AWS::ECS::Service
The AWS::ECS::Service resource creates an Amazon Elastic Container
Service (Amazon ECS) service that runs and maintains the requested number of tasks
and
associated load balancers.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::ECS::Service", "Properties" : { "CapacityProviderStrategy" :[ CapacityProviderStrategyItem, ... ], "Cluster" :String, "DeploymentConfiguration" :DeploymentConfiguration, "DeploymentController" :DeploymentController, "DesiredCount" :Integer, "EnableECSManagedTags" :Boolean, "EnableExecuteCommand" :Boolean, "HealthCheckGracePeriodSeconds" :Integer, "LaunchType" :String, "LoadBalancers" :[ LoadBalancer, ... ], "NetworkConfiguration" :NetworkConfiguration, "PlacementConstraints" :[ PlacementConstraint, ... ], "PlacementStrategies" :[ PlacementStrategy, ... ], "PlatformVersion" :String, "PropagateTags" :String, "Role" :String, "SchedulingStrategy" :String, "ServiceName" :String, "ServiceRegistries" :[ ServiceRegistry, ... ], "Tags" :[ Tag, ... ], "TaskDefinition" :String} }
YAML
Type: AWS::ECS::Service Properties: CapacityProviderStrategy:- CapacityProviderStrategyItemCluster:StringDeploymentConfiguration:DeploymentConfigurationDeploymentController:DeploymentControllerDesiredCount:IntegerEnableECSManagedTags:BooleanEnableExecuteCommand:BooleanHealthCheckGracePeriodSeconds:IntegerLaunchType:StringLoadBalancers:- LoadBalancerNetworkConfiguration:NetworkConfigurationPlacementConstraints:- PlacementConstraintPlacementStrategies:- PlacementStrategyPlatformVersion:StringPropagateTags:StringRole:StringSchedulingStrategy:StringServiceName:StringServiceRegistries:- ServiceRegistryTags:- TagTaskDefinition:String
Properties
CapacityProviderStrategy-
The capacity provider strategy to use for the service.
A capacity provider strategy consists of one or more capacity providers along with the
baseandweightto assign to them. A capacity provider must be associated with the cluster to be used in a capacity provider strategy. The PutClusterCapacityProviders API is used to associate a capacity provider with a cluster. Only capacity providers with anACTIVEorUPDATINGstatus can be used.If a
capacityProviderStrategyis specified, thelaunchTypeparameter must be omitted. If nocapacityProviderStrategyorlaunchTypeis specified, thedefaultCapacityProviderStrategyfor the cluster is used.If specifying a capacity provider that uses an Auto Scaling group, the capacity provider must already be created. New capacity providers can be created with the CreateCapacityProvider API operation.
To use a AWS Fargate capacity provider, specify either the
FARGATEorFARGATE_SPOTcapacity providers. The AWS Fargate capacity providers are available to all accounts and only need to be associated with a cluster to be used.The PutClusterCapacityProviders API operation is used to update the list of available capacity providers for a cluster after the cluster is created.
Required: No
Type: List of CapacityProviderStrategyItem
Update requires: No interruption
Cluster-
The short name or full Amazon Resource Name (ARN) of the cluster on which to run your service. If you do not specify a cluster, the default cluster is assumed.
Required: No
Type: String
Update requires: Replacement
DeploymentConfiguration-
Optional deployment parameters that control how many tasks run during the deployment and the ordering of stopping and starting tasks.
Required: No
Type: DeploymentConfiguration
Update requires: No interruption
DeploymentController-
The deployment controller to use for the service. If no deployment controller is specified, the default value of
ECSis used.Required: No
Type: DeploymentController
Update requires: Replacement
DesiredCount-
The number of instantiations of the specified task definition to place and keep running on your cluster.
If a desired count is not specified, a default value of
1is used. When using theDAEMONscheduling strategy, the desired count is not required.Required: Conditional
Type: Integer
Update requires: No interruption
EnableECSManagedTags-
Specifies whether to enable Amazon ECS managed tags for the tasks within the service. For more information, see Tagging Your Amazon ECS Resources in the Amazon Elastic Container Service Developer Guide.
