A beginner’s guide to Amazon’s Elastic Container Service

This article is a beginner’s high level look at Amazon ECS. We’ll cover core concepts, terms, simple architecture diagrams, and abstracted examples. So let’s get started!

To appreciate Amazon ECS, you first have to understand Docker.

Docker is a client-server application that can be installed on Linux, Windows, and MacOS and that allows you to run Docker containers . Containers are lightweight environments containing everything needed to run a specific application or part of an application. Multiple different containers can be run on one machine, so long as it has the Docker software installed.

If you’re interested in how they work, and how Docker is different from a virtual machine, then this intro to Docker is a great place to start.

N-3HpONvjcv4ZhAeMBN43aO1XfLfwDcOL2oe

Using Docker containers allows teams to have a consistent development environment by abstracting away the software, operating system, and hardware configuration into a standard building block that can be run on any machine.

Each container has exactly what it needs — for example, certain versions of a language or library — and no more than it needs. Multiple containers can be used for different parts of your application if you want, and they can be set up to communicate with each other when needed.

By using specified Docker containers to run your production code, you can be sure that your development environment is exactly the same as your production environment.

As your application grows, managing the deployment, structure, scheduling, and scaling of these containers rapidly becomes very complicated. This is where a “container management service” comes in. It aims to allow simple configuration options and handles the heavy lifting while you go back to writing the app.

An intro to Amazon ECS

Amazon Elastic Container Service (ECS) is, according to Amazon,

…a highly scalable, fast, container management service that makes it easy to run, stop, and manage Docker containers on a cluster.

It is comparable to Kubernetes , Docker Swarm , and Azure Container Service .

4wqn-TABgSmokYgU0tGgbvk8kTng0ibENfLX

ECS runs your containers on a cluster of Amazon EC2 (Elastic Compute Cloud) virtual machine instances pre-installed with Docker. It handles installing containers, scaling, monitoring, and managing these instances through both an API and the AWS Management Console. It allows you to simplify your view of EC2 instances to a pool of resources, such as CPU and memory. The specific instance a container runs on, and maintenance of all instances, is handled by the platform. You don’t have to think about it.

It’s worth noting that it is tied into the Amazon infrastructure, unlike some other providers that allow more flexibility. However, that means it comes with excellent integration with other AWS services.

Terms and architecture

Let’s give some imaginary context for the definitions we are about to look at. Say you are building an application that runs on two Docker containers, perhaps one for the main application, and one for managing metrics. Both are needed for the application to run as intended. If you had large amounts of traffic, you might need to run several pairs of containers.

Here we come to two sets of new terms:

  • a Task Definition , Task , and Service , and
  • a Cluster , ECS Container Instance , and ECS Container Agent .

Task Definition

This is the blueprint describing which Docker containers to run and represents your application. In our example, it would be two containers. would detail the images to use, the CPU and memory to allocate, environment variables, ports to expose, and how the containers interact.

An instance of a Task Definition, running the containers detailed within it. Multiple Tasks can be created by one Task Definition, as demand requires.

eL718lUcFCktxO96DKpdAIu1uBguoNqOKHRF

Defines the minimum and maximum Tasks from one Task Definition run at any given time, autoscaling, and load balancing. In our example, if the CPU was maxed out from the single task we had running, we may want it to add an additional Task.

We may, however, want to limit the maximum number of Tasks it can run, since we know that running extra Tasks uses additional resources that cost money.

Ff1BK5c7YRL7KAv71Hu7ZSwByYpeJPTaolzT

Now that we have our Service, its Tasks need to be run somewhere in order to be accessible. It needs to be put on a Cluster, and the container management service will handle it running across one or more ECS Container Instance(s) .

ECS Container Instances and ECS Container Agents

1NSrmTZQxI3ErrpE9qMvTZkjYIZ9zS9BLZrJ

This is an EC2 instance that has Docker and an ECS Container Agent running on it. A Container Instance can run many Tasks, from the same or different Services.

The Agent takes care of the communication between ECS and the instance, providing the status of running containers and managing running new ones.

scH1QJHgrQ6NgA1jQo9ITuCiQGkAawRHmzSc

As seen above, a Cluster is a group of ECS Container Instances. Amazon ECS handles the logic of scheduling, maintaining, and handling scaling requests to these instances. It also takes away the work of finding the optimal placement of each Task based on your CPU and memory needs.

A Cluster can run many Services. If you have multiple applications as part of your product, you may wish to put several of them on one Cluster. This makes more efficient use of the resources available and minimizes setup time.

W3Xl8d3AHiLkuxV4ZdmvrqtPoFplOtp3hmcY

We have seen how a Dockerized application can be represented by a Task Definition that has a one-to-one relationship with a Service which in turn uses it to create many different Task instances.

This Service is deployed to a Cluster of ECS Container Instances that provide the pool of resources needed to run and scale your application. Additional Services can be deployed to the same Cluster.

Amazon ECS, or any container management service, aims to make this as simple as possible, abstracting away many complexities of running infrastructure at scale.

wRtGhAtM8NLLnpTkp4PAUc80YHObxKVnFFhM

As your needs become more complex, the container management service ensures this remains manageable. Using its API or Management Console, you can put definitions in place to add new Container Instances as you need them. This makes sure that there are always a healthy number of Tasks running, and intelligently allocates resources across Services.

