2023, new customers will not be able to launch instances with Amazon EI accelerators in Amazon SageMaker, ECS, or EC2. However, customers who have used Amazon EI at least once during the past 30-day period are considered current customers and will be able to continue using the service.
data "awscc_ec2_subnet" "subnet" {
id = "subnet-0000000"
}
resource "awscc_iam_role" "nginx" {
role_name = "ecs_Task_ExecutionRole"
assume_role_policy_document = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ecs-tasks.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
managed_policy_arns = ["arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"]
}
resource "awscc_ecs_service" "nginx" {
service_name = "nginx_service"
cluster = awscc_ecs_cluster.this.id
task_definition = aws_ecs_task_definition.nginx.arn
launch_type = "FARGATE"
desired_count = 1
network_configuration = {
awsvpc_configuration = {
assign_public_ip = "ENABLED"
subnets = ["${data.awscc_ec2_subnet.subnet.subnet_id}"]
}
}
tags = [{
key = "Modified By"
value = "AWSCC"
}]
depends_on = [awscc_iam_role.nginx]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ecs-tasks.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
managed_policy_arns = ["arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"]
}
resource "awscc_ecs_service" "nginx" {
service_name = "nginx_service"
cluster = awscc_ecs_cluster.this.id
task_definition = aws_ecs_task_definition.nginx.arn
launch_type = "FARGATE"
desired_count = 1
network_configuration = {
awsvpc_configuration = {
assign_public_ip = "ENABLED"
subnets = ["${data.awscc_ec2_subnet.subnet.subnet_id}"]
}
}
tags = [{
key = "Modified By"
value = "AWSCC"
}]
depends_on = [awscc_iam_role.nginx]
}
capacity_provider_strategy
(Attributes List) The capacity provider strategy to use for the service.
If a capacityProviderStrategy
is specified, the launchType
parameter must be omitted. If no capacityProviderStrategy
or launchType
is specified, the defaultCapacityProviderStrategy
for the cluster is used.
A capacity provider strategy may contain a maximum of 6 capacity providers. (see below for nested schema)cluster
(String) The short name or full Amazon Resource Name (ARN) of the cluster that you run your service on. If you do not specify a cluster, the default cluster is assumed.deployment_configuration
(Attributes) Optional deployment parameters that control how many tasks run during the deployment and the ordering of stopping and starting tasks. (see below for nested schema)deployment_controller
(Attributes) The deployment controller to use for the service. If no deployment controller is specified, the default value of ECS
is used. (see below for nested schema)desired_count
(Number) The number of instantiations of the specified task definition to place and keep running in your service.
For new services, if a desired count is not specified, a default value of 1
is used. When using the DAEMON
scheduling strategy, the desired count is not required.
For existing services, if a desired count is not specified, it is omitted from the operation.enable_ecs_managed_tags
(Boolean) Specifies whether to turn on Amazon ECS managed tags for the tasks within the service. For more information, see Tagging your Amazon ECS resources in the Amazon Elastic Container Service Developer Guide.
When you use Amazon ECS managed tags, you need to set the propagateTags
request parameter.enable_execute_command
(Boolean) Determines whether the execute command functionality is turned on for the service. If true
, the execute command functionality is turned on for all containers in tasks as part of the service.health_check_grace_period_seconds
(Number) The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing target health checks after a task has first started. This is only used when your service is configured to use a load balancer. If your service has a load balancer defined and you don't specify a health check grace period value, the default value of 0
is used.
If you do not use an Elastic Load Balancing, we recommend that you use the startPeriod
in the task definition health check parameters. For more information, see Health check.
