How To Create ECS Task Definition Using AWS CLI

How To Create ECS Task Definition Using AWS CLI

How To Create ECS Task Definition Using AWS CLI

How To Create An ECS Task Definition Using AWS CLI

Hello Everyone

Welcome to CloudAffaire and this is Debjeet.

In the last AWS blog post, we have discussed the ECS Cluster and created our 1st ECS Cluster using AWS CLI.

https://cloudaffaire.com/how-to-create-an-ecs-cluster-using-aws-cli/

In this blog post, we will discuss Task Definition in ECS. We will also create an ECS Task Definition using AWS CLI.

What is Task Definition in ECS?

A task definition is required to run Docker containers in Amazon ECS. You can define multiple containers in a task definition. The parameters that you use depend on the launch type you choose for the task. Not all parameters are valid for a specific case. Your entire application stack does not need to exist on a single task definition and in most cases it should not. Your application can span multiple task definitions by combining related containers into their own task definitions each representing a single component.

Task Definition Parameters:

Task definitions are split into separate parts: the task family the IAM task role the network mode container definitions volumes task placement constraints and launch types. The family and container definitions are required in a task definition while task role network mode volumes task placement constraints and launch type are optional. Below is the list of all available ECS task definition parameters:

  1. family: Name of your task definition specified with a revision number that starts with 1
  2. taskRoleArn: Allows the containers in the task permission to call the AWS APIs
  3. executionRoleArn: Allows the containers in the task to pull container images and publish container logs to CloudWatch
  4. networkMode: Docker networking mode to use for the containers in the task Valid Values: none | bridge | awsvpc | host
  5. containerDefinitions: A list of container definitions that are passed to the Docker daemon on a container instance
  6. name: The name of a container
  7. image: The image used to start a container
  8. repositoryCredentials: The repository credentials for private registry authentication
    1. credentialsParameter: The ARN of the secret containing the private repository credentials
  9. cpu: CPU allocated to the container
  10. memory: The amount (in MiB) of memory to present to the container
  11. memoryReservation: The soft limit (in MiB) of memory to reserve for the container
  12. links: Allows containers to communicate with each other without the need for port mappings
  13. portMappings: Allow containers to access ports on the host container instance to send or receive traffic
    1. containerPort: The port number on the container that is bound to the userspecified or automatically assigned host port
    2. hostPort: The port number on the container instance to reserve for your container
    3. protocol: The protocol used for the port mapping. Valid values are tcp and udp
  14. essential: When true, all the container part of the task will be stopped if this container fails or stop
  15. entryPoint: Allows you to configure a container that will run as an executable
  16. command: The command that is passed to the container
  17. environment: The environment variables to pass to a container
    1. name: The name of the environment variable
    2. value: The value of the environment variable
  18. mountPoints: The mount points for data volumes in your container
    1. sourceVolume: The name of the volume to mount
    2. containerPath: The path on the container to mount the volume at
    3. readOnly: When true the container has readonly access to the volume
  19. volumesFrom: Data volumes to mount from another container
    1. sourceContainer: The name of the container to mount volumes from
    2. readOnly: When true the container has readonly access to the volume
  20. linuxParameters: Linuxspecific options that are applied to the container such as KernelCapabilities
    1. capabilities: The Linux capabilities for the container that are added to or dropped from the default configuration provided by Docker
      1. add: The Linux capabilities for the container to add to the default configuration provided by Docker
      2. drop: The Linux capabilities for the container to remove from the default configuration provided by Docker
    2. devices: Any host devices to expose to the container
      1. hostPath: The path for the device on the host container instance
      2. containerPath: The path inside the container at which to expose the host device
      3. permissions: The explicit permissions to provide to the container for the device Valid Values: read | write | mknod
    3. initProcessEnabled: if true Run an init process inside the container that forwards signals and reaps processes
    4. sharedMemorySize: The value for the size (in MiB) of the /dev/shm volume
    5. tmpfs: The container path mount options and size (in MiB) of the tmpfs mount
      1. containerPath: The absolute file path where the tmpfs volume is to be mounted
      2. size: The size (in MiB) of the tmpfs volume
      3. mountOptions: The list of tmpfs volume mount options
    6. maxSwap: The total amount of swap memory (in MiB) a container can use
    7. swappiness: This allows you to tune a container’s memory swappiness behavior Valid Range: 0 to 100
  21. secrets: An object representing the secret to expose to your container
    1. name: The value to set as the environment variable on the containe
    2. valueFrom: The secret to expose to the container Valid Values: ARN of AWS Secrets Manager or Systems Manager Parameter Store
  22. dependsOn: The dependencies defined for container startup and shutdown
    1. containerName: The container name that must meet the specified condition
    2. condition: The dependency condition of the container Valid Values: START | COMPLETE | SUCCESS | HEALTHY
  23. startTimeout: Time duration (in seconds) to wait before giving up on resolving dependencies for a container
  24. stopTimeout: Time duration (in seconds) to wait before the container is forcefully killed if it doesn’t exit normally on its own
  25. hostname: The hostname to use for your container
  26. user: The user name to use inside the container
