ContainerDefinition

class aws_cdk.aws_ecs.ContainerDefinition(scope, id, *, task_definition, image, command=None, cpu=None, disable_networking=None, dns_search_domains=None, dns_servers=None, docker_labels=None, docker_security_options=None, entry_point=None, environment=None, essential=None, extra_hosts=None, gpu_count=None, health_check=None, hostname=None, linux_parameters=None, logging=None, memory_limit_mib=None, memory_reservation_mib=None, privileged=None, readonly_root_filesystem=None, secrets=None, start_timeout=None, stop_timeout=None, user=None, working_directory=None)

Bases: aws_cdk.core.Construct

A container definition is used in a task definition to describe the containers that are launched as part of a task.

__init__(scope, id, *, task_definition, image, command=None, cpu=None, disable_networking=None, dns_search_domains=None, dns_servers=None, docker_labels=None, docker_security_options=None, entry_point=None, environment=None, essential=None, extra_hosts=None, gpu_count=None, health_check=None, hostname=None, linux_parameters=None, logging=None, memory_limit_mib=None, memory_reservation_mib=None, privileged=None, readonly_root_filesystem=None, secrets=None, start_timeout=None, stop_timeout=None, user=None, working_directory=None)

Constructs a new instance of the ContainerDefinition class.

Parameters
  • scope (Construct) –

  • id (str) –

  • props

  • task_definition (TaskDefinition) – The name of the task definition that includes this container definition. [disable-awslint:ref-via-interface]

  • image (ContainerImage) – The image used to start a container. This string is passed directly to the Docker daemon. Images in the Docker Hub registry are available by default. Other repositories are specified with either repository-url/image:tag or repository-url/image@digest. TODO: Update these to specify using classes of IContainerImage

  • command (Optional[List[str]]) – The command that is passed to the container. If you provide a shell command as a single string, you have to quote command-line arguments. Default: - CMD value built into container image.

  • cpu (Union[int, float, None]) – The minimum number of CPU units to reserve for the container. Default: - No minimum CPU units reserved.

  • disable_networking (Optional[bool]) – Specifies whether networking is disabled within the container. When this parameter is true, networking is disabled within the container. Default: false

  • dns_search_domains (Optional[List[str]]) – A list of DNS search domains that are presented to the container. Default: - No search domains.

  • dns_servers (Optional[List[str]]) – A list of DNS servers that are presented to the container. Default: - Default DNS servers.

  • docker_labels (Optional[Mapping[str, str]]) – A key/value map of labels to add to the container. Default: - No labels.

  • docker_security_options (Optional[List[str]]) – A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems. Default: - No security labels.

  • entry_point (Optional[List[str]]) – The ENTRYPOINT value to pass to the container. Default: - Entry point configured in container.

  • environment (Optional[Mapping[str, str]]) – The environment variables to pass to the container. Default: - No environment variables.

  • essential (Optional[bool]) – Specifies whether the container is marked essential. If the essential parameter of a container is marked as true, and that container fails or stops for any reason, all other containers that are part of the task are stopped. If the essential parameter of a container is marked as false, then its failure does not affect the rest of the containers in a task. All tasks must have at least one essential container. If this parameter is omitted, a container is assumed to be essential. Default: true

  • extra_hosts (Optional[Mapping[str, str]]) – A list of hostnames and IP address mappings to append to the /etc/hosts file on the container. Default: - No extra hosts.

  • gpu_count (Union[int, float, None]) – The number of GPUs assigned to the container. Default: - No GPUs assigned.

  • health_check (Optional[HealthCheck]) – The health check command and associated configuration parameters for the container. Default: - Health check configuration from container.

  • hostname (Optional[str]) – The hostname to use for your container. Default: - Automatic hostname.

  • linux_parameters (Optional[LinuxParameters]) – Linux-specific modifications that are applied to the container, such as Linux kernel capabilities. For more information see KernelCapabilities. Default: - No Linux paramters.

  • logging (Optional[LogDriver]) – The log configuration specification for the container. Default: - Containers use the same logging driver that the Docker daemon uses.

  • memory_limit_mib (Union[int, float, None]) – The amount (in MiB) of memory to present to the container. If your container attempts to exceed the allocated memory, the container is terminated. At least one of memoryLimitMiB and memoryReservationMiB is required for non-Fargate services. Default: - No memory limit.

  • memory_reservation_mib (Union[int, float, None]) – The soft limit (in MiB) of memory to reserve for the container. When system memory is under heavy contention, Docker attempts to keep the container memory to this soft limit. However, your container can consume more memory when it needs to, up to either the hard limit specified with the memory parameter (if applicable), or all of the available memory on the container instance, whichever comes first. At least one of memoryLimitMiB and memoryReservationMiB is required for non-Fargate services. Default: - No memory reserved.

