FargateTaskDefinition
- class aws_cdk.aws_ecs.FargateTaskDefinition(scope, id, *, cpu=None, ephemeral_storage_gib=None, memory_limit_mib=None, pid_mode=None, runtime_platform=None, execution_role=None, family=None, proxy_configuration=None, task_role=None, volumes=None)
Bases:
TaskDefinition
The details of a task definition run on a Fargate cluster.
- Resource:
AWS::ECS::TaskDefinition
- ExampleMetadata:
infused
Example:
# vpc: ec2.Vpc cluster = ecs.Cluster(self, "FargateCPCluster", vpc=vpc, enable_fargate_capacity_providers=True ) task_definition = ecs.FargateTaskDefinition(self, "TaskDef") task_definition.add_container("web", image=ecs.ContainerImage.from_registry("amazon/amazon-ecs-sample") ) ecs.FargateService(self, "FargateService", cluster=cluster, task_definition=task_definition, capacity_provider_strategies=[ecs.CapacityProviderStrategy( capacity_provider="FARGATE_SPOT", weight=2 ), ecs.CapacityProviderStrategy( capacity_provider="FARGATE", weight=1 ) ] )
Constructs a new instance of the FargateTaskDefinition class.
- Parameters:
scope (
Construct
) –id (
str
) –cpu (
Union
[int
,float
,None
]) – The number of cpu units used by the task. For tasks using the Fargate launch type, this field is required and you must use one of the following values, which determines your range of valid values for the memory parameter: 256 (.25 vCPU) - Available memory values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) 512 (.5 vCPU) - Available memory values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) 1024 (1 vCPU) - Available memory values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) 2048 (2 vCPU) - Available memory values: Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) 4096 (4 vCPU) - Available memory values: Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) 8192 (8 vCPU) - Available memory values: Between 16384 (16 GB) and 61440 (60 GB) in increments of 4096 (4 GB) 16384 (16 vCPU) - Available memory values: Between 32768 (32 GB) and 122880 (120 GB) in increments of 8192 (8 GB) Default: 256ephemeral_storage_gib (
Union
[int
,float
,None
]) – The amount (in GiB) of ephemeral storage to be allocated to the task. The maximum supported value is 200 GiB. NOTE: This parameter is only supported for tasks hosted on AWS Fargate using platform version 1.4.0 or later. Default: 20memory_limit_mib (
Union
[int
,float
,None
]) – The amount (in MiB) of memory used by the task. For tasks using the Fargate launch type, this field is required and you must use one of the following values, which determines your range of valid values for the cpu parameter: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - Available cpu values: 256 (.25 vCPU) 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - Available cpu values: 512 (.5 vCPU) 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - Available cpu values: 1024 (1 vCPU) Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - Available cpu values: 2048 (2 vCPU) Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - Available cpu values: 4096 (4 vCPU) Between 16384 (16 GB) and 61440 (60 GB) in increments of 4096 (4 GB) - Available cpu values: 8192 (8 vCPU) Between 32768 (32 GB) and 122880 (120 GB) in increments of 8192 (8 GB) - Available cpu values: 16384 (16 vCPU) Default: 512pid_mode (
Optional
[PidMode
]) – The process namespace to use for the containers in the task. Only supported for tasks that are hosted on AWS Fargate if the tasks are using platform version 1.4.0 or later (Linux). Only the TASK option is supported for Linux-based Fargate containers. Not supported in Windows containers. If pidMode is specified for a Fargate task, then runtimePlatform.operatingSystemFamily must also be specified. For more information, see Task Definition Parameters. Default: - PidMode used by the task is not specifiedruntime_platform (
Union
[RuntimePlatform
,Dict
[str
,Any
],None
]) – The operating system that your task definitions are running on. A runtimePlatform is supported only for tasks using the Fargate launch type. Default: - Undefined.execution_role (
Optional
[IRole
]) – The name of the IAM task execution role that grants the ECS agent permission to call AWS APIs on your behalf. The role will be used to retrieve container images from ECR and create CloudWatch log groups. Default: - An execution role will be automatically created if you use ECR images in your task definition.family (
Optional
[str
]) – The name of a family that this task definition is registered to. A family groups multiple versions of a task definition. Default: - Automatically generated name.proxy_configuration (
Optional
[ProxyConfiguration
]) – The configuration details for the App Mesh proxy. Default: - No proxy configuration.task_role (
Optional
[IRole
]) – The name of the IAM role that grants containers in the task permission to call AWS APIs on your behalf. Default: - A task role is automatically created for you.volumes (
Optional
[Sequence
[Union
[Volume
,Dict
[str
,Any
]]]]) – The list of volume definitions for the task. For more information, see Task Definition Parameter Volumes. Default: - No volumes are passed to the Docker daemon on a container instance.
