@aws-cdk/aws-ecs

@aws-cdk/aws-ecs

Version 1.204.0
Published 9 months ago
5.57 MB
26 dependencies
Apache-2.0 license

Install

npm i @aws-cdk/aws-ecs

yarn add @aws-cdk/aws-ecs

pnpm add @aws-cdk/aws-ecs

Overview

The CDK Construct Library for AWS::ECS

Index

Functions

function isEc2Compatible

isEc2Compatible: (compatibility: Compatibility) => boolean;

Return true if the given task definition can be run on an EC2 cluster

function isExternalCompatible

isExternalCompatible: (compatibility: Compatibility) => boolean;

Return true if the given task definition can be run on a ECS Anywhere cluster

function isFargateCompatible

isFargateCompatible: (compatibility: Compatibility) => boolean;

Return true if the given task definition can be run on a Fargate cluster

function obtainDefaultFluentBitECRImage

obtainDefaultFluentBitECRImage: (
    task: TaskDefinition,
    logDriverConfig?: LogDriverConfig,
    imageTag?: string
) => ContainerImage;

Obtain Fluent Bit image in Amazon ECR and setup corresponding IAM permissions. ECR image pull permissions will be granted in task execution role. Cloudwatch logs, Kinesis data stream or firehose permissions will be grant by check options in logDriverConfig. https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html#firelens-using-fluentbit

Classes

class AppMeshProxyConfiguration

class AppMeshProxyConfiguration extends ProxyConfiguration {}

The class for App Mesh proxy configurations.
For tasks using the EC2 launch type, the container instances require at least version 1.26.0 of the container agent and at least version 1.26.0-1 of the ecs-init package to enable a proxy configuration. If your container instances are launched from the Amazon ECS-optimized AMI version 20190301 or later, then they contain the required versions of the container agent and ecs-init. For more information, see [Amazon ECS-optimized AMIs](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html).
For tasks using the Fargate launch type, the task or service requires platform version 1.3.0 or later.

constructor

constructor(props: AppMeshProxyConfigurationConfigProps);

Constructs a new instance of the AppMeshProxyConfiguration class.

method bind

bind: (
    _scope: CoreConstruct,
    _taskDefinition: TaskDefinition
) => CfnTaskDefinition.ProxyConfigurationProperty;

Called when the proxy configuration is configured on a task definition.

class AsgCapacityProvider

class AsgCapacityProvider extends CoreConstruct {}

An Auto Scaling Group Capacity Provider. This allows an ECS cluster to target a specific EC2 Auto Scaling Group for the placement of tasks. Optionally (and recommended), ECS can manage the number of instances in the ASG to fit the tasks, and can ensure that instances are not prematurely terminated while there are still tasks running on them.

constructor

constructor(scope: Construct, id: string, props: AsgCapacityProviderProps);

property autoScalingGroup

readonly autoScalingGroup: autoscaling.AutoScalingGroup;

Auto Scaling Group

property canContainersAccessInstanceRole

readonly canContainersAccessInstanceRole?: boolean;

Specifies whether the containers can access the container instance role.
false

property capacityProviderName

readonly capacityProviderName: string;

Capacity provider name Chosen by CloudFormation

property enableManagedTerminationProtection

readonly enableManagedTerminationProtection?: boolean;

Whether managed termination protection is enabled

property machineImageType

readonly machineImageType: MachineImageType;

Auto Scaling Group machineImageType.

class AssetEnvironmentFile

class AssetEnvironmentFile extends EnvironmentFile {}

Environment file from a local directory.

constructor

constructor(path: string, options?: AssetOptions);

Parameter path
The path to the asset file or directory.
Parameter options

property path

readonly path: string;

method bind

bind: (scope: Construct) => EnvironmentFileConfig;

class AssetImage

class AssetImage extends ContainerImage {}

An image that will be built from a local directory with a Dockerfile

constructor

constructor(directory: string, props?: AssetImageProps);

Constructs a new instance of the AssetImage class.
Parameter directory
The directory containing the Dockerfile

method bind

bind: (
    scope: CoreConstruct,
    containerDefinition: ContainerDefinition
) => ContainerImageConfig;

class AwsLogDriver

class AwsLogDriver extends LogDriver {}

A log driver that sends log information to CloudWatch Logs.

constructor

constructor(props: AwsLogDriverProps);

Constructs a new instance of the AwsLogDriver class.
Parameter props
the awslogs log driver configuration options.

property logGroup

logGroup?: logs.ILogGroup;

The log group to send log streams to.
Only available after the LogDriver has been bound to a ContainerDefinition.

method bind

bind: (
    scope: CoreConstruct,
    containerDefinition: ContainerDefinition
) => LogDriverConfig;

Called when the log driver is configured on a container

class BaseService

abstract class BaseService
    extends Resource
    implements
        IBaseService,
        elbv2.IApplicationLoadBalancerTarget,
        elbv2.INetworkLoadBalancerTarget,
        elb.ILoadBalancerTarget {}

The base class for Ec2Service and FargateService services.

constructor

constructor(
    scope: Construct,
    id: string,
    props: BaseServiceProps,
    additionalProps: any,
    taskDefinition: TaskDefinition
);

Constructs a new instance of the BaseService class.

property cloudmapService

protected cloudmapService?: cloudmap.Service;

The details of the AWS Cloud Map service.

property cloudMapService

readonly cloudMapService: any;

The CloudMap service created for this service, if any.

property cluster

readonly cluster: ICluster;

The cluster that hosts the service.

property connections

readonly connections: ec2.Connections;

The security groups which manage the allowed network traffic for the service.

property loadBalancers

protected loadBalancers: CfnService.LoadBalancerProperty[];

A list of Elastic Load Balancing load balancer objects, containing the load balancer name, the container name (as it appears in a container definition), and the container port to access from the load balancer.

property networkConfiguration

protected networkConfiguration?: CfnService.NetworkConfigurationProperty;

A list of Elastic Load Balancing load balancer objects, containing the load balancer name, the container name (as it appears in a container definition), and the container port to access from the load balancer.

property serviceArn

readonly serviceArn: string;

The Amazon Resource Name (ARN) of the service.

property serviceName

readonly serviceName: string;

The name of the service.

property serviceRegistries

protected serviceRegistries: CfnService.ServiceRegistryProperty[];

The details of the service discovery registries to assign to this service. For more information, see Service Discovery.

property taskDefinition

readonly taskDefinition: TaskDefinition;

The task definition to use for tasks in the service.

method associateCloudMapService

associateCloudMapService: (options: AssociateCloudMapServiceOptions) => void;

Associates this service with a CloudMap service

method attachToApplicationTargetGroup

attachToApplicationTargetGroup: (
    targetGroup: elbv2.IApplicationTargetGroup
) => elbv2.LoadBalancerTargetProps;

This method is called to attach this service to an Application Load Balancer.
Don't call this function directly. Instead, call listener.addTargets() to add this service to a load balancer.

method attachToClassicLB

attachToClassicLB: (loadBalancer: elb.LoadBalancer) => void;

Registers the service as a target of a Classic Load Balancer (CLB).
Don't call this. Call loadBalancer.addTarget() instead.

method attachToNetworkTargetGroup

attachToNetworkTargetGroup: (
    targetGroup: elbv2.INetworkTargetGroup
) => elbv2.LoadBalancerTargetProps;

This method is called to attach this service to a Network Load Balancer.
Don't call this function directly. Instead, call listener.addTargets() to add this service to a load balancer.

method autoScaleTaskCount

autoScaleTaskCount: (props: appscaling.EnableScalingProps) => ScalableTaskCount;

An attribute representing the minimum and maximum task count for an AutoScalingGroup.

method configureAwsVpcNetworking

protected configureAwsVpcNetworking: (
    vpc: ec2.IVpc,
    assignPublicIp?: boolean,
    vpcSubnets?: ec2.SubnetSelection,
    securityGroup?: ec2.ISecurityGroup
) => void;

This method is called to create a networkConfiguration.
Deprecated
use configureAwsVpcNetworkingWithSecurityGroups instead.

method configureAwsVpcNetworkingWithSecurityGroups

protected configureAwsVpcNetworkingWithSecurityGroups: (
    vpc: ec2.IVpc,
    assignPublicIp?: boolean,
    vpcSubnets?: ec2.SubnetSelection,
    securityGroups?: ec2.ISecurityGroup[]
) => void;

This method is called to create a networkConfiguration.

method enableCloudMap

enableCloudMap: (options: CloudMapOptions) => cloudmap.Service;

Enable CloudMap service discovery for the service
Returns
The created CloudMap service

method fromServiceArnWithCluster

static fromServiceArnWithCluster: (
    scope: Construct,
    id: string,
    serviceArn: string
) => IBaseService;

Import an existing ECS/Fargate Service using the service cluster format. The format is the "new" format "arn:aws:ecs:region:aws_account_id:service/cluster-name/service-name".
See Also
- https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-account-settings.html#ecs-resource-ids

method loadBalancerTarget

loadBalancerTarget: (
    options: LoadBalancerTargetOptions
) => IEcsLoadBalancerTarget;

Return a load balancing target for a specific container and port.
Use this function to create a load balancer target if you want to load balance to another container than the first essential container or the first mapped port on the container.
Use the return value of this function where you would normally use a load balancer target, instead of the Service object itself.
Example 1
declare const listener: elbv2.ApplicationListener; declare const service: ecs.BaseService; listener.addTargets('ECS', { port: 80, targets: [service.loadBalancerTarget({ containerName: 'MyContainer', containerPort: 1234, })], });

method metric

metric: (
    metricName: string,
    props?: cloudwatch.MetricOptions
) => cloudwatch.Metric;

This method returns the specified CloudWatch metric name for this service.

method metricCpuUtilization

metricCpuUtilization: (props?: cloudwatch.MetricOptions) => cloudwatch.Metric;

This method returns the CloudWatch metric for this service's CPU utilization.
average over 5 minutes

method metricMemoryUtilization

metricMemoryUtilization: (props?: cloudwatch.MetricOptions) => cloudwatch.Metric;

This method returns the CloudWatch metric for this service's memory utilization.
average over 5 minutes

method registerLoadBalancerTargets

registerLoadBalancerTargets: (...targets: EcsTarget[]) => void;