Thanks for reading!

  • Gentle Introduction to How AWS ECS Works with Example Tutorial
  • Deploying Clustered Akka Applications on Amazon ECS
  • Building Blocks of Amazon ECS
  • Introduction to Amazon EC2 Container Service (ECS) — Docker Management on AWS
  • Amazon ECS: Core Concepts
  • AWS EC2 for Beginners
  • A Better Dev/Test Experience: Docker and AWS
  • Cluster-Based Architectures Using Docker and Amazon EC2 Container Service

Edinburgh, Scotland.

If this article was helpful, share it .

Learn to code for free. freeCodeCamp's open source curriculum has helped more than 40,000 people get jobs as developers. Get started

TaskDefinition

The details of a task definition which describes the container and volume definitions of an Amazon Elastic Container Service task. You can specify which Docker images to use, the required resources, and other configurations related to launching the task definition through an Amazon ECS service or task.

The task launch types the task definition validated against during task definition registration. For more information, see Amazon ECS launch types in the Amazon Elastic Container Service Developer Guide .

Type: Array of strings

Valid Values: EC2 | FARGATE | EXTERNAL

Required: No

A list of container definitions in JSON format that describe the different containers that make up your task. For more information about container definition parameters and defaults, see Amazon ECS Task Definitions in the Amazon Elastic Container Service Developer Guide .

Type: Array of ContainerDefinition objects

The number of cpu units used by the task. If you use the EC2 launch type, this field is optional. Any value can be used. If you use the Fargate launch type, this field is required. You must use one of the following values. The value that you choose determines your range of valid values for the memory parameter.

The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate.

256 (.25 vCPU) - Available memory values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB)

512 (.5 vCPU) - Available memory values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB)

1024 (1 vCPU) - Available memory values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB)

2048 (2 vCPU) - Available memory values: 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB)

4096 (4 vCPU) - Available memory values: 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB)

8192 (8 vCPU) - Available memory values: 16 GB and 60 GB in 4 GB increments

This option requires Linux platform 1.4.0 or later.

16384 (16vCPU) - Available memory values: 32GB and 120 GB in 8 GB increments

Type: String

The Unix timestamp for the time when the task definition was deregistered.

Type: Timestamp

The ephemeral storage settings to use for tasks run with the task definition.

Type: EphemeralStorage object

The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make Amazon API calls on your behalf. The task execution IAM role is required depending on the requirements of your task. For more information, see Amazon ECS task execution IAM role in the Amazon Elastic Container Service Developer Guide .

The name of a family that this task definition is registered to. Up to 255 characters are allowed. Letters (both uppercase and lowercase letters), numbers, hyphens (-), and underscores (_) are allowed.

A family groups multiple versions of a task definition. Amazon ECS gives the first task definition that you registered to a family a revision number of 1. Amazon ECS gives sequential revision numbers to each task definition that you add.

The Elastic Inference accelerator that's associated with the task.

Type: Array of InferenceAccelerator objects

The IPC resource namespace to use for the containers in the task. The valid values are host , task , or none . If host is specified, then all containers within the tasks that specified the host IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If task is specified, all containers within the specified task share the same IPC resources. If none is specified, then IPC resources within the containers of a task are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance. For more information, see IPC settings in the Docker run reference .

If the host IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose. For more information, see Docker security .

If you are setting namespaced kernel parameters using systemControls for the containers in the task, the following will apply to your IPC resource namespace. For more information, see System Controls in the Amazon Elastic Container Service Developer Guide .

For tasks that use the host IPC mode, IPC namespace related systemControls are not supported.

For tasks that use the task IPC mode, IPC namespace related systemControls will apply to all containers within a task.

This parameter is not supported for Windows containers or tasks run on Amazon Fargate.

Valid Values: host | task | none

The amount (in MiB) of memory used by the task.

If your tasks runs on Amazon EC2 instances, you must specify either a task-level memory value or a container-level memory value. This field is optional and any value can be used. If a task-level memory value is specified, the container-level memory value is optional. For more information regarding container-level memory and memory reservation, see ContainerDefinition .

If your tasks runs on Amazon Fargate, this field is required. You must use one of the following values. The value you choose determines your range of valid values for the cpu parameter.

512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - Available cpu values: 256 (.25 vCPU)

1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - Available cpu values: 512 (.5 vCPU)

2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - Available cpu values: 1024 (1 vCPU)

Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - Available cpu values: 2048 (2 vCPU)

Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - Available cpu values: 4096 (4 vCPU)

Between 16 GB and 60 GB in 4 GB increments - Available cpu values: 8192 (8 vCPU)

Between 32GB and 120 GB in 8 GB increments - Available cpu values: 16384 (16 vCPU)

The Docker networking mode to use for the containers in the task. The valid values are none , bridge , awsvpc , and host . If no network mode is specified, the default is bridge .