  • privileged (Optional[bool]) – Specifies whether the container is marked as privileged. When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user). Default: false

  • readonly_root_filesystem (Optional[bool]) – When this parameter is true, the container is given read-only access to its root file system. Default: false

  • secrets (Optional[Mapping[str, Secret]]) – The secret environment variables to pass to the container. Default: - No secret environment variables.

  • start_timeout (Optional[Duration]) – Time duration (in seconds) to wait before giving up on resolving dependencies for a container. Default: - none

  • stop_timeout (Optional[Duration]) – Time duration (in seconds) to wait before the container is forcefully killed if it doesn’t exit normally on its own. Default: - none

  • user (Optional[str]) – The user name to use inside the container. Default: root

  • working_directory (Optional[str]) – The working directory in which to run commands inside the container. Default: /

Return type

None

Methods

add_container_dependencies(*container_dependencies)

This method adds one or more container dependencies to the container.

Parameters

container_dependencies (ContainerDependency) –

Return type

None

This method adds a link which allows containers to communicate with each other without the need for port mappings.

This parameter is only supported if the task definition is using the bridge network mode. Warning: The –link flag is a legacy feature of Docker. It may eventually be removed.

Parameters
Return type

None

add_mount_points(*mount_points)

This method adds one or more mount points for data volumes to the container.

Parameters

mount_points (MountPoint) –

Return type

None

add_port_mappings(*port_mappings)

This method adds one or more port mappings to the container.

Parameters

port_mappings (PortMapping) –

Return type

None

add_scratch(*, container_path, name, read_only, source_path)

This method mounts temporary disk space to the container.

This adds the correct container mountPoint and task definition volume.

Parameters
  • scratch

  • container_path (str) – The path on the container to mount the scratch volume at.

  • name (str) – The name of the scratch volume to mount. Must be a volume name referenced in the name parameter of task definition volume.

  • read_only (bool) – Specifies whether to give the container read-only access to the scratch volume. If this value is true, the container has read-only access to the scratch volume. If this value is false, then the container can write to the scratch volume.

  • source_path (str) –

Return type

None

add_to_execution_policy(statement)

This method adds the specified statement to the IAM task execution policy in the task definition.

Parameters

statement (PolicyStatement) –

Return type

None

add_ulimits(*ulimits)

This method adds one or more ulimits to the container.

Parameters

ulimits (Ulimit) –

Return type

None

add_volumes_from(*volumes_from)

This method adds one or more volumes to the container.

Parameters

volumes_from (VolumeFrom) –

Return type

None

render_container_definition(task_definition=None)

Render this container definition to a CloudFormation object.

Parameters

task_definition (Optional[TaskDefinition]) – [disable-awslint:ref-via-interface] (made optional to avoid breaking change).

Return type

ContainerDefinitionProperty

to_string()

Returns a string representation of this construct.

Return type

str

Attributes

container_dependencies

An array dependencies defined for container startup and shutdown.

Return type

List[ContainerDependency]

container_name

The name of this container.

Return type

str

container_port

The port the container will listen on.

Return type

Union[int, float]

essential

Specifies whether the container will be marked essential.

If the essential parameter of a container is marked as true, and that container fails or stops for any reason, all other containers that are part of the task are stopped. If the essential parameter of a container is marked as false, then its failure does not affect the rest of the containers in a task.

If this parameter isomitted, a container is assumed to be essential.

Return type

bool

ingress_port

The inbound rules associated with the security group the task or service will use.

This property is only used for tasks that use the awsvpc network mode.

Return type

Union[int, float]

linux_parameters

The Linux-specific modifications that are applied to the container, such as Linux kernel capabilities.

Return type

Optional[LinuxParameters]

memory_limit_specified

Whether there was at least one memory limit specified in this definition.

Return type

bool

mount_points

The mount points for data volumes in your container.

Return type

List[MountPoint]

node

Construct tree node which offers APIs for interacting with the construct tree.

Return type

ConstructNode

port_mappings

The list of port mappings for the container.

Port mappings allow containers to access ports on the host container instance to send or receive traffic.

Return type

List[PortMapping]

task_definition

The name of the task definition that includes this container definition.

Return type

TaskDefinition

ulimits

An array of ulimits to set in the container.

Return type

List[Ulimit]

volumes_from

The data volumes to mount from another container in the same task definition.

Return type

List[VolumeFrom]

Static Methods

classmethod is_construct(x)

Return whether the given object is a Construct.

Parameters

x (Any) –

Return type

bool