Use this function to create all load balancer targets to be registered in this service, add them to target groups, and attach target groups to listeners accordingly.
Alternatively, you can use listener.addTargets() to create targets and add them to target groups.
Example 1
declare const listener: elbv2.ApplicationListener; declare const service: ecs.BaseService; service.registerLoadBalancerTargets( { containerName: 'web', containerPort: 80, newTargetGroupId: 'ECS', listener: ecs.ListenerConfig.applicationListener(listener, { protocol: elbv2.ApplicationProtocol.HTTPS }), }, )

class BottleRocketImage

class BottleRocketImage implements ec2.IMachineImage {}

Construct an Bottlerocket image from the latest AMI published in SSM

constructor

constructor(props?: BottleRocketImageProps);

Constructs a new instance of the BottleRocketImage class.

method getImage

getImage: (scope: CoreConstruct) => ec2.MachineImageConfig;

Return the correct image

class BuiltInAttributes

class BuiltInAttributes {}

The built-in container instance attributes

property AMI_ID

static readonly AMI_ID: string;

The AMI id the instance is using.

property AVAILABILITY_ZONE

static readonly AVAILABILITY_ZONE: string;

The AvailabilityZone where the instance is running in.

property INSTANCE_ID

static readonly INSTANCE_ID: string;

The id of the instance.

property INSTANCE_TYPE

static readonly INSTANCE_TYPE: string;

The EC2 instance type.

property OS_TYPE

static readonly OS_TYPE: string;

The operating system of the instance.
Either 'linux' or 'windows'.

class CfnCapacityProvider

class CfnCapacityProvider extends cdk.CfnResource implements cdk.IInspectable {}

A CloudFormation AWS::ECS::CapacityProvider
Creates a new capacity provider. Capacity providers are associated with an Amazon ECS cluster and are used in capacity provider strategies to facilitate cluster auto scaling.
Only capacity providers that use an Auto Scaling group can be created. Amazon ECS tasks on AWS Fargate use the FARGATE and FARGATE_SPOT capacity providers. These providers are available to all accounts in the AWS Regions that AWS Fargate supports.
AWS::ECS::CapacityProvider external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-capacityprovider.html

constructor

constructor(scope: cdk.Construct, id: string, props: CfnCapacityProviderProps);

Create a new AWS::ECS::CapacityProvider.
Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties

property autoScalingGroupProvider

autoScalingGroupProvider: any;

The Auto Scaling group settings for the capacity provider.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-capacityprovider.html#cfn-ecs-capacityprovider-autoscalinggroupprovider

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property name

name: string;

The name of the capacity provider. If a name is specified, it cannot start with aws , ecs , or fargate . If no name is specified, a default name in the CFNStackName-CFNResourceName-RandomString format is used.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-capacityprovider.html#cfn-ecs-capacityprovider-name

property tags

readonly tags: cdk.TagManager;

The metadata that you apply to the capacity provider to help you categorize and organize it. Each tag consists of a key and an optional value. You define both.
The following basic restrictions apply to tags:
- Maximum number of tags per resource - 50 - For each resource, each tag key must be unique, and each tag key can have only one value. - Maximum key length - 128 Unicode characters in UTF-8 - Maximum value length - 256 Unicode characters in UTF-8 - If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @. - Tag keys and values are case-sensitive. - Do not use aws: , AWS: , or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-capacityprovider.html#cfn-ecs-capacityprovider-tags

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

class CfnCluster

class CfnCluster extends cdk.CfnResource implements cdk.IInspectable {}

A CloudFormation AWS::ECS::Cluster
The AWS::ECS::Cluster resource creates an Amazon Elastic Container Service (Amazon ECS) cluster.
AWS::ECS::Cluster external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-cluster.html

constructor

constructor(scope: cdk.Construct, id: string, props?: CfnClusterProps);

Create a new AWS::ECS::Cluster.
Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties

property attrArn

readonly attrArn: string;

The Amazon Resource Name (ARN) of the Amazon ECS cluster, such as arn:aws:ecs:us-east-2:123456789012:cluster/MyECSCluster . Arn

property capacityProviders

capacityProviders: string[];

The short name of one or more capacity providers to associate with the cluster. A capacity provider must be associated with a cluster before it can be included as part of the default capacity provider strategy of the cluster or used in a capacity provider strategy when calling the [CreateService](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CreateService.html) or [RunTask](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_RunTask.html) actions.
If specifying a capacity provider that uses an Auto Scaling group, the capacity provider must be created but not associated with another cluster. New Auto Scaling group capacity providers can be created with the [CreateCapacityProvider](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CreateCapacityProvider.html) API operation.
To use a AWS Fargate capacity provider, specify either the FARGATE or FARGATE_SPOT capacity providers. The AWS Fargate capacity providers are available to all accounts and only need to be associated with a cluster to be used.
The [PutCapacityProvider](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PutCapacityProvider.html) API operation is used to update the list of available capacity providers for a cluster after the cluster is created.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-cluster.html#cfn-ecs-cluster-capacityproviders

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property clusterName

clusterName: string;

A user-generated string that you use to identify your cluster. If you don't specify a name, AWS CloudFormation generates a unique physical ID for the name.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-cluster.html#cfn-ecs-cluster-clustername

property clusterSettings

clusterSettings: any;

The settings to use when creating a cluster. This parameter is used to turn on CloudWatch Container Insights for a cluster.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-cluster.html#cfn-ecs-cluster-clustersettings

property configuration

configuration: any;

The execute command configuration for the cluster.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-cluster.html#cfn-ecs-cluster-configuration

property defaultCapacityProviderStrategy

defaultCapacityProviderStrategy: any;

The default capacity provider strategy for the cluster. When services or tasks are run in the cluster with no launch type or capacity provider strategy specified, the default capacity provider strategy is used.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-cluster.html#cfn-ecs-cluster-defaultcapacityproviderstrategy

property serviceConnectDefaults

serviceConnectDefaults: any;

Use this parameter to set a default Service Connect namespace. After you set a default Service Connect namespace, any new services with Service Connect turned on that are created in the cluster are added as client services in the namespace. This setting only applies to new services that set the enabled parameter to true in the ServiceConnectConfiguration . You can set the namespace of each service individually in the ServiceConnectConfiguration to override this default parameter.
Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-cluster.html#cfn-ecs-cluster-serviceconnectdefaults

property tags

readonly tags: cdk.TagManager;

The metadata that you apply to the cluster to help you categorize and organize them. Each tag consists of a key and an optional value. You define both.
The following basic restrictions apply to tags:
- Maximum number of tags per resource - 50 - For each resource, each tag key must be unique, and each tag key can have only one value. - Maximum key length - 128 Unicode characters in UTF-8 - Maximum value length - 256 Unicode characters in UTF-8 - If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @. - Tag keys and values are case-sensitive. - Do not use aws: , AWS: , or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-cluster.html#cfn-ecs-cluster-tags

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

class CfnClusterCapacityProviderAssociations

class CfnClusterCapacityProviderAssociations
    extends cdk.CfnResource
    implements cdk.IInspectable {}

A CloudFormation AWS::ECS::ClusterCapacityProviderAssociations
The AWS::ECS::ClusterCapacityProviderAssociations resource associates one or more capacity providers and a default capacity provider strategy with a cluster.
AWS::ECS::ClusterCapacityProviderAssociations external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-clustercapacityproviderassociations.html

constructor

constructor(
    scope: cdk.Construct,
    id: string,
    props: CfnClusterCapacityProviderAssociationsProps
);

Create a new AWS::ECS::ClusterCapacityProviderAssociations.
Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties

property capacityProviders

capacityProviders: string[];

The capacity providers to associate with the cluster.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-clustercapacityproviderassociations.html#cfn-ecs-clustercapacityproviderassociations-capacityproviders

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property cluster

cluster: string;

The cluster the capacity provider association is the target of.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-clustercapacityproviderassociations.html#cfn-ecs-clustercapacityproviderassociations-cluster

property defaultCapacityProviderStrategy

defaultCapacityProviderStrategy: any;

The default capacity provider strategy to associate with the cluster.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-clustercapacityproviderassociations.html#cfn-ecs-clustercapacityproviderassociations-defaultcapacityproviderstrategy

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

class CfnPrimaryTaskSet

class CfnPrimaryTaskSet extends cdk.CfnResource implements cdk.IInspectable {}

A CloudFormation AWS::ECS::PrimaryTaskSet
Modifies which task set in a service is the primary task set. Any parameters that are updated on the primary task set in a service will transition to the service. This is used when a service uses the EXTERNAL deployment controller type. For more information, see [Amazon ECS Deployment Types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html) in the *Amazon Elastic Container Service Developer Guide* .
AWS::ECS::PrimaryTaskSet external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-primarytaskset.html

constructor

constructor(scope: cdk.Construct, id: string, props: CfnPrimaryTaskSetProps);

Create a new AWS::ECS::PrimaryTaskSet.
Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property cluster

cluster: string;

The short name or full Amazon Resource Name (ARN) of the cluster that hosts the service that the task set exists in.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-primarytaskset.html#cfn-ecs-primarytaskset-cluster

property service

service: string;

The short name or full Amazon Resource Name (ARN) of the service that the task set exists in.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-primarytaskset.html#cfn-ecs-primarytaskset-service

property taskSetId

taskSetId: string;

The short name or full Amazon Resource Name (ARN) of the task set to set as the primary task set in the deployment.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-primarytaskset.html#cfn-ecs-primarytaskset-tasksetid

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

class CfnService

class CfnService extends cdk.CfnResource implements cdk.IInspectable {}

A CloudFormation AWS::ECS::Service
The AWS::ECS::Service resource creates an Amazon Elastic Container Service (Amazon ECS) service that runs and maintains the requested number of tasks and associated load balancers.
> The stack update fails if you change any properties that require replacement and at least one Amazon ECS Service Connect ServiceConnectService is configured. This is because AWS CloudFormation creates the replacement service first, but each ServiceConnectService must have a name that is unique in the namespace. > Starting April 15, 2023, AWS ; will not onboard new customers to Amazon Elastic Inference (EI), and will help current customers migrate their workloads to options that offer better price and performance. After April 15, 2023, new customers will not be able to launch instances with Amazon EI accelerators in Amazon SageMaker, Amazon ECS , or Amazon EC2 . However, customers who have used Amazon EI at least once during the past 30-day period are considered current customers and will be able to continue using the service.
AWS::ECS::Service external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html

constructor

constructor(scope: cdk.Construct, id: string, props?: CfnServiceProps);

Create a new AWS::ECS::Service.
Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties

property attrName

readonly attrName: string;

The name of the Amazon ECS service, such as sample-webapp . Name

property attrServiceArn

readonly attrServiceArn: string;

Not currently supported in AWS CloudFormation . ServiceArn

property capacityProviderStrategy

capacityProviderStrategy: any;