For Amazon ECS tasks on Fargate, the awsvpc network mode is required. For Amazon ECS tasks on Amazon EC2 Linux instances, any network mode can be used. For Amazon ECS tasks on Amazon EC2 Windows instances, <default> or awsvpc can be used. If the network mode is set to none , you cannot specify port mappings in your container definitions, and the tasks containers do not have external connectivity. The host and awsvpc network modes offer the highest networking performance for containers because they use the EC2 network stack instead of the virtualized network stack provided by the bridge mode.

With the host and awsvpc network modes, exposed container ports are mapped directly to the corresponding host port (for the host network mode) or the attached elastic network interface port (for the awsvpc network mode), so you cannot take advantage of dynamic host port mappings.

When using the host network mode, you should not run containers using the root user (UID 0). It is considered best practice to use a non-root user.

If the network mode is awsvpc , the task is allocated an elastic network interface, and you must specify a NetworkConfiguration value when you create a service or run a task with the task definition. For more information, see Task Networking in the Amazon Elastic Container Service Developer Guide .

If the network mode is host , you cannot run multiple instantiations of the same task on a single container instance when port mappings are used.

For more information, see Network settings in the Docker run reference .

Valid Values: bridge | host | awsvpc | none

The process namespace to use for the containers in the task. The valid values are host or task . On Fargate for Linux containers, the only valid value is task . For example, monitoring sidecars might need pidMode to access information about other containers running in the same task.

If host is specified, all containers within the tasks that specified the host PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance.

If task is specified, all containers within the specified task share the same process namespace.

If no value is specified, the default is a private namespace for each container. For more information, see PID settings in the Docker run reference .

If the host PID mode is used, there's a heightened risk of undesired process namespace exposure. For more information, see Docker security .

This parameter is not supported for Windows containers.

This parameter is only supported for tasks that are hosted on Amazon Fargate if the tasks are using platform version 1.4.0 or later (Linux). This isn't supported for Windows containers on Fargate.

Valid Values: host | task

An array of placement constraint objects to use for tasks.

This parameter isn't supported for tasks run on Amazon Fargate.

Type: Array of TaskDefinitionPlacementConstraint objects

The configuration details for the App Mesh proxy.

Your Amazon ECS container instances require at least version 1.26.0 of the container agent and at least version 1.26.0-1 of the ecs-init package to use a proxy configuration. If your container instances are launched from the Amazon ECS optimized AMI version 20190301 or later, they contain the required versions of the container agent and ecs-init . For more information, see Amazon ECS-optimized Linux AMI in the Amazon Elastic Container Service Developer Guide .

Type: ProxyConfiguration object

The Unix timestamp for the time when the task definition was registered.

The principal that registered the task definition.

The container instance attributes required by your task. When an Amazon EC2 instance is registered to your cluster, the Amazon ECS container agent assigns some standard attributes to the instance. You can apply custom attributes. These are specified as key-value pairs using the Amazon ECS console or the PutAttributes API. These attributes are used when determining task placement for tasks hosted on Amazon EC2 instances. For more information, see Attributes in the Amazon Elastic Container Service Developer Guide .

Type: Array of Attribute objects

The task launch types the task definition was validated against. The valid values are EC2 , FARGATE , and EXTERNAL . For more information, see Amazon ECS launch types in the Amazon Elastic Container Service Developer Guide .

The revision of the task in a particular family. The revision is a version number of a task definition in a family. When you register a task definition for the first time, the revision is 1 . Each time that you register a new revision of a task definition in the same family, the revision value always increases by one. This is even if you deregistered previous revisions in this family.

Type: Integer

The operating system that your task definitions are running on. A platform family is specified only for tasks using the Fargate launch type.

When you specify a task in a service, this value must match the runtimePlatform value of the service.

Type: RuntimePlatform object

The status of the task definition.

Valid Values: ACTIVE | INACTIVE | DELETE_IN_PROGRESS

The full Amazon Resource Name (ARN) of the task definition.

The short name or full Amazon Resource Name (ARN) of the Amazon Identity and Access Management role that grants containers in the task permission to call Amazon APIs on your behalf. For more information, see Amazon ECS Task Role in the Amazon Elastic Container Service Developer Guide .

IAM roles for tasks on Windows require that the -EnableTaskIAMRole option is set when you launch the Amazon ECS-optimized Windows AMI. Your containers must also run some configuration code to use the feature. For more information, see Windows IAM roles for tasks in the Amazon Elastic Container Service Developer Guide .

The list of data volume definitions for the task. For more information, see Using data volumes in tasks in the Amazon Elastic Container Service Developer Guide .

The host and sourcePath parameters aren't supported for tasks run on Amazon Fargate.

Type: Array of Volume objects

For more information about using this API in one of the language-specific Amazon SDKs, see the following:

Amazon SDK for C++

Amazon SDK for Go

Amazon SDK for Java V2

Amazon SDK for Ruby V3

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Tasks and Scheduling

A task is the instantiation of a task definition within a cluster. After you have created a task definition for your application within Amazon ECS, you can specify the number of tasks that will run on your cluster.

Each task that uses the Fargate launch type has its own isolation boundary and does not share the underlying kernel, CPU resources, memory resources, or elastic network interface with another task.