If your service's tasks take a while to start and respond to Elastic Load Balancing health checks, you can specify a health check grace period of up to 2,147,483,647 seconds (about 69 years). During that time, the Amazon ECS service scheduler ignores health check status. This grace period can prevent the service scheduler from marking tasks as unhealthy and stopping them before they have time to come up.launch_type
(String) The launch type on which to run your service. For more information, see Amazon ECS Launch Types in the Amazon Elastic Container Service Developer Guide.load_balancers
(Attributes List) A list of load balancer objects to associate with the service. If you specify the Role
property, LoadBalancers
must be specified as well. For information about the number of load balancers that you can specify per service, see Service Load Balancing in the Amazon Elastic Container Service Developer Guide. (see below for nested schema)network_configuration
(Attributes) The network configuration for the service. This parameter is required for task definitions that use the awsvpc
network mode to receive their own elastic network interface, and it is not supported for other network modes. For more information, see Task Networking in the Amazon Elastic Container Service Developer Guide. (see below for nested schema)placement_constraints
(Attributes List) An array of placement constraint objects to use for tasks in your service. You can specify a maximum of 10 constraints for each task. This limit includes constraints in the task definition and those specified at runtime. (see below for nested schema)placement_strategies
(Attributes List) The placement strategy objects to use for tasks in your service. You can specify a maximum of 5 strategy rules for each service. (see below for nested schema)platform_version
(String) The platform version that your tasks in the service are running on. A platform version is specified only for tasks using the Fargate launch type. If one isn't specified, the LATEST
platform version is used. For more information, see platform versions in the Amazon Elastic Container Service Developer Guide.propagate_tags
(String) Specifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags aren't propagated. Tags can only be propagated to the task during task creation. To add tags to a task after task creation, use the TagResource API action.
The default is NONE
.role
(String) The name or full Amazon Resource Name (ARN) of the IAM role that allows Amazon ECS to make calls to your load balancer on your behalf. This parameter is only permitted if you are using a load balancer with your service and your task definition doesn't use the awsvpc
network mode. If you specify the role
parameter, you must also specify a load balancer object with the loadBalancers
parameter.
If your account has already created the Amazon ECS service-linked role, that role is used for your service unless you specify a role here. The service-linked role is required if your task definition uses the awsvpc
network mode or if the service is configured to use service discovery, an external deployment controller, multiple target groups, or Elastic Inference accelerators in which case you don't specify a role here. For more information, see Using service-linked roles for Amazon ECS in the Amazon Elastic Container Service Developer Guide.
If your specified role has a path other than /
, then you must either specify the full role ARN (this is recommended) or prefix the role name with the path. For example, if a role with the name bar
has a path of /foo/
then you would specify /foo/bar
as the role name. For more information, see Friendly names and paths in the IAM User Guide.scheduling_strategy
(String) The scheduling strategy to use for the service. For more information, see Services.
There are two service scheduler strategies available:
REPLICA
-The replica scheduling strategy places and maintains the desired number of tasks across your cluster. By default, the service scheduler spreads tasks across Availability Zones. You can use task placement strategies and constraints to customize task placement decisions. This scheduler strategy is required if the service uses the CODE_DEPLOY
or EXTERNAL
deployment controller types.DAEMON
-The daemon scheduling strategy deploys exactly one task on each active container instance that meets all of the task placement constraints that you specify in your cluster. The service scheduler also evaluates the task placement constraints for running tasks and will stop tasks that don't meet the placement constraints. When you're using this strategy, you don't need to specify a desired number of tasks, a task placement strategy, or use Service Auto Scaling policies.
Tasks using the Fargate launch type or the CODE_DEPLOY
or EXTERNAL
deployment controller types don't support the DAEMON
scheduling strategy.service_connect_configuration
(Attributes) The configuration for this service to discover and connect to services, and be discovered by, and connected from, other services within a namespace.
Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see Service Connect in the Amazon Elastic Container Service Developer Guide. (see below for nested schema)service_name
(String) The name of your service. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. Service names must be unique within a cluster, but you can have similarly named services in multiple clusters within a Region or across multiple Regions.
The stack update fails if you change any properties that require replacement and the ServiceName
is configured. This is because AWS CloudFormation creates the replacement service first, but each ServiceName
must be unique in the cluster.service_registries
(Attributes List) The details of the service discovery registry to associate with this service. For more information, see Service discovery.
Each service may be associated with one service registry. Multiple service registries for each service isn't supported. (see below for nested schema)tags
(Attributes List) The metadata that you apply to the service to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. When a service is deleted, the tags are deleted as well.
The following basic restrictions apply to tags:
aws:
, AWS:
, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit. (see below for nested schema)task_definition
(String) The family
and revision
(family:revision
) or full ARN of the task definition to run in your service. If a revision
isn't specified, the latest ACTIVE
revision is used.
A task definition must be specified if the service uses either the ECS
or CODE_DEPLOY
deployment controllers.