Methods
- add_container(id, *, image, command=None, container_name=None, cpu=None, credential_specs=None, disable_networking=None, dns_search_domains=None, dns_servers=None, docker_labels=None, docker_security_options=None, enable_restart_policy=None, entry_point=None, environment=None, environment_files=None, essential=None, extra_hosts=None, gpu_count=None, health_check=None, hostname=None, inference_accelerator_resources=None, interactive=None, linux_parameters=None, logging=None, memory_limit_mib=None, memory_reservation_mib=None, port_mappings=None, privileged=None, pseudo_terminal=None, readonly_root_filesystem=None, restart_attempt_period=None, restart_ignored_exit_codes=None, secrets=None, start_timeout=None, stop_timeout=None, system_controls=None, ulimits=None, user=None, working_directory=None)
Adds a new container to the task definition.
- Parameters:
id (
str
) –image (
ContainerImage
) – The image used to start a container. This string is passed directly to the Docker daemon. Images in the Docker Hub registry are available by default. Other repositories are specified with either repository-url/image:tag or repository-url/image@digest. TODO: Update these to specify using classes of IContainerImagecommand (
Optional
[Sequence
[str
]]) – The command that is passed to the container. If you provide a shell command as a single string, you have to quote command-line arguments. Default: - CMD value built into container image.container_name (
Optional
[str
]) – The name of the container. Default: - id of node associated with ContainerDefinition.cpu (
Union
[int
,float
,None
]) – The minimum number of CPU units to reserve for the container. Default: - No minimum CPU units reserved.credential_specs (
Optional
[Sequence
[CredentialSpec
]]) – A list of ARNs in SSM or Amazon S3 to a credential spec (CredSpec
) file that configures the container for Active Directory authentication. We recommend that you use this parameter instead of thedockerSecurityOptions
. Currently, only one credential spec is allowed per container definition. Default: - No credential specs.disable_networking (
Optional
[bool
]) – Specifies whether networking is disabled within the container. When this parameter is true, networking is disabled within the container. Default: falsedns_search_domains (
Optional
[Sequence
[str
]]) – A list of DNS search domains that are presented to the container. Default: - No search domains.dns_servers (
Optional
[Sequence
[str
]]) – A list of DNS servers that are presented to the container. Default: - Default DNS servers.docker_labels (
Optional
[Mapping
[str
,str
]]) – A key/value map of labels to add to the container. Default: - No labels.docker_security_options (
Optional
[Sequence
[str
]]) – A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems. Default: - No security labels.enable_restart_policy (
Optional
[bool
]) – Enable a restart policy for a container. When you set up a restart policy, Amazon ECS can restart the container without needing to replace the task. Default: - false unlessrestartIgnoredExitCodes
orrestartAttemptPeriod
is set.entry_point (
Optional
[Sequence
[str
]]) – The ENTRYPOINT value to pass to the container. Default: - Entry point configured in container.environment (
Optional
[Mapping
[str
,str
]]) – The environment variables to pass to the container. Default: - No environment variables.environment_files (
Optional
[Sequence
[EnvironmentFile
]]) – The environment files to pass to the container. Default: - No environment files.essential (
Optional
[bool
]) – Specifies whether the container is marked essential. If the essential parameter of a container is marked as true, and that container fails or stops for any reason, all other containers that are part of the task are stopped. If the essential parameter of a container is marked as false, then its failure does not affect the rest of the containers in a task. All tasks must have at least one essential container. If this parameter is omitted, a container is assumed to be essential. Default: trueextra_hosts (
Optional
[Mapping
[str
,str
]]) – A list of hostnames and IP address mappings to append to the /etc/hosts file on the container. Default: - No extra hosts.gpu_count (
Union
[int
,float
,None
]) – The number of GPUs assigned to the container. Default: - No GPUs assigned.health_check (
Union
[HealthCheck
,Dict
[str
,Any
],None
]) – The health check command and associated configuration parameters for the container. Default: - Health check configuration from container.hostname (
