AWS::ECS::TaskDefinition
The AWS::ECS::TaskDefinition resource describes the container and volume
definitions of an Amazon Elastic Container Service (Amazon ECS) task. You can specify
which Docker images to use, the required resources, and other configurations related to
launching the task definition through an Amazon ECS service or task.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::ECS::TaskDefinition", "Properties" : { "ContainerDefinitions" :[ ContainerDefinition, ... ], "Cpu" :String, "EphemeralStorage" :EphemeralStorage, "ExecutionRoleArn" :String, "Family" :String, "InferenceAccelerators" :[ InferenceAccelerator, ... ], "IpcMode" :String, "Memory" :String, "NetworkMode" :String, "PidMode" :String, "PlacementConstraints" :[ TaskDefinitionPlacementConstraint, ... ], "ProxyConfiguration" :ProxyConfiguration, "RequiresCompatibilities" :[ String, ... ], "RuntimePlatform" :RuntimePlatform, "Tags" :[ Tag, ... ], "TaskRoleArn" :String, "Volumes" :[ Volume, ... ]} }
YAML
Type: AWS::ECS::TaskDefinition Properties: ContainerDefinitions:- ContainerDefinitionCpu:StringEphemeralStorage:EphemeralStorageExecutionRoleArn:StringFamily:StringInferenceAccelerators:- InferenceAcceleratorIpcMode:StringMemory:StringNetworkMode:StringPidMode:StringPlacementConstraints:- TaskDefinitionPlacementConstraintProxyConfiguration:ProxyConfigurationRequiresCompatibilities:- StringRuntimePlatform:RuntimePlatformTags:- TagTaskRoleArn:StringVolumes:- Volume
Properties
ContainerDefinitions-
A list of container definitions in JSON format that describe the different containers that make up your task. For more information about container definition parameters and defaults, see Amazon ECS Task Definitions in the Amazon Elastic Container Service Developer Guide.
Required: No
Type: List of ContainerDefinition
Update requires: Replacement
Cpu-
The number of
cpuunits used by the task. If you use the EC2 launch type, this field is optional. Any value can be used. If you use the Fargate launch type, this field is required. You must use one of the following values. The value that you choose determines your range of valid values for thememoryparameter.The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate.
-
256 (.25 vCPU) - Available
memoryvalues: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) -
512 (.5 vCPU) - Available
memoryvalues: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) -
1024 (1 vCPU) - Available
memoryvalues: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) -
2048 (2 vCPU) - Available
memoryvalues: 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) -
4096 (4 vCPU) - Available
memoryvalues: 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) -
8192 (8 vCPU) - Available
memoryvalues: 16 GB and 60 GB in 4 GB incrementsThis option requires Linux platform
1.4.0or later. -
16384 (16vCPU) - Available
memoryvalues: 32GB and 120 GB in 8 GB incrementsThis option requires Linux platform
1.4.0or later.
Required: No
Type: String
Update requires: Replacement
-
EphemeralStorage-
The ephemeral storage settings to use for tasks run with the task definition.
Required: No
Type: EphemeralStorage
Update requires: Replacement
ExecutionRoleArn-
The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf. The task execution IAM role is required depending on the requirements of your task. For more information, see Amazon ECS task execution IAM role in the Amazon Elastic Container Service Developer Guide.
Required: No
Type: String
Update requires: Replacement
Family-
The name of a family that this task definition is registered to. Up to 255 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed.
A family groups multiple versions of a task definition. Amazon ECS gives the first task definition that you registered to a family a revision number of 1. Amazon ECS gives sequential revision numbers to each task definition that you add.
Note To use revision numbers when you update a task definition, specify this property. If you don't specify a value, AWS CloudFormation generates a new task definition each time that you update it.
Required: No
Type: String
Update requires: Replacement
InferenceAccelerators-
The Elastic Inference accelerators to use for the containers in the task.