The Amazon ECS task scheduler is responsible for placing tasks within your cluster. There are several different scheduling options available. For example, you can define a service that runs and maintains a specified number of tasks simultaneously. For more information about the different scheduling options available, see Scheduling Amazon ECS Tasks .

ECS: Tasks vs Services

ECS is an AWS container management service for running containerized apps on a cluster. There are two important concepts to understand in AWS ECS, which are Tasks and Services that we will compare in this article.

Let’s start off where tasks and services are alike and then move on to differences. Both of them need something called a Task Definition which is basically a configuration of a task - sort of what the Docker Image is to a Docker Container. Task Definition holds the information how many containers to create for the task, what containers should be linked together, how much CPU should be allocated, connecting logs, defining environment etc.

Going back to a docker analogy, a task is a single “instance” of a task definition. It is created when ran directly and launches all the containers that were defined in its Task Definition. Running tasks directly is great for running jobs that have a clear start and finish like for example what is usually accomplished by CRON jobs.

Important thing to note is that if a task fails for some reason it won’t be recreated and it does not have access to a Load Balancer.

Using the docker analogy again, a service would probably be docker-compose as it orchestrates tasks but unlike docker-compose it also keeps them running which is known as a Service Scheduler. This means that should a task fail or shut down for some reason, the ECS Service would create a new instance according to user instructions in the Task Definition and Service Definition. Apart from this “self-healing”, ECS Services can also be run behind a load balancer which will distribute traffic across all tasks associated with it.

ECS Service is a good choice for long running tasks like web servers that should be restarted automatically in case they fail for some reason.

As I understand it, the Task is a single instance of a Task Definition that I have to run myself. It will do its job and then shut down but should it fail the job simply won’t be done. Service, however, is the middleman that will take that task definition, take instructions (service definition) on how many tasks should be spun up in however many regions and will keep an eye on it for me. Should any task fail, the Service will create a new instance automatically. One additional but very important difference between them is also that singular Tasks - ones that I run myself - cannot be ran behind a Load Balancer. This is logical as we have only one Task but still important to keep in mind.

Below a simplified diagram of my mental model of how all this works.

ECS tasks and services diagram

AWS Amazon ECS Task Definition

This page shows how to write Terraform and CloudFormation for Amazon ECS Task Definition and write them securely.

Review your .tf file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

aws_ecs_task_definition (Terraform)

The Task Definition in Amazon ECS can be configured in Terraform with the resource name aws_ecs_task_definition . The following sections describe 4 examples of how to use the resource and its parameters.

  • Example Usage from GitHub

Review your Terraform file for AWS best practices

Security best practices for aws_ecs_task_definition.

There is 1 setting in aws_ecs_task_definition that should be taken care of for security reasons. The following section explain an overview and example code.

Ensure to enable in-transit encryption of EFS volume

It is better to enable in-transit encryption of EFS volume for the protection of data in transit more.

Review your AWS Amazon ECS settings

You can check if the aws_ecs_task_definition setting in your .tf file is correct in 3 min with Shisho Cloud.

  • arn optional computed - string
  • container_definitions required - string
  • cpu optional - string
  • execution_role_arn optional - string
  • family required - string
  • id optional computed - string
  • ipc_mode optional - string
  • memory optional - string
  • network_mode optional computed - string
  • pid_mode optional - string
  • requires_compatibilities optional - set of string
  • revision optional computed - number
  • tags optional - map from string to string
  • task_role_arn optional - string
  • device_name required - string
  • device_type required - string
  • expression optional - string
  • type required - string
  • container_name required - string
  • properties optional - map from string to string
  • type optional - string
  • host_path optional - string
  • name required - string
  • autoprovision optional - bool
  • driver optional - string
  • driver_opts optional - map from string to string
  • labels optional - map from string to string
  • scope optional computed - string
  • file_system_id required - string
  • root_directory optional - string
  • transit_encryption optional - string
  • transit_encryption_port optional - number
  • access_point_id optional - string
  • iam optional - string

>> from Terraform Registry

  • Explanation in Terraform Registry
Manages a revision of an ECS task definition to be used in aws_ecs_service .

Tips: Best Practices for The Other AWS Amazon ECS Resources

In addition to the aws_ecs_cluster, AWS Amazon ECS has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

aws_ecs_cluster

Ensure to enable CloudWatch Container Insights

It's better to enable CloudWatch Container Insights to gain a better perspective on cluster applications. CloudWatch Container Insights collects, aggregates, and summarizes ECS metrics and logs.

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

AWS::ECS::TaskDefinition (CloudFormation)

The TaskDefinition in ECS can be configured in CloudFormation with the resource name AWS::ECS::TaskDefinition . The following sections describe 10 examples of how to use the resource and its parameters.