For more information about deployment types, see Amazon ECS deployment types.volume_configurations
(Attributes List) The configuration for a volume specified in the task definition as a volume that is configured at launch time. Currently, the only supported volume type is an Amazon EBS volume. (see below for nested schema)id
(String) Uniquely identifies the resource.name
(String)service_arn
(String)capacity_provider_strategy
Optional:
base
(Number) The base value designates how many tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined. If no value is specified, the default value of 0
is used.capacity_provider
(String) The short name of the capacity provider.weight
(Number) The weight value designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The weight
value is taken into consideration after the base
value, if defined, is satisfied.
If no weight
value is specified, the default value of 0
is used. When multiple capacity providers are specified within a capacity provider strategy, at least one of the capacity providers must have a weight value greater than zero and any capacity providers with a weight of 0
can't be used to place tasks. If you specify multiple capacity providers in a strategy that all have a weight of 0
, any RunTask
or CreateService
actions using the capacity provider strategy will fail.
An example scenario for using weights is defining a strategy that contains two capacity providers and both have a weight of 1
, then when the base
is satisfied, the tasks will be split evenly across the two capacity providers. Using that same logic, if you specify a weight of 1
for capacityProviderA and a weight of 4
for capacityProviderB, then for every one task that's run using capacityProviderA, four tasks would use capacityProviderB.deployment_configuration
Optional:
alarms
(Attributes) Information about the CloudWatch alarms. (see below for nested schema)deployment_circuit_breaker
(Attributes) The deployment circuit breaker can only be used for services using the rolling update (ECS
) deployment type.
The deployment circuit breaker determines whether a service deployment will fail if the service can't reach a steady state. If you use the deployment circuit breaker, a service deployment will transition to a failed state and stop launching new tasks. If you use the rollback option, when a service deployment fails, the service is rolled back to the last deployment that completed successfully. For more information, see Rolling update in the Amazon Elastic Container Service Developer Guide (see below for nested schema)maximum_percent
(Number) If a service is using the rolling update (ECS
) deployment type, the maximumPercent
parameter represents an upper limit on the number of your service's tasks that are allowed in the RUNNING
or PENDING
state during a deployment, as a percentage of the desiredCount
(rounded down to the nearest integer). This parameter enables you to define the deployment batch size. For example, if your service is using the REPLICA
service scheduler and has a desiredCount
of four tasks and a maximumPercent
value of 200%, the scheduler may start four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available). The default maximumPercent
value for a service using the REPLICA
service scheduler is 200%.
If a service is using either the blue/green (CODE_DEPLOY
) or EXTERNAL
deployment types and tasks that use the EC2 launch type, the maximum percent value is set to the default value and is used to define the upper limit on the number of the tasks in the service that remain in the RUNNING
state while the container instances are in the DRAINING
state. If the tasks in the service use the Fargate launch type, the maximum percent value is not used, although it is returned when describing your service.minimum_healthy_percent
(Number) If a service is using the rolling update (ECS
) deployment type, the minimumHealthyPercent
represents a lower limit on the number of your service's tasks that must remain in the RUNNING
state during a deployment, as a percentage of the desiredCount
(rounded up to the nearest integer). This parameter enables you to deploy without using additional cluster capacity. For example, if your service has a desiredCount
of four tasks and a minimumHealthyPercent
of 50%, the service scheduler may stop two existing tasks to free up cluster capacity before starting two new tasks.
For services that do not use a load balancer, the following should be noted:
RUNNING
state before the task is counted towards the minimum healthy percent total.For services that do use a load balancer, the following should be noted:
If a service is using either the blue/green (CODE_DEPLOY
) or EXTERNAL
deployment types and is running tasks that use the EC2 launch type, the minimum healthy percent value is set to the default value and is used to define the lower limit on the number of the tasks in the service that remain in the RUNNING
state while the container instances are in the DRAINING
state. If a service is using either the blue/green (CODE_DEPLOY
) or EXTERNAL
deployment types and is running tasks that use the Fargate launch type, the minimum healthy percent value is not used, although it is returned when describing your service.
deployment_configuration.alarms
Required:
alarm_names
(List of String) One or more CloudWatch alarm names. Use a "," to separate the alarms.enable
(Boolean) Determines whether to use the CloudWatch alarm option in the service deployment process.rollback
(Boolean) Determines whether to configure Amazon ECS to roll back the service if a service deployment fails. If rollback is used, when a service deployment fails, the service is rolled back to the last deployment that completed successfully.deployment_configuration.deployment_circuit_breaker
Required:
enable
(Boolean) Determines whether to use the deployment circuit breaker logic for the service.rollback
(Boolean) Determines whether to configure Amazon ECS to roll back the service if a service deployment fails. If rollback is on, when a service deployment fails, the service is rolled back to the last deployment that completed successfully.deployment_controller
Optional:
type
(String) The deployment controller type to use. There are three deployment controller types available:
load_balancers
Optional:
container_name
(String) The name of the container (as it appears in a container definition) to associate with the load balancer.