Required: No
Type: List of InferenceAccelerator
Update requires: Replacement
IpcMode-
The IPC resource namespace to use for the containers in the task. The valid values are
host,task, ornone. Ifhostis specified, then all containers within the tasks that specified thehostIPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. Iftaskis specified, all containers within the specified task share the same IPC resources. Ifnoneis specified, then IPC resources within the containers of a task are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance. For more information, see IPC settingsin the Docker run reference. If the
hostIPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose. For more information, see Docker security. If you are setting namespaced kernel parameters using
systemControlsfor the containers in the task, the following will apply to your IPC resource namespace. For more information, see System Controls in the Amazon Elastic Container Service Developer Guide.-
For tasks that use the
hostIPC mode, IPC namespace relatedsystemControlsare not supported. -
For tasks that use the
taskIPC mode, IPC namespace relatedsystemControlswill apply to all containers within a task.
Note This parameter is not supported for Windows containers or tasks run on AWS Fargate.
Required: No
Type: String
Allowed values:
host | none | taskUpdate requires: Replacement
-
Memory-
The amount (in MiB) of memory used by the task.
If your tasks runs on Amazon EC2 instances, you must specify either a task-level memory value or a container-level memory value. This field is optional and any value can be used. If a task-level memory value is specified, the container-level memory value is optional. For more information regarding container-level memory and memory reservation, see ContainerDefinition.
If your tasks runs on AWS Fargate, this field is required. You must use one of the following values. The value you choose determines your range of valid values for the
cpuparameter.-
512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - Available
cpuvalues: 256 (.25 vCPU) -
1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - Available
cpuvalues: 512 (.5 vCPU) -
2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - Available
cpuvalues: 1024 (1 vCPU) -
Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - Available
cpuvalues: 2048 (2 vCPU) -
Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - Available
cpuvalues: 4096 (4 vCPU) -
Between 16 GB and 60 GB in 4 GB increments - Available
cpuvalues: 8192 (8 vCPU)This option requires Linux platform
1.4.0or later. -
Between 32GB and 120 GB in 8 GB increments - Available
cpuvalues: 16384 (16 vCPU)This option requires Linux platform
1.4.0or later.
Required: No
Type: String
Update requires: Replacement
-
NetworkMode-
The Docker networking mode to use for the containers in the task. The valid values are
none,bridge,awsvpc, andhost. The default Docker network mode isbridge. If you are using the Fargate launch type, theawsvpcnetwork mode is required. If you are using the EC2 launch type, any network mode can be used. If the network mode is set tonone, you cannot specify port mappings in your container definitions, and the tasks containers do not have external connectivity. Thehostandawsvpcnetwork modes offer the highest networking performance for containers because they use the EC2 network stack instead of the virtualized network stack provided by thebridgemode.With the
hostandawsvpcnetwork modes, exposed container ports are mapped directly to the corresponding host port (for thehostnetwork mode) or the attached elastic network interface port (for theawsvpcnetwork mode), so you cannot take advantage of dynamic host port mappings.If the network mode is
awsvpc, the task is allocated an elastic network interface, and you must specify a NetworkConfiguration value when you create a service or run a task with the task definition. For more information, see Task Networking in the Amazon Elastic Container Service Developer Guide.Note Currently, only Amazon ECS-optimized AMIs, other Amazon Linux variants with the
ecs-initpackage, or AWS Fargate infrastructure support theawsvpcnetwork mode.If the network mode is
host, you cannot run multiple instantiations of the same task on a single container instance when port mappings are used.Docker for Windows uses different network modes than Docker for Linux. When you register a task definition with Windows containers, you must not specify a network mode. If you use the console to register a task definition with Windows containers, you must choose the
<default>network mode object.For more information, see Network settings
in the Docker run reference. Required: No
Type: String
Allowed values:
awsvpc | bridge | host | noneUpdate requires: Replacement
PidMode-
The process namespace to use for the containers in the task. The valid values are
hostortask. Ifhostis specified, then all containers within the tasks that specified thehostPID mode on the same container instance share the same process namespace with the host Amazon EC2 instance. Iftaskis specified, all containers within the specified task share the same process namespace. If no value is specified, the default is a private namespace. For more information, see PID settingsin the Docker run reference. If the
hostPID mode is used, be aware that there is a heightened risk of undesired process namespace expose. For more information, see Docker security. Note This parameter is not supported for Windows containers or tasks run on AWS Fargate.