Required: No
Type: Boolean
Update requires: Replacement
EnableExecuteCommand-
Whether or not the execute command functionality is enabled for the service. If
true, the execute command functionality is enabled for all containers in tasks as part of the service.Required: No
Type: Boolean
Update requires: No interruption
HealthCheckGracePeriodSeconds-
The period of time, in seconds, that the Amazon ECS service scheduler should ignore unhealthy Elastic Load Balancing target health checks after a task has first started. This is only used when your service is configured to use a load balancer. If your service has a load balancer defined and you don't specify a health check grace period value, the default value of
0is used.If your service's tasks take a while to start and respond to Elastic Load Balancing health checks, you can specify a health check grace period of up to 2,147,483,647 seconds. During that time, the Amazon ECS service scheduler ignores health check status. This grace period can prevent the service scheduler from marking tasks as unhealthy and stopping them before they have time to come up.
Required: No
Type: Integer
Update requires: No interruption
LaunchType-
The launch type on which to run your service. For more information, see Amazon ECS Launch Types in the Amazon Elastic Container Service Developer Guide.
Required: No
Type: String
Allowed values:
EC2 | EXTERNAL | FARGATEUpdate requires: Replacement
LoadBalancers-
A list of load balancer objects to associate with the service. If you specify the
Roleproperty,LoadBalancersmust be specified as well. For information about the number of load balancers that you can specify per service, see Service Load Balancing in the Amazon Elastic Container Service Developer Guide.Required: No
Type: List of LoadBalancer
Update requires: Replacement
NetworkConfiguration-
The network configuration for the service. This parameter is required for task definitions that use the
awsvpcnetwork mode to receive their own elastic network interface, and it is not supported for other network modes. For more information, see Task Networking in the Amazon Elastic Container Service Developer Guide.Required: Conditional
Type: NetworkConfiguration
Update requires: No interruption
PlacementConstraints-
An array of placement constraint objects to use for tasks in your service. You can specify a maximum of 10 constraints per task (this limit includes constraints in the task definition and those specified at runtime).
Required: No
Type: List of PlacementConstraint
Update requires: Replacement
PlacementStrategies-
The placement strategy objects to use for tasks in your service. You can specify a maximum of five strategy rules per service. For more information, see Task Placement Strategies in the Amazon Elastic Container Service Developer Guide.
Required: No
Type: List of PlacementStrategy
Update requires: Replacement
PlatformVersion-
The platform version that your tasks in the service are running on. A platform version is specified only for tasks using the Fargate launch type. If one isn't specified, the
LATESTplatform version is used by default. For more information, see AWS Fargate platform versions in the Amazon Elastic Container Service Developer Guide.Required: No
Type: String
Update requires: No interruption
PropagateTags-
Specifies whether to propagate the tags from the task definition or the service to the tasks in the service. If no value is specified, the tags are not propagated. Tags can only be propagated to the tasks within the service during service creation. To add tags to a task after service creation, use the TagResource API action.
Required: No
Type: String
Allowed values:
SERVICE | TASK_DEFINITIONUpdate requires: Replacement
Role-
The name or full Amazon Resource Name (ARN) of the IAM role that allows Amazon ECS to make calls to your load balancer on your behalf. This parameter is only permitted if you are using a load balancer with your service and your task definition does not use the
awsvpcnetwork mode. If you specify theroleparameter, you must also specify a load balancer object with theloadBalancersparameter.Important If your account has already created the Amazon ECS service-linked role, that role is used by default for your service unless you specify a role here. The service-linked role is required if your task definition uses the
awsvpcnetwork mode or if the service is configured to use service discovery, an external deployment controller, multiple target groups, or Elastic Inference accelerators in which case you should not specify a role here. For more information, see Using service-linked roles for Amazon ECS in the Amazon Elastic Container Service Developer Guide.If your specified role has a path other than
/, then you must either specify the full role ARN (this is recommended) or prefix the role name with the path. For example, if a role with the namebarhas a path of/foo/then you would specify/foo/baras the role name. For more information, see Friendly names and paths in the IAM User Guide.Required: No
Type: String
Update requires: Replacement
SchedulingStrategy-
The scheduling strategy to use for the service. For more information, see Services.