You need to specify the container name when configuring the target group for an Amazon ECS load balancer.container_port
(Number) The port on the container to associate with the load balancer. This port must correspond to a containerPort
in the task definition the tasks in the service are using. For tasks that use the EC2 launch type, the container instance they're launched on must allow ingress traffic on the hostPort
of the port mapping.load_balancer_name
(String) The name of the load balancer to associate with the Amazon ECS service or task set.
If you are using an Application Load Balancer or a Network Load Balancer the load balancer name parameter should be omitted.target_group_arn
(String) The full Amazon Resource Name (ARN) of the Elastic Load Balancing target group or groups associated with a service or task set.
A target group ARN is only specified when using an Application Load Balancer or Network Load Balancer.
For services using the ECS
deployment controller, you can specify one or multiple target groups. For more information, see Registering multiple target groups with a service in the Amazon Elastic Container Service Developer Guide.
For services using the CODE_DEPLOY
deployment controller, you're required to define two target groups for the load balancer. For more information, see Blue/green deployment with CodeDeploy in the Amazon Elastic Container Service Developer Guide.
If your service's task definition uses the awsvpc
network mode, you must choose ip
as the target type, not instance
. Do this when creating your target groups because tasks that use the awsvpc
network mode are associated with an elastic network interface, not an Amazon EC2 instance. This network mode is required for the Fargate launch type.network_configuration
Optional:
awsvpc_configuration
(Attributes) The VPC subnets and security groups that are associated with a task.
All specified subnets and security groups must be from the same VPC. (see below for nested schema)network_configuration.awsvpc_configuration
Optional:
assign_public_ip
(String) Whether the task's elastic network interface receives a public IP address. The default value is DISABLED
.security_groups
(List of String) The IDs of the security groups associated with the task or service. If you don't specify a security group, the default security group for the VPC is used. There's a limit of 5 security groups that can be specified per AwsVpcConfiguration
.
All specified security groups must be from the same VPC.subnets
(List of String) The IDs of the subnets associated with the task or service. There's a limit of 16 subnets that can be specified per AwsVpcConfiguration
.
All specified subnets must be from the same VPC.placement_constraints
Required:
type
(String) The type of constraint. Use distinctInstance
to ensure that each task in a particular group is running on a different container instance. Use memberOf
to restrict the selection to a group of valid candidates.Optional:
expression
(String) A cluster query language expression to apply to the constraint. The expression can have a maximum length of 2000 characters. You can't specify an expression if the constraint type is distinctInstance
. For more information, see Cluster query language in the Amazon Elastic Container Service Developer Guide.placement_strategies
Required:
type
(String) The type of placement strategy. The random
placement strategy randomly places tasks on available candidates. The spread
placement strategy spreads placement across available candidates evenly based on the field
parameter. The binpack
strategy places tasks on available candidates that have the least available amount of the resource that's specified with the field
parameter. For example, if you binpack on memory, a task is placed on the instance with the least amount of remaining memory but still enough to run the task.Optional:
field
(String) The field to apply the placement strategy against. For the spread
placement strategy, valid values are instanceId
(or host
, which has the same effect), or any platform or custom attribute that is applied to a container instance, such as attribute:ecs.availability-zone
. For the binpack
placement strategy, valid values are CPU
and MEMORY
. For the random
placement strategy, this field is not used.service_connect_configuration
Required:
enabled
(Boolean) Specifies whether to use Service Connect with this service.Optional:
log_configuration
(Attributes) The log configuration for the container. This parameter maps to LogConfig
in the Create a container section of the Docker Remote API and the --log-driver
option to docker run.
By default, containers use the same logging driver that the Docker daemon uses. However, the container might use a different logging driver than the Docker daemon by specifying a log driver configuration in the container definition. For more information about the options for different supported log drivers, see Configure logging drivers in the Docker documentation.
Understand the following when specifying a log configuration for your containers.
awslogs
, splunk
, and awsfirelens
.