  • Family optional - String
  • ContainerDefinitions optional - List of ContainerDefinition
  • Cpu optional - String
  • ExecutionRoleArn optional - String
  • EphemeralStorage optional - EphemeralStorage
  • InferenceAccelerators optional - List of InferenceAccelerator
  • Memory optional - String
  • NetworkMode optional - String
  • PlacementConstraints optional - List of TaskDefinitionPlacementConstraint
  • ProxyConfiguration optional - ProxyConfiguration
  • RequiresCompatibilities optional - List
  • TaskRoleArn optional - String
  • Volumes optional - List of Volume
  • PidMode optional - String
  • RuntimePlatform optional - RuntimePlatform
  • IpcMode optional - String
  • Tags optional - List of Tag

>> from AWS CloudFormation Documentation

Explanation in CloudFormation Registry

The AWS::ECS::TaskDefinition resource describes the container and volume definitions of an Amazon Elastic Container Service ( Amazon ECS ) task. You can specify which Docker images to use, the required resources, and other configurations related to launching the task definition through an Amazon ECS service or task.

The Other Related AWS Amazon ECS Resources

AWS Amazon ECS Capacity Provider

AWS Amazon ECS Cluster

AWS Amazon ECS Service

AWS Amazon ECS Tag

  • Frequently asked questions

What is AWS Amazon ECS Task Definition?

AWS Amazon ECS Task Definition is a resource for Amazon ECS of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Amazon ECS Task Definition?

For Terraform, the stelligent/config-lint , stelligent/config-lint and kuromitsu0104/gadget-app source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the melscoop-test/check , sdlombardo2/robot-shop and nizamawscloud/aws-cloudformation-cloudformation-guard source code examples are useful. See the CloudFormation Example section for further details.

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents

what is task definition ecs

  • Security Best Practices
  • Best Practces for The Other Resources

what is task definition ecs

JavaToDev Tutorials in Backend Development Technologies

  • Spring Boot

Creating Task Definitions For ECS Deployment

avatar

An ECS task definition is a blueprint or configuration file that describes how to run a containerized application within Amazon Elastic Container Service (ECS).

It defines various parameters such as the Docker image to use, the resources allocated to the task, networking settings, environment variables, and other container-specific configurations.

Task definitions play a crucial role in ECS deployments as they provide the instructions for launching and managing containers.

They define the components of a task, which can include one or more containers that work together to form a functional application.

Configuring Task Definition

First, navigate to task definition under the ECS dashboard, then give a unique name for the definition family name.

After that create containers that we need with this definition,

Here we only need a single container that runs with the docker image we created on private ECR repository .

Copy the image URI from the ECR dashboard for the correct repository and let’s create the definition as shown below,

Here we have to define the port mappings for the container, Since we have a spring boot application that runs on a default 8080 port, we have to open it with the port mappings section,

This port mapping will be used by external parties (Eg:- Load balancer) to access the fargate instances running on a private subnet.

Container image details under task definition

Private Registry access

Here we are using a private ECR registry to store the necessary docker images, But we can keep the private registry tick de-active, and ensure the ECR access through the task execution role that we are setting in the next phase in this task definition.

Defining Environmental Variables

The spring boot application that we are going to deploy with this infrastructure has environment variables that we have defined under application.properties for the DEV profile .

Then define the necessary environment variables with the database configurations from the RDS database we created earlier.

Environment variables under ECS Task definition

Keep other optional parameters as default values and proceed with the next phase.

Environment Configurations

Here we can choose the task size including memory and CPU allocation, with task roles that will be used by container setup.

ECS task roles allow the containers in your task to assume an IAM role to call AWS APIs without having to use AWS Credentials inside the containers. That means the application inside the container can access other AWS services like sending a notification to Amazon SNS or accessing an S3 bucket.

ECS task execution roles grant the ECS agents permission to make AWS API calls who are responsible for managing the tasks in the cluster. That means the task is able to send container logs to CloudWatch or pull a container image from Amazon ECR.

Here we only have a requirement to pull a container image from Amazon ECR , hence setting the ECS task execution role will be enough .

Attaching Storage With ECS – Optional

By default, every ECS task contains 20GB of space, But we can extend it up to 200 GB. In addition to that we have the freedom to attach an EFS volume as well.

Memory and CPU allocation with Task roles configurations for ECS task definition

All done now we can proceed with creating the task definition since we have configured all the necessary minimal configurations.

Task definition creation successfully completed

We are done with setting up the task definitions for our ECS fargate application architecture in this article series.

Now we can focus on the next step which focuses on deploying the task as a service under the cluster we created on Amazon ECS in our next article.

Source Code and Other Resources

All the necessary source codes are committed to this GitHub repository and the postman collection for the testing can be found under this link

Comment your thoughts or any issues found while proceeding with this article series.

Happy coding.

avatar

Chinthaka Dinadasa

Creating Cluster For ECS Fargate Deployment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Save my name, email, and website in this browser for the next time I comment.

AWS::ECS::TaskDefinition

Registers a new task definition from the supplied family and containerDefinitions . Optionally, you can add data volumes to your containers with the volumes parameter. For more information about task definition parameters and defaults, see Amazon ECS Task Definitions in the Amazon Elastic Container Service Developer Guide .

You can specify a role for your task with the taskRoleArn parameter. When you specify a role for a task, its containers can then use the latest versions of the AWS CLI or SDKs to make API requests to the AWS services that are specified in the policy that's associated with the role. For more information, see IAM Roles for Tasks in the Amazon Elastic Container Service Developer Guide .