Optional
[str
]) – The hostname to use for your container. Default: - Automatic hostname.inference_accelerator_resources (
Optional
[Sequence
[str
]]) – The inference accelerators referenced by the container. Default: - No inference accelerators assigned.interactive (
Optional
[bool
]) – When this parameter is true, you can deploy containerized applications that require stdin or a tty to be allocated. Default: - falselinux_parameters (
Optional
[LinuxParameters
]) – Linux-specific modifications that are applied to the container, such as Linux kernel capabilities. For more information see KernelCapabilities. Default: - No Linux parameters.logging (
Optional
[LogDriver
]) – The log configuration specification for the container. Default: - Containers use the same logging driver that the Docker daemon uses.memory_limit_mib (
Union
[int
,float
,None
]) – The amount (in MiB) of memory to present to the container. If your container attempts to exceed the allocated memory, the container is terminated. At least one of memoryLimitMiB and memoryReservationMiB is required for non-Fargate services. Default: - No memory limit.memory_reservation_mib (
Union
[int
,float
,None
]) – The soft limit (in MiB) of memory to reserve for the container. When system memory is under heavy contention, Docker attempts to keep the container memory to this soft limit. However, your container can consume more memory when it needs to, up to either the hard limit specified with the memory parameter (if applicable), or all of the available memory on the container instance, whichever comes first. At least one of memoryLimitMiB and memoryReservationMiB is required for non-Fargate services. Default: - No memory reserved.port_mappings (
Optional
[Sequence
[Union
[PortMapping
,Dict
[str
,Any
]]]]) – The port mappings to add to the container definition. Default: - No ports are mapped.privileged (
Optional
[bool
]) – Specifies whether the container is marked as privileged. When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user). Default: falsepseudo_terminal (
Optional
[bool
]) – When this parameter is true, a TTY is allocated. This parameter maps to Tty in the “Create a container section” of the Docker Remote API and the –tty option todocker run
. Default: - falsereadonly_root_filesystem (
Optional
[bool
]) – When this parameter is true, the container is given read-only access to its root file system. Default: falserestart_attempt_period (
Optional
[Duration
]) – A period of time that the container must run for before a restart can be attempted. A container can be restarted only once everyrestartAttemptPeriod
seconds. If a container isn’t able to run for this time period and exits early, it will not be restarted. This property can’t be used ifenableRestartPolicy
is set to false. You can set a minimumrestartAttemptPeriod
of 60 seconds and a maximumrestartAttemptPeriod
of 1800 seconds. Default: - Duration.seconds(300) ifenableRestartPolicy
is true, otherwise no period.restart_ignored_exit_codes (
Optional
[Sequence
[Union
[int
,float
]]]) – A list of exit codes that Amazon ECS will ignore and not attempt a restart on. This property can’t be used ifenableRestartPolicy
is set to false. You can specify a maximum of 50 container exit codes. Default: - No exit codes are ignored.secrets (
Optional
[Mapping
[str
,Secret
]]) – The secret environment variables to pass to the container. Default: - No secret environment variables.start_timeout (
Optional
[Duration
]) – Time duration (in seconds) to wait before giving up on resolving dependencies for a container. Default: - nonestop_timeout (
Optional
[Duration
]) – Time duration (in seconds) to wait before the container is forcefully killed if it doesn’t exit normally on its own. Default: - nonesystem_controls (
Optional
[Sequence
[Union
[SystemControl
,Dict
[str
,Any
]]]]) – A list of namespaced kernel parameters to set in the container. Default: - No system controls are set.ulimits (
Optional
[Sequence
[Union
[Ulimit
,Dict
[str
,Any
]]]]) – An array of ulimits to set in the container.user (
Optional
[str
]) – The user to use inside the container. This parameter maps to User in the Create a container section of the Docker Remote API and the –user option to docker run. Default: rootworking_directory (
Optional
[str
]) – The working directory in which to run commands inside the container. Default: /
- Return type:
- add_extension(extension)
Adds the specified extension to the task definition.