For tasks hosted on Amazon EC2 instances, the supported log drivers are awslogs
, fluentd
, gelf
, json-file
, journald
, logentries
,syslog
, splunk
, and awsfirelens
.ECS_AVAILABLE_LOGGING_DRIVERS
environment variable before containers placed on that instance can use these log configuration options. For more information, see Amazon ECS container agent configuration in the Amazon Elastic Container Service Developer Guide.namespace
(String) The namespace name or full Amazon Resource Name (ARN) of the CMAPlong namespace for use with Service Connect. The namespace must be in the same AWS Region as the Amazon ECS service and cluster. The type of namespace doesn't affect Service Connect. For more information about CMAPlong, see Working with Services in the Developer Guide.services
(Attributes List) The list of Service Connect service objects. These are names and aliases (also known as endpoints) that are used by other Amazon ECS services to connect to this service.
This field is not required for a "client" Amazon ECS service that's a member of a namespace only to connect to other services within the namespace. An example of this would be a frontend application that accepts incoming requests from either a load balancer that's attached to the service or by other means.
An object selects a port from the task definition, assigns a name for the CMAPlong service, and a list of aliases (endpoints) and ports for client applications to refer to this service. (see below for nested schema)service_connect_configuration.log_configuration
Optional:
log_driver
(String) The log driver to use for the container.
For tasks on FARGATElong, the supported log drivers are awslogs
, splunk
, and awsfirelens
.
For tasks hosted on Amazon EC2 instances, the supported log drivers are awslogs
, fluentd
, gelf
, json-file
, journald
, logentries
,syslog
, splunk
, and awsfirelens
.
For more information about using the awslogs
log driver, see Using the awslogs log driver in the Amazon Elastic Container Service Developer Guide.
For more information about using the awsfirelens
log driver, see Custom log routing in the Amazon Elastic Container Service Developer Guide.
If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's available on GitHub and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software.options
(Map of String) The configuration options to send to the log driver. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'
secret_options
(Attributes List) The secrets to pass to the log configuration. For more information, see Specifying sensitive data in the Amazon Elastic Container Service Developer Guide. (see below for nested schema)service_connect_configuration.log_configuration.secret_options
Required:
name
(String) The name of the secret.value_from
(String) The secret to expose to the container. The supported values are either the full ARN of the ASMlong secret or the full ARN of the parameter in the SSM Parameter Store.
For information about the require IAMlong permissions, see Required IAM permissions for Amazon ECS secrets (for Secrets Manager) or Required IAM permissions for Amazon ECS secrets (for Systems Manager Parameter store) in the Amazon Elastic Container Service Developer Guide.
If the SSM Parameter Store parameter exists in the same Region as the task you're launching, then you can use either the full ARN or name of the parameter. If the parameter exists in a different Region, then the full ARN must be specified.service_connect_configuration.services
Required:
port_name
(String) The portName
must match the name of one of the portMappings
from all the containers in the task definition of this Amazon ECS service.Optional:
client_aliases
(Attributes List) The list of client aliases for this Service Connect service. You use these to assign names that can be used by client applications. The maximum number of client aliases that you can have in this list is 1.
Each alias ("endpoint") is a fully-qualified name and port number that other Amazon ECS tasks ("clients") can use to connect to this service.
Each name and port mapping must be unique within the namespace.
For each ServiceConnectService
, you must provide at least one clientAlias
with one port
. (see below for nested schema)discovery_name
(String) The discoveryName
is the name of the new CMAP service that Amazon ECS creates for this Amazon ECS service. This must be unique within the CMAP namespace. The name can contain up to 64 characters. The name can include lowercase letters, numbers, underscores (_), and hyphens (-). The name can't start with a hyphen.
If the discoveryName
isn't specified, the port mapping name from the task definition is used in portName.namespace
.ingress_port_override
(Number) The port number for the Service Connect proxy to listen on.
Use the value of this field to bypass the proxy for traffic on the port number specified in the named portMapping
in the task definition of this application, and then use it in your VPC security groups to allow traffic into the proxy for this Amazon ECS service.
In awsvpc
mode and Fargate, the default value is the container port number. The container port number is in the portMapping
in the task definition. In bridge mode, the default value is the ephemeral port of the Service Connect proxy.timeout
(Attributes) A reference to an object that represents the configured timeouts for Service Connect. (see below for nested schema)tls
(Attributes) A reference to an object that represents a Transport Layer Security (TLS) configuration. (see below for nested schema)service_connect_configuration.services.client_aliases
Required:
port
(Number) The listening port number for the Service Connect proxy. This port is available inside of all of the tasks within the same namespace.