  27. workingDirectory: The working directory in which to run commands inside the container
  28. disableNetworking: When true networking is disabled within the container
  29. privileged: When true the container is given elevated privileges on the host container instance (similar to the root user)
  30. readonlyRootFilesystem: When true the container is given readonly access to its root file system
  31. dnsServers: A list of DNS servers that are presented to the container
  32. dnsSearchDomains: A list of DNS search domains that are presented to the container
  33. extraHosts: A list of hostnames and IP address mappings to append to the /etc/hosts file on the containe
    1. hostname: The hostname to use in the /etc/hosts entry
    2. ipAddress: The IP address to use in the /etc/hosts entry
  34. dockerSecurityOptions: A list of strings to provide custom labels for SELinux and AppArmor multilevel security systems not valid for Fargate launch type
  35. interactive: When true allows you to deploy containerized applications that require stdin or a tty to be allocated
  36. pseudoTerminal: When true a TTY is allocated
  37. dockerLabels: A key/value map of labels to add to the container
    1. KeyName: KeyValue
  38. ulimits: A list of ulimits to set in the container
    1. name: The type of the ulimit Valid Values: core | cpu | data | fsize | locks etc.
    2. softLimit: The soft limit for the ulimit type
    3. hardLimit: The hard limit for the ulimit type
  39. logConfiguration: The log configuration specification for the container
    1. logDriver: The log driver to use for the container Valid Values: awslogs | journald | splunk | syslog etc.
    2. options: The configuration options to send to the log driver
      1. KeyName: KeyValue
    3. secretOptions: An object representing the secret to pass to the log configuration
      1. name: The value to set as the environment variable on the container
      2. valueFrom: The secret to expose to the log configuration of the container
  40. healthCheck: The health check command and associated configuration parameters for the container
    1. command: A string array representing the command that the container runs to determine if it is healthy
    2. interval: The time period in seconds between each health check execution
    3. timeout: The time period in seconds to wait for a health check to succeed before it is considered a failure
    4. retries: The number of times to retry a failed health check before the container is considered unhealthy
    5. startPeriod: Grace period within which to provide containers time to bootstrap before failed health checks count towards the maximum number of retries
  41. systemControls: A list of namespaced kernel parameters to set in the container
    1. namespace: The namespaced kernel parameter to set a value for
    2. value: The value for the namespaced kernel parameter specifed in namespace
  42. resourceRequirements: The type and amount of a resource to assign to a container
    1. value: The value for the specified resource type
    2. type: The type of resource to assign to a container. The supported values are GPU or InferenceAccelerator
  43. firelensConfiguration: The FireLens configuration for the container
    1. type: The log router to use. The valid values are fluentd or fluentbit
    2. options: The options to use when configuring the log router
      1. KeyName: KeyValue
  44. volumes: A list of volumes to be passed to the Docker daemon on a container instance
    1. name: The name of the volume
    2. host: This parameter is specified when using bind mounts
      1. sourcePath: To declare the path on the host container instance that is presented to the container
    3. dockerVolumeConfiguration: This parameter is specified when using Docker volumes. Docker volumes are only supported when using the EC2 launch type
      1. scope: The scope for the Docker volume which determines its lifecycle Valid Values: task | shared
      2. autoprovision: When true the Docker volume is created if it does not already exist
      3. driver: The Docker volume driver to use
      4. driverOpts: A map of Docker driver specific options to pass through
        1. KeyName: KeyValue
      5. labels: Custom metadata to add to your Docker volume
        1. KeyName: KeyValue
  45. placementConstraints: An object representing a constraint on task placement
    1. type: The type of constraint Valid Values: distinctInstance | memberOf
    2. expression: A cluster query language expression to apply to the constraint
  46. requiresCompatibilities: The launch type the task is using Valid Values: EC2 | FARGATE
  47. cpu: The hard limit of CPU units to present for the task
  48. memory: The hard limit of memory (in MiB) to present to the task
  49. tags: The metadata that you apply to a resource to help you categorize and organize them
    1. key: One part of a keyvalue pair that make up a tag
    2. value: The optional part of a keyvalue pair that make up a tag
  50. pidMode: The process namespace to use for the containers in the task Valid Values: host | task
  51. ipcMode: The IPC resource namespace to use for the containers in the task Valid Values: host | task | none
  52. proxyConfiguration: The configuration details for the App Mesh proxy
    1. type: The proxy type. The only supported value is APPMESH
    2. containerName: The name of the container that will serve as the App Mesh proxy
    3. properties: The set of network configuration parameters to provide the Container Network Interface (CNI) plugin specified as keyvalue pairs
      1. name: The name of the key-value pair
      2. value: The value of the key-value pair

How To Create ECS Task Definition Using AWS CLI:

Hope you have enjoyed this article, In the next blog post, we will create an ECS cluster with EC2 launch type.

All the public cloud providers are changing the console user interface rapidly and due to this some of the screenshots used in our previous AWS blogs are no longer relevant. Hence, we have decided that from now onwards most of the demo will be done programmatically. Let us know your feedback on this in the comment section.

To get more details on AWS ECS, please refer below AWS documentation

https://docs.aws.amazon.com/ecs/index.html

 

Tags: , , , , ,

Leave a Reply

Close Menu