Extension can be used to apply a packaged modification to a task definition.
- Parameters:
extension (
ITaskDefinitionExtension
) –- Return type:
None
- add_firelens_log_router(id, *, firelens_config, image, command=None, container_name=None, cpu=None, credential_specs=None, disable_networking=None, dns_search_domains=None, dns_servers=None, docker_labels=None, docker_security_options=None, enable_restart_policy=None, entry_point=None, environment=None, environment_files=None, essential=None, extra_hosts=None, gpu_count=None, health_check=None, hostname=None, inference_accelerator_resources=None, interactive=None, linux_parameters=None, logging=None, memory_limit_mib=None, memory_reservation_mib=None, port_mappings=None, privileged=None, pseudo_terminal=None, readonly_root_filesystem=None, restart_attempt_period=None, restart_ignored_exit_codes=None, secrets=None, start_timeout=None, stop_timeout=None, system_controls=None, ulimits=None, user=None, working_directory=None)
Adds a firelens log router to the task definition.
- Parameters:
id (
str
) –firelens_config (
Union
[FirelensConfig
,Dict
[str
,Any
]]) – Firelens configuration.image (
ContainerImage
) – The image used to start a container. This string is passed directly to the Docker daemon. Images in the Docker Hub registry are available by default. Other repositories are specified with either repository-url/image:tag or repository-url/image@digest. TODO: Update these to specify using classes of IContainerImagecommand (
Optional
[Sequence
[str
]]) – The command that is passed to the container. If you provide a shell command as a single string, you have to quote command-line arguments. Default: - CMD value built into container image.container_name (
Optional
[str
]) – The name of the container. Default: - id of node associated with ContainerDefinition.cpu (
Union
[int
,float
,None
]) – The minimum number of CPU units to reserve for the container. Default: - No minimum CPU units reserved.credential_specs (
Optional
[Sequence
[CredentialSpec
]]) – A list of ARNs in SSM or Amazon S3 to a credential spec (CredSpec
) file that configures the container for Active Directory authentication. We recommend that you use this parameter instead of thedockerSecurityOptions
. Currently, only one credential spec is allowed per container definition. Default: - No credential specs.disable_networking (
Optional
[bool
]) – Specifies whether networking is disabled within the container. When this parameter is true, networking is disabled within the container. Default: falsedns_search_domains (
Optional
[Sequence
[str
]]) – A list of DNS search domains that are presented to the container. Default: - No search domains.dns_servers (
Optional
[Sequence
[str
]]) – A list of DNS servers that are presented to the container. Default: - Default DNS servers.docker_labels (
Optional
[Mapping
[str
,str
]]) – A key/value map of labels to add to the container. Default: - No labels.docker_security_options (
Optional
[Sequence
[str
]]) – A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems. Default: - No security labels.enable_restart_policy (
Optional
[bool
]) – Enable a restart policy for a container. When you set up a restart policy, Amazon ECS can restart the container without needing to replace the task. Default: - false unlessrestartIgnoredExitCodes
orrestartAttemptPeriod
is set.entry_point (
Optional
[Sequence
[str
]]) – The ENTRYPOINT value to pass to the container. Default: - Entry point configured in container.environment (
Optional
[Mapping
[str
,str
]]) – The environment variables to pass to the container. Default: - No environment variables.environment_files (
Optional
[Sequence
[EnvironmentFile
]]) – The environment files to pass to the container. Default: - No environment files.essential (
Optional
[bool
]) – Specifies whether the container is marked essential. If the essential parameter of a container is marked as true, and that container fails or stops for any reason, all other containers that are part of the task are stopped. If the essential parameter of a container is marked as false, then its failure does not affect the rest of the containers in a task. All tasks must have at least one essential container. If this parameter is omitted, a container is assumed to be essential. Default: trueextra_hosts (
Optional
[Mapping
[str
,str
]]) – A list of hostnames and IP address mappings to append to the /etc/hosts file on the container. Default: - No extra hosts.gpu_count (
Union
[int
,float
,None
]) – The number of GPUs assigned to the container. Default: - No GPUs assigned.health_check (
Union
[HealthCheck
,Dict
[str
,Any
],None
]) – The health check command and associated configuration parameters for the container. Default: - Health check configuration from container.hostname (
Optional
[str
]) – The hostname to use for your container. Default: - Automatic hostname.inference_accelerator_resources (
Optional
[Sequence
[str
]]) – The inference accelerators referenced by the container. Default: - No inference accelerators assigned.interactive (
Optional
[bool
]) – When this parameter is true, you can deploy containerized applications that require stdin or a tty to be allocated. Default: - falselinux_parameters (
Optional
[LinuxParameters
]) –Linux-specific modifications that are applied to the container, such as Linux kernel capabilities. For more information see KernelCapabilities. Default: - No Linux parameters.