Required: No
Type: String
Allowed values:
host | taskUpdate requires: Replacement
PlacementConstraints-
An array of placement constraint objects to use for tasks.
Note This parameter isn't supported for tasks run on AWS Fargate.
Required: No
Type: List of TaskDefinitionPlacementConstraint
Update requires: Replacement
ProxyConfiguration-
The
ProxyConfigurationproperty specifies the configuration details for the App Mesh proxy.Your Amazon ECS container instances require at least version 1.26.0 of the container agent and at least version 1.26.0-1 of the
ecs-initpackage to enable a proxy configuration. If your container instances are launched from the Amazon ECS-optimized AMI version20190301or later, then they contain the required versions of the container agent andecs-init. For more information, see Amazon ECS-optimized Linux AMI in the Amazon Elastic Container Service Developer Guide.Required: No
Type: ProxyConfiguration
Update requires: Replacement
RequiresCompatibilities-
The task launch types the task definition was validated against. To determine which task launch types the task definition is validated for, see the
TaskDefinition$compatibilitiesparameter.The valid values are:
EC2- The EC2 launch typeFARGATE- The Fargate launch typeEXTERNAL- The external instance (ECS Anywhere) launch type
Required: No
Type: List of String
Update requires: Replacement
RuntimePlatform-
The operating system that your tasks definitions run on. A platform family is specified only for tasks using the Fargate launch type.
When you specify a task definition in a service, this value must match the
runtimePlatformvalue of the service.Required: No
Type: RuntimePlatform
Update requires: Replacement
Tags-
The metadata that you apply to the task definition to help you categorize and organize them. Each tag consists of a key and an optional value. You define both of them.
The following basic restrictions apply to tags:
-
Maximum number of tags per resource - 50
-
For each resource, each tag key must be unique, and each tag key can have only one value.
-
Maximum key length - 128 Unicode characters in UTF-8
-
Maximum value length - 256 Unicode characters in UTF-8
-
If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.
-
Tag keys and values are case-sensitive.
-
Do not use
aws:,AWS:, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.
Required: No
Type: List of Tag
Maximum:
50Update requires: No interruption
-
TaskRoleArn-
The short name or full Amazon Resource Name (ARN) of the AWS Identity and Access Management role that grants containers in the task permission to call AWS APIs on your behalf. For more information, see Amazon ECS Task Role in the Amazon Elastic Container Service Developer Guide.
IAM roles for tasks on Windows require that the
-EnableTaskIAMRoleoption is set when you launch the Amazon ECS-optimized Windows AMI. Your containers must also run some configuration code to use the feature. For more information, see Windows IAM roles for tasks in the Amazon Elastic Container Service Developer Guide.Required: No
Type: String
Update requires: Replacement
Volumes-
The list of data volume definitions for the task. For more information, see Using data volumes in tasks in the Amazon Elastic Container Service Developer Guide.
Note The
hostandsourcePathparameters aren't supported for tasks run on AWS Fargate.Required: No
Type: List of Volume
Update requires: Replacement
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the Amazon Resource Name (ARN).
In the following example, the Ref function returns the ARN of the
MyTaskDefinition task definition, such as
arn:aws:ecs:us-west-2:123456789012:task-definition/TaskDefinitionFamily:1.
{ "Ref": "MyTaskDefinition" }
For more information about using the Ref function, see Ref.
Examples
Create an Amazon ECS task definition
The following example defines an Amazon ECS task definition, which includes two container definitions and one volume definition.