There are two service scheduler strategies available:
-
REPLICA-The replica scheduling strategy places and maintains the desired number of tasks across your cluster. By default, the service scheduler spreads tasks across Availability Zones. You can use task placement strategies and constraints to customize task placement decisions. This scheduler strategy is required if the service is using theCODE_DEPLOYorEXTERNALdeployment controller types. -
DAEMON-The daemon scheduling strategy deploys exactly one task on each active container instance that meets all of the task placement constraints that you specify in your cluster. The service scheduler also evaluates the task placement constraints for running tasks and will stop tasks that do not meet the placement constraints. When you're using this strategy, you don't need to specify a desired number of tasks, a task placement strategy, or use Service Auto Scaling policies.Note Tasks using the Fargate launch type or the
CODE_DEPLOYorEXTERNALdeployment controller types don't support theDAEMONscheduling strategy.
Required: No
Type: String
Allowed values:
DAEMON | REPLICAUpdate requires: Replacement
-
ServiceName-
The name of your service. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. Service names must be unique within a cluster, but you can have similarly named services in multiple clusters within a Region or across multiple Regions.
Required: No
Type: String
Update requires: Replacement
ServiceRegistries-
The details of the service discovery registry to associate with this service. For more information, see Service discovery.
Note Each service may be associated with one service registry. Multiple service registries per service isn't supported.
Required: No
Type: List of ServiceRegistry
Update requires: Replacement
Tags-
The metadata that you apply to the service to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. When a service is deleted, the tags are deleted as well.
The following basic restrictions apply to tags:
-
Maximum number of tags per resource - 50
-
For each resource, each tag key must be unique, and each tag key can have only one value.
-
Maximum key length - 128 Unicode characters in UTF-8
-
Maximum value length - 256 Unicode characters in UTF-8
-
If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.
-
Tag keys and values are case-sensitive.
-
Do not use
aws:,AWS:, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.
Required: No
Type: List of Tag
Maximum:
50Update requires: No interruption
-
TaskDefinition-
The
familyandrevision(family:revision) or full ARN of the task definition to run in your service. Therevisionis required in order for the resource to stabilize.A task definition must be specified if the service is using either the
ECSorCODE_DEPLOYdeployment controllers.Required: No
Type: String
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the Amazon Resource Name (ARN).
In the following example, the Ref function returns the ARN of the
MyECSService service, such as
arn:aws:ecs:us-west-2:123456789012:service/sample-webapp.
{ "Ref": "MyECSService" }
For more information about using the Ref function, see Ref.
Fn::GetAtt
The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following
are the available attributes and sample return values.
For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.
Examples
Define a basic service
The following example defines a service with a desired count of 1
that uses a cluster and task definition that are declared elsewhere in the same
template.
JSON
"ECSService": { "Type": "AWS::ECS::Service", "Properties" : { "Cluster": { "Ref": "ECSCluster" }, "DesiredCount": 1, "TaskDefinition" : { "Ref": "ECSTaskDefinition" } } }
YAML
ECSService: Type: AWS::ECS::Service Properties: Cluster: Ref: "ECSCluster" DesiredCount: 1 TaskDefinition: Ref: "ECSTaskDefinition"
Associate an Application Load Balancer with a service
The following example associates an Application Load Balancer with an Amazon
ECS service by referencing an
AWS::ElasticLoadBalancingV2::TargetGroup resource.
The Amazon ECS service requires an explicit dependency on the Application Load Balancer listener rule and the Application Load Balancer listener. This prevents the service from starting before the listener is ready.
JSON
"ECSService" : { "Type": "AWS::ECS::Service", "DependsOn": [ "Listener" ], "Properties": { "Role": { "Ref": "ECSServiceRole" }, "TaskDefinition": { "Ref": "ECSTaskDefinition" }, "DesiredCount": "1", "LoadBalancers": [ { "TargetGroupArn": { "Ref": "TargetGroup" }, "ContainerPort": "80", "ContainerName": "sample-app" } ], "Cluster": { "Ref": "ECSCluster" } } }
YAML
ECSService: Type: AWS::ECS::Service DependsOn: - Listener Properties: Role: Ref: ECSServiceRole TaskDefinition: Ref: ECSTaskDefinition DesiredCount: 1 LoadBalancers: - TargetGroupArn: Ref: TargetGroup ContainerPort: 80 ContainerName: sample-app Cluster: Ref: ECSCluster
Define a service with a health check grace period
The following example defines a service with a parameter that enables users to specify how many seconds that the Amazon ECS service scheduler should ignore unhealthy Elastic Load Balancing target health checks after a task has first started.