The capacity provider strategy to use for the service.
If a capacityProviderStrategy is specified, the launchType parameter must be omitted. If no capacityProviderStrategy or launchType is specified, the defaultCapacityProviderStrategy for the cluster is used.
A capacity provider strategy may contain a maximum of 6 capacity providers.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-capacityproviderstrategy

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property cluster

cluster: string;

The short name or full Amazon Resource Name (ARN) of the cluster that you run your service on. If you do not specify a cluster, the default cluster is assumed.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-cluster

property deploymentConfiguration

deploymentConfiguration: any;

Optional deployment parameters that control how many tasks run during the deployment and the ordering of stopping and starting tasks.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-deploymentconfiguration

property deploymentController

deploymentController: any;

The deployment controller to use for the service. If no deployment controller is specified, the default value of ECS is used.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-deploymentcontroller

property desiredCount

desiredCount: number;

The number of instantiations of the specified task definition to place and keep running in your service.
For new services, if a desired count is not specified, a default value of 1 is used. When using the DAEMON scheduling strategy, the desired count is not required.
For existing services, if a desired count is not specified, it is omitted from the operation.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-desiredcount

property enableEcsManagedTags

enableEcsManagedTags: any;

Specifies whether to turn on Amazon ECS managed tags for the tasks within the service. For more information, see [Tagging your Amazon ECS resources](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-using-tags.html) in the *Amazon Elastic Container Service Developer Guide* .
When you use Amazon ECS managed tags, you need to set the propagateTags request parameter.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-enableecsmanagedtags

property enableExecuteCommand

enableExecuteCommand: any;

Determines whether the execute command functionality is turned on for the service. If true , the execute command functionality is turned on for all containers in tasks as part of the service.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-enableexecutecommand

property healthCheckGracePeriodSeconds

healthCheckGracePeriodSeconds: number;

The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing target health checks after a task has first started. This is only used when your service is configured to use a load balancer. If your service has a load balancer defined and you don't specify a health check grace period value, the default value of 0 is used.
If you do not use an Elastic Load Balancing, we recommend that you use the startPeriod in the task definition health check parameters. For more information, see [Health check](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_HealthCheck.html) .
If your service's tasks take a while to start and respond to Elastic Load Balancing health checks, you can specify a health check grace period of up to 2,147,483,647 seconds (about 69 years). During that time, the Amazon ECS service scheduler ignores health check status. This grace period can prevent the service scheduler from marking tasks as unhealthy and stopping them before they have time to come up.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-healthcheckgraceperiodseconds

property launchType

launchType: string;

The launch type on which to run your service. For more information, see [Amazon ECS Launch Types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-launchtype

property loadBalancers

loadBalancers: any;

A list of load balancer objects to associate with the service. If you specify the Role property, LoadBalancers must be specified as well. For information about the number of load balancers that you can specify per service, see [Service Load Balancing](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-load-balancing.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-loadbalancers

property networkConfiguration

networkConfiguration: any;

The network configuration for the service. This parameter is required for task definitions that use the awsvpc network mode to receive their own elastic network interface, and it is not supported for other network modes. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-networkconfiguration

property placementConstraints

placementConstraints: any;

An array of placement constraint objects to use for tasks in your service. You can specify a maximum of 10 constraints for each task. This limit includes constraints in the task definition and those specified at runtime.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-placementconstraints

property placementStrategies

placementStrategies: any;

The placement strategy objects to use for tasks in your service. You can specify a maximum of 5 strategy rules for each service.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-placementstrategies

property platformVersion

platformVersion: string;

The platform version that your tasks in the service are running on. A platform version is specified only for tasks using the Fargate launch type. If one isn't specified, the LATEST platform version is used. For more information, see [AWS Fargate platform versions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-platformversion

property propagateTags

propagateTags: string;

Specifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags aren't propagated. Tags can only be propagated to the task during task creation. To add tags to a task after task creation, use the [TagResource](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_TagResource.html) API action.
The default is NONE .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-propagatetags

property role

role: string;

The name or full Amazon Resource Name (ARN) of the IAM role that allows Amazon ECS to make calls to your load balancer on your behalf. This parameter is only permitted if you are using a load balancer with your service and your task definition doesn't use the awsvpc network mode. If you specify the role parameter, you must also specify a load balancer object with the loadBalancers parameter.
> If your account has already created the Amazon ECS service-linked role, that role is used for your service unless you specify a role here. The service-linked role is required if your task definition uses the awsvpc network mode or if the service is configured to use service discovery, an external deployment controller, multiple target groups, or Elastic Inference accelerators in which case you don't specify a role here. For more information, see [Using service-linked roles for Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using-service-linked-roles.html) in the *Amazon Elastic Container Service Developer Guide* .
If your specified role has a path other than / , then you must either specify the full role ARN (this is recommended) or prefix the role name with the path. For example, if a role with the name bar has a path of /foo/ then you would specify /foo/bar as the role name. For more information, see [Friendly names and paths](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names) in the *IAM User Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-role

property schedulingStrategy

schedulingStrategy: string;

The scheduling strategy to use for the service. For more information, see [Services](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html) .
There are two service scheduler strategies available:
- REPLICA -The replica scheduling strategy places and maintains the desired number of tasks across your cluster. By default, the service scheduler spreads tasks across Availability Zones. You can use task placement strategies and constraints to customize task placement decisions. This scheduler strategy is required if the service uses the CODE_DEPLOY or EXTERNAL deployment controller types. - DAEMON -The daemon scheduling strategy deploys exactly one task on each active container instance that meets all of the task placement constraints that you specify in your cluster. The service scheduler also evaluates the task placement constraints for running tasks and will stop tasks that don't meet the placement constraints. When you're using this strategy, you don't need to specify a desired number of tasks, a task placement strategy, or use Service Auto Scaling policies.
> Tasks using the Fargate launch type or the CODE_DEPLOY or EXTERNAL deployment controller types don't support the DAEMON scheduling strategy.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-schedulingstrategy

property serviceConnectConfiguration

serviceConnectConfiguration: any;

The configuration for this service to discover and connect to services, and be discovered by, and connected from, other services within a namespace.
Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-serviceconnectconfiguration

property serviceName

serviceName: string;

The name of your service. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. Service names must be unique within a cluster, but you can have similarly named services in multiple clusters within a Region or across multiple Regions.
> The stack update fails if you change any properties that require replacement and the ServiceName is configured. This is because AWS CloudFormation creates the replacement service first, but each ServiceName must be unique in the cluster.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-servicename

property serviceRegistries

serviceRegistries: any;

The details of the service discovery registry to associate with this service. For more information, see [Service discovery](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html) .
> Each service may be associated with one service registry. Multiple service registries for each service isn't supported.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-serviceregistries

property tags

readonly tags: cdk.TagManager;

The metadata that you apply to the service to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. When a service is deleted, the tags are deleted as well.
The following basic restrictions apply to tags:
- Maximum number of tags per resource - 50 - For each resource, each tag key must be unique, and each tag key can have only one value. - Maximum key length - 128 Unicode characters in UTF-8 - Maximum value length - 256 Unicode characters in UTF-8 - If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @. - Tag keys and values are case-sensitive. - Do not use aws: , AWS: , or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-tags

property taskDefinition

taskDefinition: string;

The family and revision ( family:revision ) or full ARN of the task definition to run in your service. If a revision isn't specified, the latest ACTIVE revision is used.
A task definition must be specified if the service uses either the ECS or CODE_DEPLOY deployment controllers.
For more information about deployment types, see [Amazon ECS deployment types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-taskdefinition

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

class CfnTaskDefinition

class CfnTaskDefinition extends cdk.CfnResource implements cdk.IInspectable {}

A CloudFormation AWS::ECS::TaskDefinition
The details of a task definition which describes the container and volume definitions of an Amazon Elastic Container Service task. You can specify which Docker images to use, the required resources, and other configurations related to launching the task definition through an Amazon ECS service or task.
AWS::ECS::TaskDefinition external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html

constructor

constructor(scope: cdk.Construct, id: string, props?: CfnTaskDefinitionProps);

Create a new AWS::ECS::TaskDefinition.
Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties

property attrTaskDefinitionArn

readonly attrTaskDefinitionArn: string;

TaskDefinitionArn

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property containerDefinitions

containerDefinitions: any;

A list of container definitions in JSON format that describe the different containers that make up your task. For more information about container definition parameters and defaults, see [Amazon ECS Task Definitions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_defintions.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-containerdefinitions

property cpu

cpu: string;

The number of cpu units used by the task. If you use the EC2 launch type, this field is optional. Any value can be used. If you use the Fargate launch type, this field is required. You must use one of the following values. The value that you choose determines your range of valid values for the memory parameter.
The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate.
- 256 (.25 vCPU) - Available memory values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - 512 (.5 vCPU) - Available memory values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - 1024 (1 vCPU) - Available memory values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - 2048 (2 vCPU) - Available memory values: 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - 4096 (4 vCPU) - Available memory values: 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - 8192 (8 vCPU) - Available memory values: 16 GB and 60 GB in 4 GB increments
This option requires Linux platform 1.4.0 or later. - 16384 (16vCPU) - Available memory values: 32GB and 120 GB in 8 GB increments
This option requires Linux platform 1.4.0 or later.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-cpu

property ephemeralStorage

ephemeralStorage: any;

The ephemeral storage settings to use for tasks run with the task definition.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-ephemeralstorage

property executionRoleArn

executionRoleArn: string;

The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf. The task execution IAM role is required depending on the requirements of your task. For more information, see [Amazon ECS task execution IAM role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-executionrolearn

property family

family: string;

The name of a family that this task definition is registered to. Up to 255 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed.
A family groups multiple versions of a task definition. Amazon ECS gives the first task definition that you registered to a family a revision number of 1. Amazon ECS gives sequential revision numbers to each task definition that you add.
> To use revision numbers when you update a task definition, specify this property. If you don't specify a value, AWS CloudFormation generates a new task definition each time that you update it.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-family

property inferenceAccelerators

inferenceAccelerators: any;

The Elastic Inference accelerators to use for the containers in the task.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-inferenceaccelerators

property ipcMode

ipcMode: string;

The IPC resource namespace to use for the containers in the task. The valid values are host , task , or none . If host is specified, then all containers within the tasks that specified the host IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If task is specified, all containers within the specified task share the same IPC resources. If none is specified, then IPC resources within the containers of a task are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance. For more information, see [IPC settings](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#ipc-settings---ipc) in the *Docker run reference* .
If the host IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose. For more information, see [Docker security](https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/) .
If you are setting namespaced kernel parameters using systemControls for the containers in the task, the following will apply to your IPC resource namespace. For more information, see [System Controls](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html) in the *Amazon Elastic Container Service Developer Guide* .
- For tasks that use the host IPC mode, IPC namespace related systemControls are not supported. - For tasks that use the task IPC mode, IPC namespace related systemControls will apply to all containers within a task.
> This parameter is not supported for Windows containers or tasks run on AWS Fargate .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-ipcmode

property memory

memory: string;