JSON
"taskdefinition": { "Type": "AWS::ECS::TaskDefinition", "Properties" : { "ContainerDefinitions" : [ { "Name": {"Ref": "AppName"}, "MountPoints": [ { "SourceVolume": "my-vol", "ContainerPath": "/var/www/my-vol" } ], "Image":"amazon/amazon-ecs-sample", "Cpu": 256, "PortMappings":[ { "ContainerPort": {"Ref":"AppContainerPort"}, "HostPort": {"Ref":"AppHostPort"} } ], "EntryPoint": [ "/usr/sbin/apache2", "-D", "FOREGROUND" ], "Memory": 512, "Essential": true }, { "Name": "busybox", "Image": "busybox", "Cpu": 256, "EntryPoint": [ "sh", "-c" ], "Memory": 512, "Command": [ "/bin/sh -c \"while true; do /bin/date > /var/www/my-vol/date; sleep 1; done\"" ], "Essential" : false, "VolumesFrom": [ { "SourceContainer": {"Ref":"AppName"} } ] }], "Volumes": [ { "Host": { "SourcePath": "/var/lib/docker/vfs/dir/" }, "Name": "my-vol" }] } }
YAML
taskdefinition: Type: AWS::ECS::TaskDefinition Properties: ContainerDefinitions: - Name: Ref: "AppName" MountPoints: - SourceVolume: "my-vol" ContainerPath: "/var/www/my-vol" Image: "amazon/amazon-ecs-sample" Cpu: 256 PortMappings: - ContainerPort: Ref: "AppContainerPort" HostPort: Ref: "AppHostPort" EntryPoint: - "/usr/sbin/apache2" - "-D" - "FOREGROUND" Memory: 512 Essential: true - Name: "busybox" Image: "busybox" Cpu: 256 EntryPoint: - "sh" - "-c" Memory: 512 Command: - "/bin/sh -c \"while true; do /bin/date > /var/www/my-vol/date; sleep 1; done\"" Essential: false VolumesFrom: - SourceContainer: Ref: "AppName" Volumes: - Host: SourcePath: "/var/lib/docker/vfs/dir/" Name: "my-vol"
Create an Amazon ECS task definition
The following example defines an Amazon ECS task definition that specifies EC2 as required compatibilities.
JSON
{ "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "taskdefinition": { "Type": "AWS::ECS::TaskDefinition", "Properties": { "RequiresCompatibilities": [ "EC2" ], "ContainerDefinitions": [ { "Name": "my-app", "MountPoints": [ { "SourceVolume": "my-vol", "ContainerPath": "/var/www/my-vol" } ], "Image": "amazon/amazon-ecs-sample", "Cpu": 256, "EntryPoint": [ "/usr/sbin/apache2", "-D", "FOREGROUND" ], "Memory": 512, "Essential": true }, { "Name": "busybox", "Image": "busybox", "Cpu": 256, "EntryPoint": [ "sh", "-c" ], "Memory": 512, "Command": [ "/bin/sh -c \"while true; do /bin/date > /var/www/my-vol/date; sleep 1; done\"" ], "Essential": false, "DependsOn": [ { "ContainerName": "my-app", "Condition": "START" } ], "VolumesFrom": [ { "SourceContainer": "my-app" } ] } ], "Volumes": [ { "Host": { "SourcePath": "/var/lib/docker/vfs/dir/" }, "Name": "my-vol" } ] } } } }
YAML
AWSTemplateFormatVersion: 2010-09-09 Resources: taskdefinition: Type: AWS::ECS::TaskDefinition Properties: RequiresCompatibilities: - "EC2" ContainerDefinitions: - Name: "my-app" MountPoints: - SourceVolume: "my-vol" ContainerPath: "/var/www/my-vol" Image: "amazon/amazon-ecs-sample" Cpu: 256 EntryPoint: - "/usr/sbin/apache2" - "-D" - "FOREGROUND" Memory: 512 Essential: true - Name: "busybox" Image: "busybox" Cpu: 256 EntryPoint: - "sh" - "-c" Memory: 512 Command: - "/bin/sh -c \"while true; do /bin/date > /var/www/my-vol/date; sleep 1; done\"" Essential: false DependsOn: - ContainerName: my-app Condition: START VolumesFrom: - SourceContainer: "my-app" Volumes: - Host: SourcePath: "/var/lib/docker/vfs/dir/" Name: "my-vol"