You can specify a Docker networking mode for the containers in your task definition with the networkMode parameter. The available network modes correspond to those described in Network settings in the Docker run reference. If you specify the awsvpc network mode, the task is allocated an elastic network interface, and you must specify a NetworkConfiguration when you create a service or run a task with the task definition. For more information, see Task Networking in the Amazon Elastic Container Service Developer Guide .

To declare this entity in your AWS CloudFormation template, use the following syntax:

A list of container definitions in JSON format that describe the different containers that make up your task. For more information about container definition parameters and defaults, see Amazon ECS Task Definitions in the Amazon Elastic Container Service Developer Guide .

Required : No

Type : Array of ContainerDefinition

Update requires : Replacement

The number of cpu units used by the task. If you use the EC2 launch type, this field is optional. Any value can be used. If you use the Fargate launch type, this field is required. You must use one of the following values. The value that you choose determines your range of valid values for the memory parameter.

The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate.

256 (.25 vCPU) - Available memory values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB)

512 (.5 vCPU) - Available memory values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB)

1024 (1 vCPU) - Available memory values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB)

2048 (2 vCPU) - Available memory values: 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB)

4096 (4 vCPU) - Available memory values: 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB)

8192 (8 vCPU) - Available memory values: 16 GB and 60 GB in 4 GB increments

This option requires Linux platform 1.4.0 or later.

16384 (16vCPU) - Available memory values: 32GB and 120 GB in 8 GB increments

Type : String

The ephemeral storage settings to use for tasks run with the task definition.

Type : EphemeralStorage

The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf. The task execution IAM role is required depending on the requirements of your task. For more information, see Amazon ECS task execution IAM role in the Amazon Elastic Container Service Developer Guide .

The name of a family that this task definition is registered to. Up to 255 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed.

A family groups multiple versions of a task definition. Amazon ECS gives the first task definition that you registered to a family a revision number of 1. Amazon ECS gives sequential revision numbers to each task definition that you add.

To use revision numbers when you update a task definition, specify this property. If you don't specify a value, AWS CloudFormation generates a new task definition each time that you update it.

The Elastic Inference accelerators to use for the containers in the task.

Type : Array of InferenceAccelerator

The IPC resource namespace to use for the containers in the task. The valid values are host , task , or none . If host is specified, then all containers within the tasks that specified the host IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If task is specified, all containers within the specified task share the same IPC resources. If none is specified, then IPC resources within the containers of a task are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance. For more information, see IPC settings in the Docker run reference .

If the host IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose. For more information, see Docker security .

If you are setting namespaced kernel parameters using systemControls for the containers in the task, the following will apply to your IPC resource namespace. For more information, see System Controls in the Amazon Elastic Container Service Developer Guide .

For tasks that use the host IPC mode, IPC namespace related systemControls are not supported.

For tasks that use the task IPC mode, IPC namespace related systemControls will apply to all containers within a task.

This parameter is not supported for Windows containers or tasks run on AWS Fargate.

Allowed values : host | task | none

The amount (in MiB) of memory used by the task.

If your tasks runs on Amazon EC2 instances, you must specify either a task-level memory value or a container-level memory value. This field is optional and any value can be used. If a task-level memory value is specified, the container-level memory value is optional. For more information regarding container-level memory and memory reservation, see ContainerDefinition .

If your tasks runs on AWS Fargate, this field is required. You must use one of the following values. The value you choose determines your range of valid values for the cpu parameter.

512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - Available cpu values: 256 (.25 vCPU)

1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - Available cpu values: 512 (.5 vCPU)

2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - Available cpu values: 1024 (1 vCPU)

Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - Available cpu values: 2048 (2 vCPU)

Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - Available cpu values: 4096 (4 vCPU)

Between 16 GB and 60 GB in 4 GB increments - Available cpu values: 8192 (8 vCPU)

Between 32GB and 120 GB in 8 GB increments - Available cpu values: 16384 (16 vCPU)

The Docker networking mode to use for the containers in the task. The valid values are none , bridge , awsvpc , and host . If no network mode is specified, the default is bridge .

For Amazon ECS tasks on Fargate, the awsvpc network mode is required. For Amazon ECS tasks on Amazon EC2 Linux instances, any network mode can be used. For Amazon ECS tasks on Amazon EC2 Windows instances, <default> or awsvpc can be used. If the network mode is set to none , you cannot specify port mappings in your container definitions, and the tasks containers do not have external connectivity. The host and awsvpc network modes offer the highest networking performance for containers because they use the EC2 network stack instead of the virtualized network stack provided by the bridge mode.

With the host and awsvpc network modes, exposed container ports are mapped directly to the corresponding host port (for the host network mode) or the attached elastic network interface port (for the awsvpc network mode), so you cannot take advantage of dynamic host port mappings.

When using the host network mode, you should not run containers using the root user (UID 0). It is considered best practice to use a non-root user.

If the network mode is awsvpc , the task is allocated an elastic network interface, and you must specify a NetworkConfiguration value when you create a service or run a task with the task definition. For more information, see Task Networking in the Amazon Elastic Container Service Developer Guide .

If the network mode is host , you cannot run multiple instantiations of the same task on a single container instance when port mappings are used.