The amount (in MiB) of memory used by the task.
If your tasks runs on Amazon EC2 instances, you must specify either a task-level memory value or a container-level memory value. This field is optional and any value can be used. If a task-level memory value is specified, the container-level memory value is optional. For more information regarding container-level memory and memory reservation, see [ContainerDefinition](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html) .
If your tasks runs on AWS Fargate , this field is required. You must use one of the following values. The value you choose determines your range of valid values for the cpu parameter.
- 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - Available cpu values: 256 (.25 vCPU) - 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - Available cpu values: 512 (.5 vCPU) - 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - Available cpu values: 1024 (1 vCPU) - Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - Available cpu values: 2048 (2 vCPU) - Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - Available cpu values: 4096 (4 vCPU) - Between 16 GB and 60 GB in 4 GB increments - Available cpu values: 8192 (8 vCPU)
This option requires Linux platform 1.4.0 or later. - Between 32GB and 120 GB in 8 GB increments - Available cpu values: 16384 (16 vCPU)
This option requires Linux platform 1.4.0 or later.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-memory

property networkMode

networkMode: string;

The Docker networking mode to use for the containers in the task. The valid values are none , bridge , awsvpc , and host . If no network mode is specified, the default is bridge .
For Amazon ECS tasks on Fargate, the awsvpc network mode is required. For Amazon ECS tasks on Amazon EC2 Linux instances, any network mode can be used. For Amazon ECS tasks on Amazon EC2 Windows instances, <default> or awsvpc can be used. If the network mode is set to none , you cannot specify port mappings in your container definitions, and the tasks containers do not have external connectivity. The host and awsvpc network modes offer the highest networking performance for containers because they use the EC2 network stack instead of the virtualized network stack provided by the bridge mode.
With the host and awsvpc network modes, exposed container ports are mapped directly to the corresponding host port (for the host network mode) or the attached elastic network interface port (for the awsvpc network mode), so you cannot take advantage of dynamic host port mappings.
> When using the host network mode, you should not run containers using the root user (UID 0). It is considered best practice to use a non-root user.
If the network mode is awsvpc , the task is allocated an elastic network interface, and you must specify a NetworkConfiguration value when you create a service or run a task with the task definition. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide* .
If the network mode is host , you cannot run multiple instantiations of the same task on a single container instance when port mappings are used.
For more information, see [Network settings](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#network-settings) in the *Docker run reference* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-networkmode

property pidMode

pidMode: string;

The process namespace to use for the containers in the task. The valid values are host or task . If host is specified, then all containers within the tasks that specified the host PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance. If task is specified, all containers within the specified task share the same process namespace. If no value is specified, the default is a private namespace. For more information, see [PID settings](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#pid-settings---pid) in the *Docker run reference* .
If the host PID mode is used, be aware that there is a heightened risk of undesired process namespace expose. For more information, see [Docker security](https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/) .
> This parameter is not supported for Windows containers or tasks run on AWS Fargate .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-pidmode

property placementConstraints

placementConstraints: any;

An array of placement constraint objects to use for tasks.
> This parameter isn't supported for tasks run on AWS Fargate .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-placementconstraints

property proxyConfiguration

proxyConfiguration: any;

The configuration details for the App Mesh proxy.
Your Amazon ECS container instances require at least version 1.26.0 of the container agent and at least version 1.26.0-1 of the ecs-init package to use a proxy configuration. If your container instances are launched from the Amazon ECS optimized AMI version 20190301 or later, they contain the required versions of the container agent and ecs-init . For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-proxyconfiguration

property requiresCompatibilities

requiresCompatibilities: string[];

The task launch types the task definition was validated against. For more information, see [Amazon ECS launch types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-requirescompatibilities

property runtimePlatform

runtimePlatform: any;

The operating system that your tasks definitions run on. A platform family is specified only for tasks using the Fargate launch type.
When you specify a task definition in a service, this value must match the runtimePlatform value of the service.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-runtimeplatform

property tags

readonly tags: cdk.TagManager;

The metadata that you apply to the task definition to help you categorize and organize them. Each tag consists of a key and an optional value. You define both of them.
The following basic restrictions apply to tags:
- Maximum number of tags per resource - 50 - For each resource, each tag key must be unique, and each tag key can have only one value. - Maximum key length - 128 Unicode characters in UTF-8 - Maximum value length - 256 Unicode characters in UTF-8 - If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @. - Tag keys and values are case-sensitive. - Do not use aws: , AWS: , or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-tags

property taskRoleArn

taskRoleArn: string;

The short name or full Amazon Resource Name (ARN) of the AWS Identity and Access Management role that grants containers in the task permission to call AWS APIs on your behalf. For more information, see [Amazon ECS Task Role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) in the *Amazon Elastic Container Service Developer Guide* .
IAM roles for tasks on Windows require that the -EnableTaskIAMRole option is set when you launch the Amazon ECS-optimized Windows AMI. Your containers must also run some configuration code to use the feature. For more information, see [Windows IAM roles for tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows_task_IAM_roles.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-taskrolearn

property volumes

volumes: any;

The list of data volume definitions for the task. For more information, see [Using data volumes in tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_data_volumes.html) in the *Amazon Elastic Container Service Developer Guide* .
> The host and sourcePath parameters aren't supported for tasks run on AWS Fargate .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-volumes

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

class CfnTaskSet

class CfnTaskSet extends cdk.CfnResource implements cdk.IInspectable {}

A CloudFormation AWS::ECS::TaskSet
Create a task set in the specified cluster and service. This is used when a service uses the EXTERNAL deployment controller type. For more information, see [Amazon ECS deployment types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html) in the *Amazon Elastic Container Service Developer Guide* .
AWS::ECS::TaskSet external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskset.html

constructor

constructor(scope: cdk.Construct, id: string, props: CfnTaskSetProps);

Create a new AWS::ECS::TaskSet.
Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties

property attrId

readonly attrId: string;

The ID of the task set. Id

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property cluster

cluster: string;

The short name or full Amazon Resource Name (ARN) of the cluster that hosts the service to create the task set in.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskset.html#cfn-ecs-taskset-cluster

property externalId

externalId: string;

An optional non-unique tag that identifies this task set in external systems. If the task set is associated with a service discovery registry, the tasks in this task set will have the ECS_TASK_SET_EXTERNAL_ID AWS Cloud Map attribute set to the provided value.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskset.html#cfn-ecs-taskset-externalid

property launchType

launchType: string;

The launch type that new tasks in the task set uses. For more information, see [Amazon ECS launch types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html) in the *Amazon Elastic Container Service Developer Guide* .
If a launchType is specified, the capacityProviderStrategy parameter must be omitted.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskset.html#cfn-ecs-taskset-launchtype

property loadBalancers

loadBalancers: any;

A load balancer object representing the load balancer to use with the task set. The supported load balancer types are either an Application Load Balancer or a Network Load Balancer.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskset.html#cfn-ecs-taskset-loadbalancers

property networkConfiguration

networkConfiguration: any;

The network configuration for the task set.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskset.html#cfn-ecs-taskset-networkconfiguration

property platformVersion

platformVersion: string;

The platform version that the tasks in the task set uses. A platform version is specified only for tasks using the Fargate launch type. If one isn't specified, the LATEST platform version is used.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskset.html#cfn-ecs-taskset-platformversion

property scale

scale: any;

A floating-point percentage of your desired number of tasks to place and keep running in the task set.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskset.html#cfn-ecs-taskset-scale

property service

service: string;

The short name or full Amazon Resource Name (ARN) of the service to create the task set in.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskset.html#cfn-ecs-taskset-service

property serviceRegistries

serviceRegistries: any;

The details of the service discovery registries to assign to this task set. For more information, see [Service discovery](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskset.html#cfn-ecs-taskset-serviceregistries

property taskDefinition

taskDefinition: string;

The task definition for the tasks in the task set to use.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskset.html#cfn-ecs-taskset-taskdefinition

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

class Cluster

class Cluster extends Resource implements ICluster {}

A regional grouping of one or more container instances on which you can run tasks and services.

constructor

constructor(scope: Construct, id: string, props?: ClusterProps);

Constructs a new instance of the Cluster class.

property autoscalingGroup

readonly autoscalingGroup: any;

Getter for autoscaling group added to cluster

property clusterArn

readonly clusterArn: string;

The Amazon Resource Name (ARN) that identifies the cluster.

property clusterName

readonly clusterName: string;

The name of the cluster.

property connections

readonly connections: ec2.Connections;

Manage the allowed network connections for the cluster with Security Groups.

property defaultCloudMapNamespace

readonly defaultCloudMapNamespace: any;

Getter for namespace added to cluster

property executeCommandConfiguration

readonly executeCommandConfiguration: ExecuteCommandConfiguration;

Getter for execute command configuration associated with the cluster.

property hasEc2Capacity

readonly hasEc2Capacity: boolean;

Whether the cluster has EC2 capacity associated with it

property vpc

readonly vpc: ec2.IVpc;

The VPC associated with the cluster.

method addAsgCapacityProvider

addAsgCapacityProvider: (
    provider: AsgCapacityProvider,
    options?: AddAutoScalingGroupCapacityOptions
) => void;

This method adds an Auto Scaling Group Capacity Provider to a cluster.
Parameter provider
the capacity provider to add to this cluster.

method addAutoScalingGroup

addAutoScalingGroup: (
    autoScalingGroup: autoscaling.AutoScalingGroup,
    options?: AddAutoScalingGroupCapacityOptions
) => void;

This method adds compute capacity to a cluster using the specified AutoScalingGroup.
Parameter autoScalingGroup
the ASG to add to this cluster. [disable-awslint:ref-via-interface] is needed in order to install the ECS agent by updating the ASGs user data.
Deprecated
Use Cluster.addAsgCapacityProvider instead.

method addCapacity

addCapacity: (
    id: string,
    options: AddCapacityOptions
) => autoscaling.AutoScalingGroup;

It is highly recommended to use Cluster.addAsgCapacityProvider instead of this method.
This method adds compute capacity to a cluster by creating an AutoScalingGroup with the specified options.
Returns the AutoScalingGroup so you can add autoscaling settings to it.