JSON
{ "AWSTemplateFormatVersion" : "2010-09-09", "Description" : "Creating ECS service", "Parameters": { "AppName": { "Type":"String", "Description": "Name of app requiring ELB exposure", "Default": "simple-app" }, "AppContainerPort": { "Type":"Number", "Description": "Container port of app requiring ELB exposure", "Default": "80" }, "AppHostPort": { "Type":"Number", "Description": "Host port of app requiring ELB exposure", "Default": "80" }, "ServiceName": { "Type": "String" }, "LoadBalancerName": { "Type": "String" }, "HealthCheckGracePeriodSeconds": { "Type": "String" } }, "Resources": { "ECSCluster": { "Type": "AWS::ECS::Cluster" }, "taskdefinition": { "Type": "AWS::ECS::TaskDefinition", "Properties" : { "ContainerDefinitions" : [ { "Name": {"Ref": "AppName"}, "MountPoints": [ { "SourceVolume": "my-vol", "ContainerPath": "/var/www/my-vol" } ], "Image":"amazon/amazon-ecs-sample", "Cpu": "10", "PortMappings":[ { "ContainerPort": {"Ref":"AppContainerPort"}, "HostPort": {"Ref":"AppHostPort"} } ], "EntryPoint": [ "/usr/sbin/apache2", "-D", "FOREGROUND" ], "Memory":"500", "Essential": "true" }, { "Name": "busybox", "Image": "busybox", "Cpu": "10", "EntryPoint": [ "sh", "-c" ], "Memory": "500", "Command": [ "/bin/sh -c \"while true; do /bin/date > /var/www/my-vol/date; sleep 1; done\"" ], "Essential" : "false", "VolumesFrom": [ { "SourceContainer": {"Ref":"AppName"} } ] } ], "Volumes": [ { "Host": { "SourcePath": "/var/lib/docker/vfs/dir/" }, "Name": "my-vol" } ] } }, "ECSService": { "Type": "AWS::ECS::Service", "Properties" : { "Cluster": {"Ref": "ECSCluster"}, "DeploymentConfiguration": { "MaximumPercent": 200, "MinimumHealthyPercent": 100 }, "DesiredCount": 0, "HealthCheckGracePeriodSeconds": {"Ref": "HealthCheckGracePeriodSeconds"}, "LoadBalancers": [{ "ContainerName": {"Ref" : "AppName"}, "ContainerPort": {"Ref":"AppContainerPort"}, "LoadBalancerName": {"Ref": "elb"} }], "PlacementStrategies": [{ "Type" : "binpack", "Field": "memory" }, { "Type": "spread", "Field": "host" }], "PlacementConstraints": [{ "Type": "memberOf", "Expression": "attribute:ecs.availability-zone != us-east-1d" }, { "Type": "distinctInstance" }], "TaskDefinition" : {"Ref":"taskdefinition"}, "ServiceName": {"Ref": "ServiceName"}, "Role": {"Ref": "Role"} } }, "elb": { "Type": "AWS::ElasticLoadBalancing::LoadBalancer", "Properties": { "LoadBalancerName": {"Ref": "LoadBalancerName"}, "Listeners": [{ "InstancePort": {"Ref": "AppHostPort"}, "LoadBalancerPort": "80", "Protocol": "HTTP" }], "Subnets": [{"Ref":"Subnet1"}] }, "DependsOn": "GatewayAttachment" }, "VPC": { "Type": "AWS::EC2::VPC", "Properties": { "CidrBlock": "10.0.0.0/24" } }, "Subnet1": { "Type": "AWS::EC2::Subnet", "Properties": { "VpcId": { "Ref": "VPC" }, "CidrBlock": "10.0.0.0/25" } }, "InternetGateway": { "Type": "AWS::EC2::InternetGateway" }, "GatewayAttachment": { "Type": "AWS::EC2::VPCGatewayAttachment", "Properties": { "InternetGatewayId": {"Ref": "InternetGateway"}, "VpcId": {"Ref": "VPC"} } }, "Role": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2008-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": "ecs.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }, "ManagedPolicyArns": ["arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole"] } } }, "Outputs" : { "Cluster": { "Value": {"Ref" : "ECSCluster"} } } }