For more information, see Network settings in the Docker run reference .

Allowed values : bridge | host | awsvpc | none

The process namespace to use for the containers in the task. The valid values are host or task . On Fargate for Linux containers, the only valid value is task . For example, monitoring sidecars might need pidMode to access information about other containers running in the same task.

If host is specified, all containers within the tasks that specified the host PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance.

If task is specified, all containers within the specified task share the same process namespace.

If no value is specified, the default is a private namespace for each container. For more information, see PID settings in the Docker run reference .

If the host PID mode is used, there's a heightened risk of undesired process namespace exposure. For more information, see Docker security .

This parameter is not supported for Windows containers.

This parameter is only supported for tasks that are hosted on AWS Fargate if the tasks are using platform version 1.4.0 or later (Linux). This isn't supported for Windows containers on Fargate.

Allowed values : host | task

An array of placement constraint objects to use for tasks.

This parameter isn't supported for tasks run on AWS Fargate.

Type : Array of TaskDefinitionPlacementConstraint

The configuration details for the App Mesh proxy.

Your Amazon ECS container instances require at least version 1.26.0 of the container agent and at least version 1.26.0-1 of the ecs-init package to use a proxy configuration. If your container instances are launched from the Amazon ECS optimized AMI version 20190301 or later, they contain the required versions of the container agent and ecs-init . For more information, see Amazon ECS-optimized Linux AMI in the Amazon Elastic Container Service Developer Guide .

Type : ProxyConfiguration

The task launch types the task definition was validated against. The valid values are EC2 , FARGATE , and EXTERNAL . For more information, see Amazon ECS launch types in the Amazon Elastic Container Service Developer Guide .

Type : Array of String

The operating system that your tasks definitions run on. A platform family is specified only for tasks using the Fargate launch type.

When you specify a task definition in a service, this value must match the runtimePlatform value of the service.

Type : RuntimePlatform

The metadata that you apply to the task definition to help you categorize and organize them. Each tag consists of a key and an optional value. You define both of them.

The following basic restrictions apply to tags:

Maximum number of tags per resource - 50

For each resource, each tag key must be unique, and each tag key can have only one value.

Maximum key length - 128 Unicode characters in UTF-8

Maximum value length - 256 Unicode characters in UTF-8

If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.

Tag keys and values are case-sensitive.

Do not use aws: , AWS: , or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.

Type : Array of Tag

Minimum : 0

Maximum : 50

Update requires : No interruption

The short name or full Amazon Resource Name (ARN) of the AWS Identity and Access Management role that grants containers in the task permission to call AWS APIs on your behalf. For more information, see Amazon ECS Task Role in the Amazon Elastic Container Service Developer Guide .

IAM roles for tasks on Windows require that the -EnableTaskIAMRole option is set when you launch the Amazon ECS-optimized Windows AMI. Your containers must also run some configuration code to use the feature. For more information, see Windows IAM roles for tasks in the Amazon Elastic Container Service Developer Guide .

The list of data volume definitions for the task. For more information, see Using data volumes in tasks in the Amazon Elastic Container Service Developer Guide .

The host and sourcePath parameters aren't supported for tasks run on AWS Fargate.

Type : Array of Volume

Return values

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the Amazon Resource Name (ARN).

In the following example, the Ref function returns the ARN of the MyTaskDefinition task definition, such as arn:aws:ecs:us-west-2:123456789012:task-definition/TaskDefinitionFamily:1 .

{ "Ref": "MyTaskDefinition" }

For more information about using the Ref function, see Ref .

The ARN of the task definition.

Create an Amazon ECS task definition

The following example defines an Amazon ECS task definition, which includes two container definitions and one volume definition.

The following example defines an Amazon ECS task definition that specifies EC2 as required compatibilities.

The following is an example task definition using the Linux containers on Fargate launch type that sets up a web server:

Warning

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Thanks for letting us know we're doing a good job!

If you've got a moment, please tell us what we did right so we can do more of it.

Thanks for letting us know this page needs work. We're sorry we let you down.

If you've got a moment, please tell us how we can make the documentation better.

IMAGES

  1. Introduction of ECS

    what is task definition ecs

  2. Create an Amazon ECS task definition and mount a file system on EC2

    what is task definition ecs

  3. Creating a Fargate ECS Task in AWS using Terraform

    what is task definition ecs

  4. AWS ECS Part-1

    what is task definition ecs

  5. Creating a Cost-Efficient Amazon ECS Cluster for Scheduled Tasks

    what is task definition ecs

  6. Deploying an AWS ECS task using containers from ECR

    what is task definition ecs

VIDEO

  1. EC Packages

  2. Workflow and task definition in Oracle Apex

  3. BHT3103: MANAGEMENT INFORMATION SYSTEM

  4. Create Task Definition || Workflow and Automations|| Oracle APEX

  5. ECS Components

  6. 1 ECS Data Management How ECS Stores Data in a VDC

COMMENTS

  1. Amazon ECS task definitions

    Developer Guide Amazon ECS task definitions PDF RSS A task definition is a blueprint for your application. It is a text file in JSON format that describes the parameters and one or more containers that form your application. The following are some of the parameters that you can specify in a task definition:

  2. What is the difference between a task and a service in AWS ECS?

    A Task Definition is a collection of 1 or more container configurations. Some Tasks may need only one container, while other Tasks may need 2 or more potentially linked containers running concurrently.