method addCapacityProvider

addCapacityProvider: (provider: string) => void;

This method enables the Fargate or Fargate Spot capacity providers on the cluster.
Parameter provider
the capacity provider to add to this cluster.
See Also
- addAsgCapacityProvider to add an Auto Scaling Group capacity provider to the cluster.
Deprecated
Use enableFargateCapacityProviders instead.

method addDefaultCloudMapNamespace

addDefaultCloudMapNamespace: (
    options: CloudMapNamespaceOptions
) => cloudmap.INamespace;

Add an AWS Cloud Map DNS namespace for this cluster. NOTE: HttpNamespaces are not supported, as ECS always requires a DNSConfig when registering an instance to a Cloud Map service.

method enableFargateCapacityProviders

enableFargateCapacityProviders: () => void;

Enable the Fargate capacity providers for this cluster.

method fromClusterArn

static fromClusterArn: (
    scope: Construct,
    id: string,
    clusterArn: string
) => ICluster;

Import an existing cluster to the stack from the cluster ARN. This does not provide access to the vpc, hasEc2Capacity, or connections - use the fromClusterAttributes method to access those properties.

method fromClusterAttributes

static fromClusterAttributes: (
    scope: Construct,
    id: string,
    attrs: ClusterAttributes
) => ICluster;

Import an existing cluster to the stack from its attributes.

method metric

metric: (
    metricName: string,
    props?: cloudwatch.MetricOptions
) => cloudwatch.Metric;

This method returns the specifed CloudWatch metric for this cluster.

method metricCpuReservation

metricCpuReservation: (props?: cloudwatch.MetricOptions) => cloudwatch.Metric;

This method returns the CloudWatch metric for this clusters CPU reservation.
average over 5 minutes

method metricCpuUtilization

metricCpuUtilization: (props?: cloudwatch.MetricOptions) => cloudwatch.Metric;

This method returns the CloudWatch metric for this clusters CPU utilization.
average over 5 minutes

method metricMemoryReservation

metricMemoryReservation: (props?: cloudwatch.MetricOptions) => cloudwatch.Metric;

This method returns the CloudWatch metric for this clusters memory reservation.
average over 5 minutes

method metricMemoryUtilization

metricMemoryUtilization: (props?: cloudwatch.MetricOptions) => cloudwatch.Metric;

This method returns the CloudWatch metric for this clusters memory utilization.
average over 5 minutes

class ContainerDefinition

class ContainerDefinition extends CoreConstruct {}

A container definition is used in a task definition to describe the containers that are launched as part of a task.

constructor

constructor(scope: Construct, id: string, props: ContainerDefinitionProps);

Constructs a new instance of the ContainerDefinition class.

property containerDependencies

readonly containerDependencies: ContainerDependency[];

An array dependencies defined for container startup and shutdown.

property containerName

readonly containerName: string;

The name of this container

property containerPort

readonly containerPort: number;

The port the container will listen on.

property environmentFiles

readonly environmentFiles?: EnvironmentFileConfig[];

The environment files for this container

property essential

readonly essential: boolean;

Specifies whether the container will be marked essential.
If the essential parameter of a container is marked as true, and that container fails or stops for any reason, all other containers that are part of the task are stopped. If the essential parameter of a container is marked as false, then its failure does not affect the rest of the containers in a task.
If this parameter is omitted, a container is assumed to be essential.

property imageName

readonly imageName: string;

The name of the image referenced by this container.

property ingressPort

readonly ingressPort: number;

The inbound rules associated with the security group the task or service will use.
This property is only used for tasks that use the awsvpc network mode.

property linuxParameters

readonly linuxParameters?: LinuxParameters;

The Linux-specific modifications that are applied to the container, such as Linux kernel capabilities.

property logDriverConfig

readonly logDriverConfig?: LogDriverConfig;

The log configuration specification for the container.

property memoryLimitSpecified

readonly memoryLimitSpecified: boolean;

Whether there was at least one memory limit specified in this definition

property mountPoints

readonly mountPoints: MountPoint[];

The mount points for data volumes in your container.

property portMappings

readonly portMappings: PortMapping[];

The list of port mappings for the container. Port mappings allow containers to access ports on the host container instance to send or receive traffic.

property referencesSecretJsonField

readonly referencesSecretJsonField?: boolean;

Whether this container definition references a specific JSON field of a secret stored in Secrets Manager.

property taskDefinition

readonly taskDefinition: TaskDefinition;

The name of the task definition that includes this container definition.

property ulimits

readonly ulimits: Ulimit[];

An array of ulimits to set in the container.

property volumesFrom

readonly volumesFrom: VolumeFrom[];

The data volumes to mount from another container in the same task definition.

method addContainerDependencies

addContainerDependencies: (
    ...containerDependencies: ContainerDependency[]
) => void;

This method adds one or more container dependencies to the container.

method addEnvironment

addEnvironment: (name: string, value: string) => void;

This method adds an environment variable to the container.

method addInferenceAcceleratorResource

addInferenceAcceleratorResource: (
    ...inferenceAcceleratorResources: string[]
) => void;

This method adds one or more resources to the container.

method addLink

addLink: (container: ContainerDefinition, alias?: string) => void;

This method adds a link which allows containers to communicate with each other without the need for port mappings.
This parameter is only supported if the task definition is using the bridge network mode. Warning: The --link flag is a legacy feature of Docker. It may eventually be removed.

method addMountPoints

addMountPoints: (...mountPoints: MountPoint[]) => void;

This method adds one or more mount points for data volumes to the container.

method addPortMappings

addPortMappings: (...portMappings: PortMapping[]) => void;

This method adds one or more port mappings to the container.

method addScratch

addScratch: (scratch: ScratchSpace) => void;

This method mounts temporary disk space to the container.
This adds the correct container mountPoint and task definition volume.

method addToExecutionPolicy

addToExecutionPolicy: (statement: iam.PolicyStatement) => void;

This method adds the specified statement to the IAM task execution policy in the task definition.

method addUlimits

addUlimits: (...ulimits: Ulimit[]) => void;

This method adds one or more ulimits to the container.

method addVolumesFrom

addVolumesFrom: (...volumesFrom: VolumeFrom[]) => void;

This method adds one or more volumes to the container.

method findPortMapping

findPortMapping: (
    containerPort: number,
    protocol: Protocol
) => PortMapping | undefined;

Returns the host port for the requested container port if it exists

method renderContainerDefinition

renderContainerDefinition: (
    _taskDefinition?: TaskDefinition
) => CfnTaskDefinition.ContainerDefinitionProperty;

Render this container definition to a CloudFormation object
Parameter _taskDefinition
[disable-awslint:ref-via-interface] (unused but kept to avoid breaking change)

class ContainerImage

abstract class ContainerImage {}

Constructs for types of container images

method bind

abstract bind: (
    scope: CoreConstruct,
    containerDefinition: ContainerDefinition
) => ContainerImageConfig;

Called when the image is used by a ContainerDefinition

method fromAsset

static fromAsset: (directory: string, props?: AssetImageProps) => AssetImage;

Reference an image that's constructed directly from sources on disk.
If you already have a DockerImageAsset instance, you can use the ContainerImage.fromDockerImageAsset method instead.
Parameter directory
The directory containing the Dockerfile

method fromDockerImageAsset

static fromDockerImageAsset: (asset: DockerImageAsset) => ContainerImage;

Use an existing DockerImageAsset for this container image.
Parameter asset
The DockerImageAsset to use for this container definition.

method fromEcrRepository

static fromEcrRepository: (
    repository: ecr.IRepository,
    tag?: string
) => EcrImage;

Reference an image in an ECR repository

method fromRegistry

static fromRegistry: (
    name: string,
    props?: RepositoryImageProps
) => RepositoryImage;

Reference an image on DockerHub or another online registry

method fromTarball

static fromTarball: (tarballFile: string) => ContainerImage;

Use an existing tarball for this container image.
Use this method if the container image has already been created by another process (e.g. jib) and you want to add it as a container image asset.
Parameter tarballFile
Absolute path to the tarball. You can use language-specific idioms (such as __dirname in Node.js) to create an absolute path based on the current script running directory.

class CpuArchitecture

class CpuArchitecture {}

The CpuArchitecture for Fargate Runtime Platform.

property ARM64

static readonly ARM64: CpuArchitecture;

ARM64

property X86_64

static readonly X86_64: CpuArchitecture;

X86_64

method of

static of: (cpuArchitecture: string) => CpuArchitecture;

Other cpu architecture.
Parameter cpuArchitecture
cpu architecture.
See Also
- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-runtimeplatform.html#cfn-ecs-taskdefinition-runtimeplatform-cpuarchitecture for all available cpu architecture.

class Ec2Service

class Ec2Service extends BaseService implements IEc2Service {}

This creates a service using the EC2 launch type on an ECS cluster.
AWS::ECS::Service

constructor

constructor(scope: Construct, id: string, props: Ec2ServiceProps);

Constructs a new instance of the Ec2Service class.

method addPlacementConstraints

addPlacementConstraints: (...constraints: PlacementConstraint[]) => void;

Adds one or more placement constraints to use for tasks in the service. For more information, see [Amazon ECS Task Placement Constraints](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-constraints.html).

method addPlacementStrategies

addPlacementStrategies: (...strategies: PlacementStrategy[]) => void;

Adds one or more placement strategies to use for tasks in the service. For more information, see [Amazon ECS Task Placement Strategies](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-strategies.html).

method fromEc2ServiceArn

static fromEc2ServiceArn: (
    scope: Construct,
    id: string,
    ec2ServiceArn: string
) => IEc2Service;

Imports from the specified service ARN.

method fromEc2ServiceAttributes

static fromEc2ServiceAttributes: (
    scope: Construct,
    id: string,
    attrs: Ec2ServiceAttributes
) => IBaseService;

Imports from the specified service attributes.

method validate

protected validate: () => string[];

Validates this Ec2Service.

class Ec2TaskDefinition

class Ec2TaskDefinition extends TaskDefinition implements IEc2TaskDefinition {}

The details of a task definition run on an EC2 cluster.
AWS::ECS::TaskDefinition

constructor

constructor(scope: Construct, id: string, props?: Ec2TaskDefinitionProps);

Constructs a new instance of the Ec2TaskDefinition class.

method fromEc2TaskDefinitionArn

static fromEc2TaskDefinitionArn: (
    scope: Construct,
    id: string,
    ec2TaskDefinitionArn: string
) => IEc2TaskDefinition;

Imports a task definition from the specified task definition ARN.