logging (
Optional
[LogDriver
]) – The log configuration specification for the container. Default: - Containers use the same logging driver that the Docker daemon uses.memory_limit_mib (
Union
[int
,float
,None
]) – The amount (in MiB) of memory to present to the container. If your container attempts to exceed the allocated memory, the container is terminated. At least one of memoryLimitMiB and memoryReservationMiB is required for non-Fargate services. Default: - No memory limit.memory_reservation_mib (
Union
[int
,float
,None
]) – The soft limit (in MiB) of memory to reserve for the container. When system memory is under heavy contention, Docker attempts to keep the container memory to this soft limit. However, your container can consume more memory when it needs to, up to either the hard limit specified with the memory parameter (if applicable), or all of the available memory on the container instance, whichever comes first. At least one of memoryLimitMiB and memoryReservationMiB is required for non-Fargate services. Default: - No memory reserved.port_mappings (
Optional
[Sequence
[Union
[PortMapping
,Dict
[str
,Any
]]]]) – The port mappings to add to the container definition. Default: - No ports are mapped.privileged (
Optional
[bool
]) – Specifies whether the container is marked as privileged. When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user). Default: falsepseudo_terminal (
Optional
[bool
]) – When this parameter is true, a TTY is allocated. This parameter maps to Tty in the “Create a container section” of the Docker Remote API and the –tty option todocker run
. Default: - falsereadonly_root_filesystem (
Optional
[bool
]) – When this parameter is true, the container is given read-only access to its root file system. Default: falserestart_attempt_period (
Optional
[Duration
]) – A period of time that the container must run for before a restart can be attempted. A container can be restarted only once everyrestartAttemptPeriod
seconds. If a container isn’t able to run for this time period and exits early, it will not be restarted. This property can’t be used ifenableRestartPolicy
is set to false. You can set a minimumrestartAttemptPeriod
of 60 seconds and a maximumrestartAttemptPeriod
of 1800 seconds. Default: - Duration.seconds(300) ifenableRestartPolicy
is true, otherwise no period.restart_ignored_exit_codes (
Optional
[Sequence
[Union
[int
,float
]]]) – A list of exit codes that Amazon ECS will ignore and not attempt a restart on. This property can’t be used ifenableRestartPolicy
is set to false. You can specify a maximum of 50 container exit codes. Default: - No exit codes are ignored.secrets (
Optional
[Mapping
[str
,Secret
]]) – The secret environment variables to pass to the container. Default: - No secret environment variables.start_timeout (
Optional
[Duration
]) – Time duration (in seconds) to wait before giving up on resolving dependencies for a container. Default: - nonestop_timeout (
Optional
[Duration
]) – Time duration (in seconds) to wait before the container is forcefully killed if it doesn’t exit normally on its own. Default: - nonesystem_controls (
Optional
[Sequence
[Union
[SystemControl
,Dict
[str
,Any
]]]]) – A list of namespaced kernel parameters to set in the container. Default: - No system controls are set.ulimits (
Optional
[Sequence
[Union
[Ulimit
,Dict
[str
,Any
]]]]) – An array of ulimits to set in the container.user (
Optional
[str
]) – The user to use inside the container. This parameter maps to User in the Create a container section of the Docker Remote API and the –user option to docker run. Default: rootworking_directory (
Optional
[str
]) – The working directory in which to run commands inside the container. Default: /
- Return type:
- add_inference_accelerator(*, device_name=None, device_type=None)
Adds an inference accelerator to the task definition.