  3. Task Definitions :: Amazon ECS Workshop

    The task definition is a text file, in JSON format, that describes one or more containers, up to a maximum of ten, that form your application. It can be thought of as a blueprint for your application. Task definitions specify various parameters for your application.

  4. ECS Task Definitions 101: Key Components and How to Optimize ...

    · May 7, 2023 -- Photo by Ian Taylor on Unsplash In this article, we will take a closer look at ECS task definitions, explain its key components, and how to create one. Additionally, it...

  5. A beginner's guide to Amazon's Elastic Container Service

    Amazon Elastic Container Service (ECS) is, according to Amazon, …a highly scalable, fast, container management service that makes it easy to run, stop, and manage Docker containers on a cluster. It is comparable to Kubernetes, Docker Swarm, and Azure Container Service.

  6. AWS ECS: Deploying Containers using Task and Service Definitions

    An ECS Task Definition defines the requirements for your Docker container. It defines the image to be used, CPU, and memory requirements e.t.c. An ECS service definition defines how the application/service will be run. It defines the launch type, the cluster where the service will be run, the target group to use for the ALB, the task definition ...

  7. Writing Task Definitions for Amazon ECS

    Writing Task Definitions for Amazon ECS Amazon Web Services 727K subscribers Subscribe Subscribed Share 45K views 6 years ago Containers on AWS Learn more about defining Tasks in the AWS...

  8. TaskDefinition

    Task. The details of a task definition which describes the container and volume definitions of an Amazon Elastic Container Service task. You can specify which Docker images to use, the required resources, and other configurations related to launching the task definition through an Amazon ECS service or task.

  9. Tasks and Scheduling :: Amazon ECS Workshop

    A task is the instantiation of a task definition within a cluster. After you have created a task definition for your application within Amazon ECS, you can specify the number of tasks that will run on your cluster. Each task that uses the Fargate launch type has its own isolation boundary and does not share the underlying kernel, CPU resources ...

  10. ECS: Tasks vs Services

    ECS is an AWS container management service for running containerized apps on a cluster. There are two important concepts to understand in AWS ECS, which are Tasks and Services that we will compare in this article. Let's start off where tasks and services are alike and then move on to differences.

  11. AWS Amazon ECS Task Definition

    The AWS::ECS::TaskDefinition resource describes the container and volume definitions of an Amazon Elastic Container Service ( Amazon ECS) task. You can specify which Docker images to use, the required resources, and other configurations related to launching the task definition through an Amazon ECS service or task.

  12. Gentle Introduction to How AWS ECS Works with Example Tutorial

    Task Definition — This a blueprint that describes how a docker container should launch. If you are already familiar with AWS, it is like a LaunchConfig except instead it is for a docker...

  13. Amazon ECS console now has enhanced support for task definition workflows

    Posted On: Jul 27, 2023. Today, Amazon Elastic Container Service (Amazon ECS) improved the console experience for task definitions workflows. Customers can now use a single page layout to create new and revised task definitions, and also to configure functionality such as container log routing, firelens, container health checks, and more ...

  14. Creating Task Definitions For ECS Deployment

    An ECS task definition is a blueprint or configuration file that describes how to run a containerized application within Amazon Elastic Container Service (ECS). It defines various parameters such as the Docker image to use, the resources allocated to the task, networking settings, environment variables, and other container-specific configurations.

  15. ECS task definitions must have secure networking modes and ...

    A task definition describes how Docker containers should be launched in Amazon ECS. The task definition describes the Docker image and configuration parameters, such as exposed ports, CPU and memory shares, logging, and environmental variables. If a task definition has unexpectedly elevated privileges, it can increase opportunities for ...

  16. Resource: aws_ecs_task_definition

    task_role_arn - (Optional) The ARN of IAM role that allows your Amazon ECS container task to make calls to other AWS services.; execution_role_arn - (Optional) The Amazon Resource Name (ARN) of the task execution role that the Amazon ECS container agent and the Docker daemon can assume.; network_mode - (Optional) The Docker networking mode to use for the containers in the task.

  17. amazon web services

    I have the following definition. I want to be able to pass the current iteration number of the map to my ecs task like this python src.py --my_argument <index>. I used "$$.Map.Item.Index" but it doesn't work. I just runs it literally like this: python src.py --my_argument $$.Map.Item.Index

  18. Creating a task definition using the console

    When you create a task definition, the Amazon ECS console automatically creates a CloudFormation stack that has a name that begins with ECS-Console-V2-TaskDefinition-. If you used the AWS CLI or an AWS SDK to deregister the task definition, then you must manually delete the task definition stack.

  19. What is SAP ECS?

    You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in. Comment

  20. AWS::ECS::TaskDefinition

    For more information about task definition parameters and defaults, see Amazon ECS Task Definitions in the Amazon Elastic Container Service Developer Guide. You can specify a role for your task with the taskRoleArn parameter.