method fromEc2TaskDefinitionAttributes

static fromEc2TaskDefinitionAttributes: (
    scope: Construct,
    id: string,
    attrs: Ec2TaskDefinitionAttributes
) => IEc2TaskDefinition;

Imports an existing Ec2 task definition from its attributes

class EcrImage

class EcrImage extends ContainerImage {}

An image from an Amazon ECR repository.

constructor

constructor(repository: ecr.IRepository, tagOrDigest: string);

Constructs a new instance of the EcrImage class.

property imageName

readonly imageName: string;

The image name. Images in Amazon ECR repositories can be specified by either using the full registry/repository:tag or registry/repository@digest.
For example, 012345678910.dkr.ecr..amazonaws.com/:latest or 012345678910.dkr.ecr..amazonaws.com/@sha256:94afd1f2e64d908bc90dbca0035a5b567EXAMPLE.

method bind

bind: (
    _scope: CoreConstruct,
    containerDefinition: ContainerDefinition
) => ContainerImageConfig;

class EcsOptimizedAmi

class EcsOptimizedAmi implements ec2.IMachineImage {}

Construct a Linux or Windows machine image from the latest ECS Optimized AMI published in SSM
Deprecated
see EcsOptimizedImage#amazonLinux, EcsOptimizedImage#amazonLinux and EcsOptimizedImage#windows

constructor

constructor(props?: EcsOptimizedAmiProps);

Constructs a new instance of the EcsOptimizedAmi class.

method getImage

getImage: (scope: CoreConstruct) => ec2.MachineImageConfig;

Return the correct image

class EcsOptimizedImage

class EcsOptimizedImage implements ec2.IMachineImage {}

Construct a Linux or Windows machine image from the latest ECS Optimized AMI published in SSM

method amazonLinux

static amazonLinux: (options?: EcsOptimizedImageOptions) => EcsOptimizedImage;

Construct an Amazon Linux AMI image from the latest ECS Optimized AMI published in SSM

method amazonLinux2

static amazonLinux2: (
    hardwareType?: AmiHardwareType,
    options?: EcsOptimizedImageOptions
) => EcsOptimizedImage;

Construct an Amazon Linux 2 image from the latest ECS Optimized AMI published in SSM
Parameter hardwareType
ECS-optimized AMI variant to use

method getImage

getImage: (scope: CoreConstruct) => ec2.MachineImageConfig;

Return the correct image

method windows

static windows: (
    windowsVersion: WindowsOptimizedVersion,
    options?: EcsOptimizedImageOptions
) => EcsOptimizedImage;

Construct a Windows image from the latest ECS Optimized AMI published in SSM
Parameter windowsVersion
Windows Version to use

class EnvironmentFile

abstract class EnvironmentFile {}

Constructs for types of environment files

method bind

abstract bind: (scope: Construct) => EnvironmentFileConfig;

Called when the container is initialized to allow this object to bind to the stack.
Parameter scope
The binding scope

method fromAsset

static fromAsset: (path: string, options?: AssetOptions) => AssetEnvironmentFile;

Loads the environment file from a local disk path.
Parameter path
Local disk path
Parameter options

method fromBucket

static fromBucket: (
    bucket: IBucket,
    key: string,
    objectVersion?: string
) => S3EnvironmentFile;

Loads the environment file from an S3 bucket.
Parameter bucket
The S3 bucket
Parameter key
The object key
Parameter objectVersion
Optional S3 object version
Returns
S3EnvironmentFile associated with the specified S3 object.

class ExternalService

class ExternalService extends BaseService implements IExternalService {}

This creates a service using the External launch type on an ECS cluster.
AWS::ECS::Service

constructor

constructor(scope: Construct, id: string, props: ExternalServiceProps);

Constructs a new instance of the ExternalService class.

method associateCloudMapService

associateCloudMapService: (_options: AssociateCloudMapServiceOptions) => void;

Overriden method to throw error as associateCloudMapService is not supported for external service

method attachToApplicationTargetGroup

attachToApplicationTargetGroup: (
    _targetGroup: elbv2.IApplicationTargetGroup
) => elbv2.LoadBalancerTargetProps;

Overriden method to throw error as attachToApplicationTargetGroup is not supported for external service

method autoScaleTaskCount

autoScaleTaskCount: (_props: appscaling.EnableScalingProps) => ScalableTaskCount;

Overriden method to throw error as autoScaleTaskCount is not supported for external service

method configureAwsVpcNetworkingWithSecurityGroups

protected configureAwsVpcNetworkingWithSecurityGroups: (
    _vpc: ec2.IVpc,
    _assignPublicIp?: boolean,
    _vpcSubnets?: ec2.SubnetSelection,
    _securityGroups?: ec2.ISecurityGroup[]
) => void;

Overriden method to throw error as configureAwsVpcNetworkingWithSecurityGroups is not supported for external service

method enableCloudMap

enableCloudMap: (_options: CloudMapOptions) => cloudmap.Service;

Overriden method to throw error as enableCloudMap is not supported for external service

method fromExternalServiceArn

static fromExternalServiceArn: (
    scope: Construct,
    id: string,
    externalServiceArn: string
) => IExternalService;

Imports from the specified service ARN.

method fromExternalServiceAttributes

static fromExternalServiceAttributes: (
    scope: Construct,
    id: string,
    attrs: ExternalServiceAttributes
) => IBaseService;

Imports from the specified service attributes.

method loadBalancerTarget

loadBalancerTarget: (
    _options: LoadBalancerTargetOptions
) => IEcsLoadBalancerTarget;

Overriden method to throw error as loadBalancerTarget is not supported for external service

method registerLoadBalancerTargets

registerLoadBalancerTargets: (..._targets: EcsTarget[]) => void;

Overriden method to throw error as registerLoadBalancerTargets is not supported for external service

class ExternalTaskDefinition

class ExternalTaskDefinition
    extends TaskDefinition
    implements IExternalTaskDefinition {}

The details of a task definition run on an External cluster.
AWS::ECS::TaskDefinition

constructor

constructor(scope: Construct, id: string, props?: ExternalTaskDefinitionProps);

Constructs a new instance of the ExternalTaskDefinition class.

method addInferenceAccelerator

addInferenceAccelerator: (_inferenceAccelerator: InferenceAccelerator) => void;

Overriden method to throw error as interface accelerators are not supported for external tasks

method fromEc2TaskDefinitionArn

static fromEc2TaskDefinitionArn: (
    scope: Construct,
    id: string,
    externalTaskDefinitionArn: string
) => IExternalTaskDefinition;

Imports a task definition from the specified task definition ARN.

method fromExternalTaskDefinitionAttributes

static fromExternalTaskDefinitionAttributes: (
    scope: Construct,
    id: string,
    attrs: ExternalTaskDefinitionAttributes
) => IExternalTaskDefinition;

Imports an existing External task definition from its attributes

class FargateService

class FargateService extends BaseService implements IFargateService {}

This creates a service using the Fargate launch type on an ECS cluster.
AWS::ECS::Service

constructor

constructor(scope: Construct, id: string, props: FargateServiceProps);

Constructs a new instance of the FargateService class.

method fromFargateServiceArn

static fromFargateServiceArn: (
    scope: Construct,
    id: string,
    fargateServiceArn: string
) => IFargateService;

Imports from the specified service ARN.

method fromFargateServiceAttributes

static fromFargateServiceAttributes: (
    scope: Construct,
    id: string,
    attrs: FargateServiceAttributes
) => IBaseService;

Imports from the specified service attributes.

class FargateTaskDefinition

class FargateTaskDefinition
    extends TaskDefinition
    implements IFargateTaskDefinition {}

The details of a task definition run on a Fargate cluster.
AWS::ECS::TaskDefinition

constructor

constructor(scope: Construct, id: string, props?: FargateTaskDefinitionProps);

Constructs a new instance of the FargateTaskDefinition class.

property ephemeralStorageGiB

readonly ephemeralStorageGiB?: number;

The amount (in GiB) of ephemeral storage to be allocated to the task.

property networkMode

readonly networkMode: NetworkMode;

The Docker networking mode to use for the containers in the task. Fargate tasks require the awsvpc network mode.

method fromFargateTaskDefinitionArn

static fromFargateTaskDefinitionArn: (
    scope: Construct,
    id: string,
    fargateTaskDefinitionArn: string
) => IFargateTaskDefinition;

Imports a task definition from the specified task definition ARN.

method fromFargateTaskDefinitionAttributes

static fromFargateTaskDefinitionAttributes: (
    scope: Construct,
    id: string,
    attrs: FargateTaskDefinitionAttributes
) => IFargateTaskDefinition;

Import an existing Fargate task definition from its attributes

class FireLensLogDriver

class FireLensLogDriver extends LogDriver {}

FireLens enables you to use task definition parameters to route logs to an AWS service or AWS Partner Network (APN) destination for log storage and analytics

constructor

constructor(props: FireLensLogDriverProps);

Constructs a new instance of the FireLensLogDriver class.
Parameter props
the awsfirelens log driver configuration options.

method bind

bind: (
    _scope: CoreConstruct,
    _containerDefinition: ContainerDefinition
) => LogDriverConfig;

Called when the log driver is configured on a container

class FirelensLogRouter

class FirelensLogRouter extends ContainerDefinition {}

Firelens log router

constructor

constructor(scope: Construct, id: string, props: FirelensLogRouterProps);

Constructs a new instance of the FirelensLogRouter class.

property firelensConfig

readonly firelensConfig: FirelensConfig;

Firelens configuration

method renderContainerDefinition

renderContainerDefinition: (
    _taskDefinition?: TaskDefinition
) => CfnTaskDefinition.ContainerDefinitionProperty;

Render this container definition to a CloudFormation object

class FluentdLogDriver

class FluentdLogDriver extends LogDriver {}

A log driver that sends log information to journald Logs.

constructor

constructor(props?: FluentdLogDriverProps);

Constructs a new instance of the FluentdLogDriver class.
Parameter props
the fluentd log driver configuration options.

method bind

bind: (
    _scope: CoreConstruct,
    _containerDefinition: ContainerDefinition
) => LogDriverConfig;

Called when the log driver is configured on a container

class GelfLogDriver

class GelfLogDriver extends LogDriver {}

A log driver that sends log information to journald Logs.

constructor

constructor(props: GelfLogDriverProps);

Constructs a new instance of the GelfLogDriver class.
Parameter props
the gelf log driver configuration options.

method bind

bind: (
    _scope: CoreConstruct,
    _containerDefinition: ContainerDefinition
) => LogDriverConfig;

Called when the log driver is configured on a container

class GenericLogDriver

class GenericLogDriver extends LogDriver {}

A log driver that sends logs to the specified driver.