To avoid changing your applications in client Amazon ECS services, set this to the same port that the client application uses by default. For more information, see Service Connect in the Amazon Elastic Container Service Developer Guide.Optional:
dns_name
(String) The dnsName
is the name that you use in the applications of client tasks to connect to this service. The name must be a valid DNS name but doesn't need to be fully-qualified. The name can include up to 127 characters. The name can include lowercase letters, numbers, underscores (_), hyphens (-), and periods (.). The name can't start with a hyphen.
If this parameter isn't specified, the default value of discoveryName.namespace
is used. If the discoveryName
isn't specified, the port mapping name from the task definition is used in portName.namespace
.
To avoid changing your applications in client Amazon ECS services, set this to the same name that the client application uses by default. For example, a few common names are database
, db
, or the lowercase name of a database, such as mysql
or redis
. For more information, see Service Connect in the Amazon Elastic Container Service Developer Guide.service_connect_configuration.services.timeout
Optional:
idle_timeout_seconds
(Number) The amount of time in seconds a connection will stay active while idle. A value of 0
can be set to disable idleTimeout
.
The idleTimeout
default for HTTP
/HTTP2
/GRPC
is 5 minutes.
The idleTimeout
default for TCP
is 1 hour.per_request_timeout_seconds
(Number) The amount of time waiting for the upstream to respond with a complete response per request. A value of 0
can be set to disable perRequestTimeout
. perRequestTimeout
can only be set if Service Connect appProtocol
isn't TCP
. Only idleTimeout
is allowed for TCP
appProtocol
.service_connect_configuration.services.tls
Required:
issuer_certificate_authority
(Attributes) The signer certificate authority. (see below for nested schema)Optional:
kms_key
(String) The AWS Key Management Service key.role_arn
(String) The Amazon Resource Name (ARN) of the IAM role that's associated with the Service Connect TLS.service_connect_configuration.services.tls.issuer_certificate_authority
Optional:
aws_pca_authority_arn
(String) The ARN of the AWS Private Certificate Authority certificate.service_registries
Optional:
container_name
(String) The container name value to be used for your service discovery service. It's already specified in the task definition. If the task definition that your service task specifies uses the bridge
or host
network mode, you must specify a containerName
and containerPort
combination from the task definition. If the task definition that your service task specifies uses the awsvpc
network mode and a type SRV DNS record is used, you must specify either a containerName
and containerPort
combination or a port
value. However, you can't specify both.container_port
(Number) The port value to be used for your service discovery service. It's already specified in the task definition. If the task definition your service task specifies uses the bridge
or host
network mode, you must specify a containerName
and containerPort
combination from the task definition. If the task definition your service task specifies uses the awsvpc
network mode and a type SRV DNS record is used, you must specify either a containerName
and containerPort
combination or a port
value. However, you can't specify both.port
(Number) The port value used if your service discovery service specified an SRV record. This field might be used if both the awsvpc
network mode and SRV records are used.registry_arn
(String) The Amazon Resource Name (ARN) of the service registry. The currently supported service registry is CMAP. For more information, see CreateService.tags
Optional:
key
(String) One part of a key-value pair that make up a tag. A key
is a general label that acts like a category for more specific tag values.value
(String) The optional part of a key-value pair that make up a tag. A value
acts as a descriptor within a tag category (key).volume_configurations
Required:
name
(String) The name of the volume. This value must match the volume name from the Volume
object in the task definition.Optional:
managed_ebs_volume
(Attributes) The configuration for the Amazon EBS volume that Amazon ECS creates and manages on your behalf. These settings are used to create each Amazon EBS volume, with one volume created for each task in the service. The Amazon EBS volumes are visible in your account in the Amazon EC2 console once they are created. (see below for nested schema)volume_configurations.managed_ebs_volume
Required:
role_arn
(String) The ARN of the IAM role to associate with this volume. This is the Amazon ECS infrastructure IAM role that is used to manage your AWS infrastructure. We recommend using the Amazon ECS-managed AmazonECSInfrastructureRolePolicyForVolumes
IAM policy with this role. For more information, see Amazon ECS infrastructure IAM role in the Amazon ECS Developer Guide.Optional:
encrypted
(Boolean) Indicates whether the volume should be encrypted. If no value is specified, encryption is turned on by default. This parameter maps 1:1 with the Encrypted
parameter of the CreateVolume API in the Amazon EC2 API Reference.filesystem_type
(String) The Linux filesystem type for the volume. For volumes created from a snapshot, you must specify the same filesystem type that the volume was using when the snapshot was created. If there is a filesystem type mismatch, the task will fail to start.