- Parameters:
device_name (
Optional
[str
]) – The Elastic Inference accelerator device name. Default: - emptydevice_type (
Optional
[str
]) – The Elastic Inference accelerator type to use. The allowed values are: eia2.medium, eia2.large and eia2.xlarge. Default: - empty
- Return type:
None
- add_placement_constraint(constraint)
Adds the specified placement constraint to the task definition.
- Parameters:
constraint (
PlacementConstraint
) –- Return type:
None
- add_to_execution_role_policy(statement)
Adds a policy statement to the task execution IAM role.
- Parameters:
statement (
PolicyStatement
) –- Return type:
None
- add_to_task_role_policy(statement)
Adds a policy statement to the task IAM role.
- Parameters:
statement (
PolicyStatement
) –- Return type:
None
- add_volume(*, name, configured_at_launch=None, docker_volume_configuration=None, efs_volume_configuration=None, host=None)
Adds a volume to the task definition.
- Parameters:
name (
str
) – The name of the volume. Up to 255 letters (uppercase and lowercase), numbers, and hyphens are allowed. This name is referenced in the sourceVolume parameter of container definition mountPoints.configured_at_launch (
Optional
[bool
]) – Indicates if the volume should be configured at launch. Default: falsedocker_volume_configuration (
Union
[DockerVolumeConfiguration
,Dict
[str
,Any
],None
]) – This property is specified when you are using Docker volumes. Docker volumes are only supported when you are using the EC2 launch type. Windows containers only support the use of the local driver. To use bind mounts, specify a host instead.efs_volume_configuration (
Union
[EfsVolumeConfiguration
,Dict
[str
,Any
],None
]) – This property is specified when you are using Amazon EFS. When specifying Amazon EFS volumes in tasks using the Fargate launch type, Fargate creates a supervisor container that is responsible for managing the Amazon EFS volume. The supervisor container uses a small amount of the task’s memory. The supervisor container is visible when querying the task metadata version 4 endpoint, but is not visible in CloudWatch Container Insights. Default: No Elastic FileSystem is setuphost (
Union
[Host
,Dict
[str
,Any
],None
]) – This property is specified when you are using bind mount host volumes. Bind mount host volumes are supported when you are using either the EC2 or Fargate launch types. The contents of the host parameter determine whether your bind mount host volume persists on the host container instance and where it is stored. If the host parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data is not guaranteed to persist after the containers associated with it stop running.
- Return type:
None
- apply_removal_policy(policy)
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.
The resource can be deleted (
RemovalPolicy.DESTROY
), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN
).- Parameters:
policy (
RemovalPolicy
) –- Return type:
None
- find_container(container_name)
Returns the container that match the provided containerName.
- Parameters:
container_name (
str
) –- Return type:
Optional
[ContainerDefinition
]
- find_port_mapping_by_name(name)
Determine the existing port mapping for the provided name.
- Parameters:
name (
str
) – : port mapping name.- Return type:
Optional
[PortMapping
]- Returns:
PortMapping for the provided name, if it exists.
- grant_run(grantee)
Grants permissions to run this task definition.
This will grant the following permissions:
ecs:RunTask
iam:PassRole
- Parameters:
grantee (
IGrantable
) – Principal to grant consume rights to.- Return type:
- obtain_execution_role()
Creates the task execution IAM role if it doesn’t already exist.
- Return type:
- to_string()
Returns a string representation of this construct.
- Return type:
str
Attributes
- compatibility
The task launch type compatibility requirement.
- default_container
Default container for this task.
Load balancers will send traffic to this container. The first essential container that is added to this task will become the default container.
- env
The environment this resource belongs to.
For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
- ephemeral_storage_gib
The amount (in GiB) of ephemeral storage to be allocated to the task.
- execution_role
Execution role for this task definition.
- family
The name of a family that this task definition is registered to.
A family groups multiple versions of a task definition.
- inference_accelerators
Public getter method to access list of inference accelerators attached to the instance.
- is_ec2_compatible
Return true if the task definition can be run on an EC2 cluster.
- is_external_compatible
Return true if the task definition can be run on a ECS anywhere cluster.
- is_fargate_compatible
Return true if the task definition can be run on a Fargate cluster.