constructor

constructor(props: GenericLogDriverProps);

Constructs a new instance of the GenericLogDriver class.
Parameter props
the generic log driver configuration options.

method bind

bind: (
    _scope: CoreConstruct,
    _containerDefinition: ContainerDefinition
) => LogDriverConfig;

Called when the log driver is configured on a container.

class JournaldLogDriver

class JournaldLogDriver extends LogDriver {}

A log driver that sends log information to journald Logs.

constructor

constructor(props?: JournaldLogDriverProps);

Constructs a new instance of the JournaldLogDriver class.
Parameter props
the journald log driver configuration options.

method bind

bind: (
    _scope: CoreConstruct,
    _containerDefinition: ContainerDefinition
) => LogDriverConfig;

Called when the log driver is configured on a container

class JsonFileLogDriver

class JsonFileLogDriver extends LogDriver {}

A log driver that sends log information to json-file Logs.

constructor

constructor(props?: JsonFileLogDriverProps);

Constructs a new instance of the JsonFileLogDriver class.
Parameter props
the json-file log driver configuration options.

method bind

bind: (
    _scope: CoreConstruct,
    _containerDefinition: ContainerDefinition
) => LogDriverConfig;

Called when the log driver is configured on a container

class LinuxParameters

class LinuxParameters extends CoreConstruct {}

Linux-specific options that are applied to the container.

constructor

constructor(scope: Construct, id: string, props?: LinuxParametersProps);

Constructs a new instance of the LinuxParameters class.

method addCapabilities

addCapabilities: (...cap: Capability[]) => void;

Adds one or more Linux capabilities to the Docker configuration of a container.
Only works with EC2 launch type.

method addDevices

addDevices: (...device: Device[]) => void;

Adds one or more host devices to a container.

method addTmpfs

addTmpfs: (...tmpfs: Tmpfs[]) => void;

Specifies the container path, mount options, and size (in MiB) of the tmpfs mount for a container.
Only works with EC2 launch type.

method dropCapabilities

dropCapabilities: (...cap: Capability[]) => void;

Removes one or more Linux capabilities to the Docker configuration of a container.
Only works with EC2 launch type.

method renderLinuxParameters

renderLinuxParameters: () => CfnTaskDefinition.LinuxParametersProperty;

Renders the Linux parameters to a CloudFormation object.

class ListenerConfig

abstract class ListenerConfig {}

Base class for configuring listener when registering targets.

method addTargets

abstract addTargets: (
    id: string,
    target: LoadBalancerTargetOptions,
    service: BaseService
) => void;

Create and attach a target group to listener.

method applicationListener

static applicationListener: (
    listener: elbv2.ApplicationListener,
    props?: elbv2.AddApplicationTargetsProps
) => ListenerConfig;

Create a config for adding target group to ALB listener.

method networkListener

static networkListener: (
    listener: elbv2.NetworkListener,
    props?: elbv2.AddNetworkTargetsProps
) => ListenerConfig;

Create a config for adding target group to NLB listener.

class LogDriver

abstract class LogDriver {}

The base class for log drivers.

method awsLogs

static awsLogs: (props: AwsLogDriverProps) => LogDriver;

Creates a log driver configuration that sends log information to CloudWatch Logs.

method bind

abstract bind: (
    scope: CoreConstruct,
    containerDefinition: ContainerDefinition
) => LogDriverConfig;

Called when the log driver is configured on a container

class LogDrivers

class LogDrivers {}

The base class for log drivers.

method awsLogs

static awsLogs: (props: AwsLogDriverProps) => LogDriver;

Creates a log driver configuration that sends log information to CloudWatch Logs.

method firelens

static firelens: (props: FireLensLogDriverProps) => LogDriver;

Creates a log driver configuration that sends log information to firelens log router. For detail configurations, please refer to Amazon ECS FireLens Examples: https://github.com/aws-samples/amazon-ecs-firelens-examples

method fluentd

static fluentd: (props?: FluentdLogDriverProps) => LogDriver;

Creates a log driver configuration that sends log information to fluentd Logs.

method gelf

static gelf: (props: GelfLogDriverProps) => LogDriver;

Creates a log driver configuration that sends log information to gelf Logs.

method journald

static journald: (props?: JournaldLogDriverProps) => LogDriver;

Creates a log driver configuration that sends log information to journald Logs.

method jsonFile

static jsonFile: (props?: JsonFileLogDriverProps) => LogDriver;

Creates a log driver configuration that sends log information to json-file Logs.

method splunk

static splunk: (props: SplunkLogDriverProps) => LogDriver;

Creates a log driver configuration that sends log information to splunk Logs.

method syslog

static syslog: (props?: SyslogLogDriverProps) => LogDriver;

Creates a log driver configuration that sends log information to syslog Logs.

class OperatingSystemFamily

class OperatingSystemFamily {}

The operating system for Fargate Runtime Platform.

property LINUX

static readonly LINUX: OperatingSystemFamily;

LINUX

property WINDOWS_SERVER_2004_CORE

static readonly WINDOWS_SERVER_2004_CORE: OperatingSystemFamily;

WINDOWS_SERVER_2004_CORE

property WINDOWS_SERVER_2016_FULL

static readonly WINDOWS_SERVER_2016_FULL: OperatingSystemFamily;

WINDOWS_SERVER_2016_FULL

property WINDOWS_SERVER_2019_CORE

static readonly WINDOWS_SERVER_2019_CORE: OperatingSystemFamily;

WINDOWS_SERVER_2019_CORE

property WINDOWS_SERVER_2019_FULL

static readonly WINDOWS_SERVER_2019_FULL: OperatingSystemFamily;

WINDOWS_SERVER_2019_FULL

property WINDOWS_SERVER_2022_CORE

static readonly WINDOWS_SERVER_2022_CORE: OperatingSystemFamily;

WINDOWS_SERVER_2022_CORE

property WINDOWS_SERVER_2022_FULL

static readonly WINDOWS_SERVER_2022_FULL: OperatingSystemFamily;

WINDOWS_SERVER_2022_FULL

property WINDOWS_SERVER_20H2_CORE

static readonly WINDOWS_SERVER_20H2_CORE: OperatingSystemFamily;

WINDOWS_SERVER_20H2_CORE

method of

static of: (family: string) => OperatingSystemFamily;

Other operating system family.
Parameter family
operating system family.
See Also
- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-runtimeplatform.html#cfn-ecs-taskdefinition-runtimeplatform-operatingsystemfamily for all available operating system family.

class PlacementConstraint

class PlacementConstraint {}

The placement constraints to use for tasks in the service. For more information, see [Amazon ECS Task Placement Constraints](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-constraints.html).
Tasks will only be placed on instances that match these rules.

method distinctInstances

static distinctInstances: () => PlacementConstraint;

Use distinctInstance to ensure that each task in a particular group is running on a different container instance.

method memberOf

static memberOf: (...expressions: string[]) => PlacementConstraint;

Use memberOf to restrict the selection to a group of valid candidates specified by a query expression.
Multiple expressions can be specified. For more information, see [Cluster Query Language](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-query-language.html).
You can specify multiple expressions in one call. The tasks will only be placed on instances matching all expressions.
See Also
- https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-query-language.html

method toJson

toJson: () => CfnService.PlacementConstraintProperty[];

Return the placement JSON

class PlacementStrategy

class PlacementStrategy {}

The placement strategies to use for tasks in the service. For more information, see [Amazon ECS Task Placement Strategies](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-strategies.html).
Tasks will preferentially be placed on instances that match these rules.

method packedBy

static packedBy: (resource: BinPackResource) => PlacementStrategy;

Places tasks on the container instances with the least available capacity of the specified resource.

method packedByCpu

static packedByCpu: () => PlacementStrategy;

Places tasks on container instances with the least available amount of CPU capacity.
This minimizes the number of instances in use.

method packedByMemory

static packedByMemory: () => PlacementStrategy;

Places tasks on container instances with the least available amount of memory capacity.
This minimizes the number of instances in use.

method randomly

static randomly: () => PlacementStrategy;

Places tasks randomly.

method spreadAcross

static spreadAcross: (...fields: string[]) => PlacementStrategy;

Places tasks evenly based on the specified value.
You can use one of the built-in attributes found on BuiltInAttributes or supply your own custom instance attributes. If more than one attribute is supplied, spreading is done in order.
attributes instanceId

method spreadAcrossInstances

static spreadAcrossInstances: () => PlacementStrategy;

Places tasks evenly across all container instances in the cluster.

method toJson

toJson: () => CfnService.PlacementStrategyProperty[];

Return the placement JSON

class ProxyConfiguration

abstract class ProxyConfiguration {}

The base class for proxy configurations.

method bind

abstract bind: (
    _scope: CoreConstruct,
    _taskDefinition: TaskDefinition
) => CfnTaskDefinition.ProxyConfigurationProperty;

Called when the proxy configuration is configured on a task definition.

class ProxyConfigurations

class ProxyConfigurations {}

The base class for proxy configurations.

method appMeshProxyConfiguration

static appMeshProxyConfiguration: (
    props: AppMeshProxyConfigurationConfigProps
) => ProxyConfiguration;

Constructs a new instance of the ProxyConfiguration class.

class RepositoryImage

class RepositoryImage extends ContainerImage {}

An image hosted in a public or private repository. For images hosted in Amazon ECR, see [EcrImage](https://docs.aws.amazon.com/AmazonECR/latest/userguide/images.html).

constructor

constructor(imageName: string, props?: RepositoryImageProps);

Constructs a new instance of the RepositoryImage class.

method bind

bind: (
    scope: CoreConstruct,
    containerDefinition: ContainerDefinition
) => ContainerImageConfig;

class S3EnvironmentFile

class S3EnvironmentFile extends EnvironmentFile {}

Environment file from S3.

constructor

constructor(bucket: IBucket, key: string, objectVersion?: string);

method bind

bind: (_scope: Construct) => EnvironmentFileConfig;

class ScalableTaskCount

class ScalableTaskCount extends appscaling.BaseScalableAttribute {}

The scalable attribute representing task count.

constructor

constructor(scope: Construct, id: string, props: ScalableTaskCountProps);

Constructs a new instance of the ScalableTaskCount class.

method scaleOnCpuUtilization

scaleOnCpuUtilization: (id: string, props: CpuUtilizationScalingProps) => void;

Scales in or out to achieve a target CPU utilization.

method scaleOnMemoryUtilization

scaleOnMemoryUtilization: (
    id: string,
    props: MemoryUtilizationScalingProps
) => void;

Scales in or out to achieve a target memory utilization.