The available filesystem types are? ext3
, ext4
, and xfs
. If no value is specified, the xfs
filesystem type is used by default.iops
(Number) The number of I/O operations per second (IOPS). For gp3
, io1
, and io2
volumes, this represents the number of IOPS that are provisioned for the volume. For gp2
volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.
The following are the supported values for each volume type.
gp3
: 3,000 - 16,000 IOPSio1
: 100 - 64,000 IOPSio2
: 100 - 256,000 IOPSThis parameter is required for io1
and io2
volume types. The default for gp3
volumes is 3,000 IOPS
. This parameter is not supported for st1
, sc1
, or standard
volume types.
This parameter maps 1:1 with the Iops
parameter of the CreateVolume API in the Amazon EC2 API Reference.
kms_key_id
(String) The Amazon Resource Name (ARN) identifier of the AWS Key Management Service key to use for Amazon EBS encryption. When encryption is turned on and no AWS Key Management Service key is specified, the default AWS managed key for Amazon EBS volumes is used. This parameter maps 1:1 with the KmsKeyId
parameter of the CreateVolume API in the Amazon EC2 API Reference.
AWS authenticates the AWS Key Management Service key asynchronously. Therefore, if you specify an ID, alias, or ARN that is invalid, the action can appear to complete, but eventually fails.size_in_gi_b
(Number) The size of the volume in GiB. You must specify either a volume size or a snapshot ID. If you specify a snapshot ID, the snapshot size is used for the volume size by default. You can optionally specify a volume size greater than or equal to the snapshot size. This parameter maps 1:1 with the Size
parameter of the CreateVolume API in the Amazon EC2 API Reference.
The following are the supported volume size values for each volume type.
gp2
and gp3
: 1-16,384io1
and io2
: 4-16,384st1
and sc1
: 125-16,384standard
: 1-1,024snapshot_id
(String) The snapshot that Amazon ECS uses to create the volume. You must specify either a snapshot ID or a volume size. This parameter maps 1:1 with the SnapshotId
parameter of the CreateVolume API in the Amazon EC2 API Reference.tag_specifications
(Attributes List) The tags to apply to the volume. Amazon ECS applies service-managed tags by default. This parameter maps 1:1 with the TagSpecifications.N
parameter of the CreateVolume API in the Amazon EC2 API Reference. (see below for nested schema)throughput
(Number) The throughput to provision for a volume, in MiB/s, with a maximum of 1,000 MiB/s. This parameter maps 1:1 with the Throughput
parameter of the CreateVolume API in the Amazon EC2 API Reference.
This parameter is only supported for the gp3
volume type.volume_type
(String) The volume type. This parameter maps 1:1 with the VolumeType
parameter of the CreateVolume API in the Amazon EC2 API Reference. For more information, see Amazon EBS volume types in the Amazon EC2 User Guide.
The following are the supported volume types.
gp2
|gp3
io1
|io2
st1
sc1
standard
The magnetic volume type is not supported on Fargate.volume_configurations.managed_ebs_volume.tag_specifications
Required:
resource_type
(String) The type of volume resource.Optional:
propagate_tags
(String) Determines whether to propagate the tags from the task definition to ?the Amazon EBS volume. Tags can only propagate to a SERVICE
specified in ?ServiceVolumeConfiguration
. If no value is specified, the tags aren't ?propagated.tags
(Attributes List) The tags applied to this Amazon EBS volume. AmazonECSCreated
and AmazonECSManaged
are reserved tags that can't be used. (see below for nested schema)volume_configurations.managed_ebs_volume.tag_specifications.tags
Optional:
key
(String) One part of a key-value pair that make up a tag. A key
is a general label that acts like a category for more specific tag values.value
(String) The optional part of a key-value pair that make up a tag. A value
acts as a descriptor within a tag category (key).Import is supported using the following syntax:
$ terraform import awscc_ecs_service.example <resource ID>