YAML
AWSTemplateFormatVersion: 2010-09-09 Description: Creating ECS service Parameters: AppName: Type: String Description: Name of app requiring ELB exposure Default: simple-app AppContainerPort: Type: Number Description: Container port of app requiring ELB exposure Default: '80' AppHostPort: Type: Number Description: Host port of app requiring ELB exposure Default: '80' ServiceName: Type: String LoadBalancerName: Type: String HealthCheckGracePeriodSeconds: Type: String Resources: cluster: Type: AWS::ECS::Cluster taskdefinition: Type: AWS::ECS::TaskDefinition Properties: ContainerDefinitions: - Name: !Ref AppName MountPoints: - SourceVolume: my-vol ContainerPath: /var/www/my-vol Image: amazon/amazon-ecs-sample Cpu: '10' PortMappings: - ContainerPort: !Ref AppContainerPort HostPort: !Ref AppHostPort EntryPoint: - /usr/sbin/apache2 - '-D' - FOREGROUND Memory: '500' Essential: true - Name: busybox Image: busybox Cpu: '10' EntryPoint: - sh - '-c' Memory: '500' Command: - >- /bin/sh -c "while true; do /bin/date > /var/www/my-vol/date; sleep 1; done" Essential: false VolumesFrom: - SourceContainer: !Ref AppName Volumes: - Host: SourcePath: /var/lib/docker/vfs/dir/ Name: my-vol service: Type: AWS::ECS::Service Properties: Cluster: !Ref cluster DeploymentConfiguration: MaximumPercent: 200 MinimumHealthyPercent: 100 DesiredCount: 0 HealthCheckGracePeriodSeconds: !Ref HealthCheckGracePeriodSeconds LoadBalancers: - ContainerName: !Ref AppName ContainerPort: !Ref AppContainerPort LoadBalancerName: !Ref elb PlacementStrategies: - Type: binpack Field: memory - Type: spread Field: host PlacementConstraints: - Type: memberOf Expression: 'attribute:ecs.availability-zone != us-east-1d' - Type: distinctInstance TaskDefinition: !Ref taskdefinition ServiceName: !Ref ServiceName Role: !Ref Role elb: Type: AWS::ElasticLoadBalancing::LoadBalancer Properties: LoadBalancerName: !Ref LoadBalancerName Listeners: - InstancePort: !Ref AppHostPort LoadBalancerPort: '80' Protocol: HTTP Subnets: - !Ref Subnet1 DependsOn: GatewayAttachment VPC: Type: AWS::EC2::VPC Properties: CidrBlock: 10.0.0.0/24 Subnet1: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC CidrBlock: 10.0.0.0/25 InternetGateway: Type: AWS::EC2::InternetGateway GatewayAttachment: Type: AWS::EC2::VPCGatewayAttachment Properties: InternetGatewayId: !Ref InternetGateway VpcId: !Ref VPC Role: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: 2008-10-17 Statement: - Sid: '' Effect: Allow Principal: Service: ecs.amazonaws.com Action: 'sts:AssumeRole' ManagedPolicyArns: - 'arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole' Outputs: Cluster: Value: !Ref cluster
Define a service with ECS Exec enabled
The following example defines a service with ECS Exec enabled. For more information, see Using ECS Exec for debugging in the Amazon ECS Developer Guide.
JSON
"ECSService": { "Type": "AWS::ECS::Service", "Properties" : { "Cluster": { "Ref": "ECSCluster" }, "DesiredCount": 1, "TaskDefinition" : { "Ref": "ECSTaskDefinition" }, "EnableExecuteCommand": "true" } }
YAML
ECSService: Type: AWS::ECS::Service Properties: Cluster: Ref: "ECSCluster" DesiredCount: 1 TaskDefinition: Ref: "ECSTaskDefinition" EnableExecuteCommand: true