- network_mode
The Docker networking mode to use for the containers in the task.
Fargate tasks require the awsvpc network mode.
- node
The tree node.
- pid_mode
The process namespace to use for the containers in the task.
Only supported for tasks that are hosted on AWS Fargate if the tasks are using platform version 1.4.0 or later (Linux). Not supported in Windows containers. If pidMode is specified for a Fargate task, then runtimePlatform.operatingSystemFamily must also be specified. For more information, see Task Definition Parameters.
- references_secret_json_field
Whether this task definition has at least a container that references a specific JSON field of a secret stored in Secrets Manager.
- stack
The stack in which this resource is defined.
- task_definition_arn
The full Amazon Resource Name (ARN) of the task definition.
- Attribute:
true
- task_role
The name of the IAM role that grants containers in the task permission to call AWS APIs on your behalf.
Static Methods
- classmethod from_fargate_task_definition_arn(scope, id, fargate_task_definition_arn)
Imports a task definition from the specified task definition ARN.
- Parameters:
scope (
Construct
) –id (
str
) –fargate_task_definition_arn (
str
) –
- Return type:
- classmethod from_fargate_task_definition_attributes(scope, id, *, task_definition_arn, execution_role=None, network_mode=None, task_role=None)
Import an existing Fargate task definition from its attributes.
- Parameters:
scope (
Construct
) –id (
str
) –task_definition_arn (
str
) – The arn of the task definition.execution_role (
Optional
[IRole
]) – The IAM role that grants containers and Fargate agents permission to make AWS API calls on your behalf. Some tasks do not have an execution role. Default: - undefinednetwork_mode (
Optional
[NetworkMode
]) – The networking mode to use for the containers in the task. Default: Network mode cannot be provided to the imported task.task_role (
Optional
[IRole
]) – The name of the IAM role that grants containers in the task permission to call AWS APIs on your behalf. Default: Permissions cannot be granted to the imported task.
- Return type:
- classmethod from_task_definition_arn(scope, id, task_definition_arn)
Imports a task definition from the specified task definition ARN.
The task will have a compatibility of EC2+Fargate.
- Parameters:
scope (
Construct
) –id (
str
) –task_definition_arn (
str
) –
- Return type:
- classmethod from_task_definition_attributes(scope, id, *, compatibility=None, task_definition_arn, execution_role=None, network_mode=None, task_role=None)
Create a task definition from a task definition reference.
- Parameters:
scope (
Construct
) –id (
str
) –compatibility (
Optional
[Compatibility
]) – What launch types this task definition should be compatible with. Default: Compatibility.EC2_AND_FARGATEtask_definition_arn (
str
) – The arn of the task definition.execution_role (
Optional
[IRole
]) – The IAM role that grants containers and Fargate agents permission to make AWS API calls on your behalf. Some tasks do not have an execution role. Default: - undefinednetwork_mode (
Optional
[NetworkMode
]) – The networking mode to use for the containers in the task. Default: Network mode cannot be provided to the imported task.task_role (
Optional
[IRole
]) – The name of the IAM role that grants containers in the task permission to call AWS APIs on your behalf. Default: Permissions cannot be granted to the imported task.
- Return type:
- classmethod is_construct(x)
Checks if
x
is a construct.Use this method instead of
instanceof
to properly detectConstruct
instances, even when the construct library is symlinked.Explanation: in JavaScript, multiple copies of the
constructs
library on disk are seen as independent, completely different libraries. As a consequence, the classConstruct
in each copy of theconstructs
library is seen as a different class, and an instance of one class will not test asinstanceof
the other class.npm install
will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of theconstructs
library can be accidentally installed, andinstanceof
will behave unpredictably. It is safest to avoid usinginstanceof
, and using this type-testing method instead.- Parameters:
x (
Any
) – Any object.- Return type:
bool
- Returns:
true if
x
is an object created from a class which extendsConstruct
.
- classmethod is_owned_resource(construct)
Returns true if the construct was created by CDK, and false otherwise.
- Parameters:
construct (
IConstruct
) –- Return type:
bool
- classmethod is_resource(construct)
Check whether the given construct is a Resource.
- Parameters:
construct (
IConstruct
) –- Return type:
bool