method scaleOnMetric

scaleOnMetric: (
    id: string,
    props: appscaling.BasicStepScalingPolicyProps
) => void;

Scales in or out based on a specified metric value.

method scaleOnRequestCount

scaleOnRequestCount: (id: string, props: RequestCountScalingProps) => void;

Scales in or out to achieve a target Application Load Balancer request count per target.

method scaleOnSchedule

scaleOnSchedule: (id: string, props: appscaling.ScalingSchedule) => void;

Scales in or out based on a specified scheduled time.

method scaleToTrackCustomMetric

scaleToTrackCustomMetric: (id: string, props: TrackCustomMetricProps) => void;

Scales in or out to achieve a target on a custom metric.

class Secret

abstract class Secret {}

A secret environment variable.

property arn

abstract readonly arn: string;

The ARN of the secret

property hasField

abstract readonly hasField?: boolean;

Whether this secret uses a specific JSON field

method fromSecretsManager

static fromSecretsManager: (
    secret: secretsmanager.ISecret,
    field?: string
) => Secret;

Creates a environment variable value from a secret stored in AWS Secrets Manager.
Parameter secret
the secret stored in AWS Secrets Manager
Parameter field
the name of the field with the value that you want to set as the environment variable value. Only values in JSON format are supported. If you do not specify a JSON field, then the full content of the secret is used.

method fromSecretsManagerVersion

static fromSecretsManagerVersion: (
    secret: secretsmanager.ISecret,
    versionInfo: SecretVersionInfo,
    field?: string
) => Secret;

Creates a environment variable value from a secret stored in AWS Secrets Manager.
Parameter secret
the secret stored in AWS Secrets Manager
Parameter versionInfo
the version information to reference the secret
Parameter field
the name of the field with the value that you want to set as the environment variable value. Only values in JSON format are supported. If you do not specify a JSON field, then the full content of the secret is used.

method fromSsmParameter

static fromSsmParameter: (parameter: ssm.IParameter) => Secret;

Creates an environment variable value from a parameter stored in AWS Systems Manager Parameter Store.

method grantRead

abstract grantRead: (grantee: iam.IGrantable) => iam.Grant;

Grants reading the secret to a principal

class SplunkLogDriver

class SplunkLogDriver extends LogDriver {}

A log driver that sends log information to splunk Logs.

constructor

constructor(props: SplunkLogDriverProps);

Constructs a new instance of the SplunkLogDriver class.
Parameter props
the splunk log driver configuration options.

method bind

bind: (
    _scope: CoreConstruct,
    _containerDefinition: ContainerDefinition
) => LogDriverConfig;

Called when the log driver is configured on a container

class SyslogLogDriver

class SyslogLogDriver extends LogDriver {}

A log driver that sends log information to syslog Logs.

constructor

constructor(props?: SyslogLogDriverProps);

Constructs a new instance of the SyslogLogDriver class.
Parameter props
the syslog log driver configuration options.

method bind

bind: (
    _scope: CoreConstruct,
    _containerDefinition: ContainerDefinition
) => LogDriverConfig;

Called when the log driver is configured on a container

class TagParameterContainerImage

class TagParameterContainerImage extends ContainerImage {}

A special type of ContainerImage that uses an ECR repository for the image, but a CloudFormation Parameter for the tag of the image in that repository. This allows providing this tag through the Parameter at deploy time, for example in a CodePipeline that pushes a new tag of the image to the repository during a build step, and then provides that new tag through the CloudFormation Parameter in the deploy step.
See Also
- #tagParameterName

constructor

constructor(repository: ecr.IRepository);

property tagParameterName

readonly tagParameterName: string;

Returns the name of the CloudFormation Parameter that represents the tag of the image in the ECR repository.

property tagParameterValue

readonly tagParameterValue: string;

Returns the value of the CloudFormation Parameter that represents the tag of the image in the ECR repository.

method bind

bind: (
    scope: Construct,
    containerDefinition: ContainerDefinition
) => ContainerImageConfig;

class TaskDefinition

class TaskDefinition extends TaskDefinitionBase {}

The base class for all task definitions.

constructor

constructor(scope: Construct, id: string, props: TaskDefinitionProps);

Constructs a new instance of the TaskDefinition class.

property compatibility

readonly compatibility: Compatibility;

The task launch type compatibility requirement.

property containers

protected readonly containers: ContainerDefinition[];

The container definitions.

property defaultContainer

defaultContainer?: ContainerDefinition;

Default container for this task
Load balancers will send traffic to this container. The first essential container that is added to this task will become the default container.

property ephemeralStorageGiB

readonly ephemeralStorageGiB?: number;

The amount (in GiB) of ephemeral storage to be allocated to the task.
Only supported in Fargate platform version 1.4.0 or later.

property executionRole

readonly executionRole: any;

property family

readonly family: string;

The name of a family that this task definition is registered to. A family groups multiple versions of a task definition.

property inferenceAccelerators

readonly inferenceAccelerators: InferenceAccelerator[];

Public getter method to access list of inference accelerators attached to the instance.

property networkMode

readonly networkMode: NetworkMode;

The networking mode to use for the containers in the task.

property referencesSecretJsonField

readonly referencesSecretJsonField: boolean;

Whether this task definition has at least a container that references a specific JSON field of a secret stored in Secrets Manager.

property taskDefinitionArn

readonly taskDefinitionArn: string;

The full Amazon Resource Name (ARN) of the task definition.

property taskRole

readonly taskRole: iam.IRole;

The name of the IAM role that grants containers in the task permission to call AWS APIs on your behalf.

method addContainer

addContainer: (
    id: string,
    props: ContainerDefinitionOptions
) => ContainerDefinition;

Adds a new container to the task definition.

method addExtension

addExtension: (extension: ITaskDefinitionExtension) => void;

Adds the specified extension to the task definition.
Extension can be used to apply a packaged modification to a task definition.

method addFirelensLogRouter

addFirelensLogRouter: (
    id: string,
    props: FirelensLogRouterDefinitionOptions
) => FirelensLogRouter;

Adds a firelens log router to the task definition.

method addInferenceAccelerator

addInferenceAccelerator: (inferenceAccelerator: InferenceAccelerator) => void;

Adds an inference accelerator to the task definition.

method addPlacementConstraint

addPlacementConstraint: (constraint: PlacementConstraint) => void;

Adds the specified placement constraint to the task definition.

method addToExecutionRolePolicy

addToExecutionRolePolicy: (statement: iam.PolicyStatement) => void;

Adds a policy statement to the task execution IAM role.

method addToTaskRolePolicy

addToTaskRolePolicy: (statement: iam.PolicyStatement) => void;

Adds a policy statement to the task IAM role.

method addVolume

addVolume: (volume: Volume) => void;

Adds a volume to the task definition.

method findContainer

findContainer: (containerName: string) => ContainerDefinition | undefined;

Returns the container that match the provided containerName.

method fromTaskDefinitionArn

static fromTaskDefinitionArn: (
    scope: Construct,
    id: string,
    taskDefinitionArn: string
) => ITaskDefinition;

Imports a task definition from the specified task definition ARN.
The task will have a compatibility of EC2+Fargate.

method fromTaskDefinitionAttributes

static fromTaskDefinitionAttributes: (
    scope: Construct,
    id: string,
    attrs: TaskDefinitionAttributes
) => ITaskDefinition;

Create a task definition from a task definition reference

method obtainExecutionRole

obtainExecutionRole: () => iam.IRole;

Creates the task execution IAM role if it doesn't already exist.

method validate

protected validate: () => string[];

Validates the task definition.

Interfaces

interface AddAutoScalingGroupCapacityOptions

interface AddAutoScalingGroupCapacityOptions {}

The properties for adding an AutoScalingGroup.

property canContainersAccessInstanceRole

readonly canContainersAccessInstanceRole?: boolean;

Specifies whether the containers can access the container instance role.
false

property machineImageType

readonly machineImageType?: MachineImageType;

What type of machine image this is
Depending on the setting, different UserData will automatically be added to the AutoScalingGroup to configure it properly for use with ECS.
If you create an AutoScalingGroup yourself and are adding it via addAutoScalingGroup(), you must specify this value. If you are adding an autoScalingGroup via addCapacity, this value will be determined from the machineImage you pass.
- Automatically determined from machineImage, if available, otherwise MachineImageType.AMAZON_LINUX_2.

property spotInstanceDraining

readonly spotInstanceDraining?: boolean;

Specify whether to enable Automated Draining for Spot Instances running Amazon ECS Services. For more information, see [Using Spot Instances](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/container-instance-spot.html).
false

property taskDrainTime

readonly taskDrainTime?: Duration;

The time period to wait before force terminating an instance that is draining.
This creates a Lambda function that is used by a lifecycle hook for the AutoScalingGroup that will delay instance termination until all ECS tasks have drained from the instance. Set to 0 to disable task draining.
Set to 0 to disable task draining.
Deprecated
The lifecycle draining hook is not configured if using the EC2 Capacity Provider. Enable managed termination protection instead. Duration.minutes(5)

property topicEncryptionKey

readonly topicEncryptionKey?: kms.IKey;

If AddAutoScalingGroupCapacityOptions.taskDrainTime is non-zero, then the ECS cluster creates an SNS Topic to as part of a system to drain instances of tasks when the instance is being shut down. If this property is provided, then this key will be used to encrypt the contents of that SNS Topic. See [SNS Data Encryption](https://docs.aws.amazon.com/sns/latest/dg/sns-data-encryption.html) for more information.
The SNS Topic will not be encrypted.

interface AddCapacityOptions

interface AddCapacityOptions
    extends AddAutoScalingGroupCapacityOptions,
        autoscaling.CommonAutoScalingGroupProps {}

The properties for adding instance capacity to an AutoScalingGroup.

property instanceType

readonly instanceType: ec2.InstanceType;

The EC2 instance type to use when launching instances into the AutoScalingGroup.

property machineImage

readonly machineImage?: ec2.IMachineImage;

The ECS-optimized AMI variant to use
The default is to use an ECS-optimized AMI of Amazon Linux 2 which is automatically updated to the latest version on every deployment. This will replace the instances in the AutoScalingGroup. Make sure you have not disabled task draining, to avoid downtime when the AMI updates.
To use an image that does not update on every deployment, pass:
const machineImage = ecs.EcsOptimizedImage.amazonLinux2(ecs.AmiHardwareType.STANDARD, { cachedInContext: true, });
For more information, see [Amazon ECS-optimized AMIs](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html).
You must define either machineImage or machineImageType, not both.
- Automatically updated, ECS-optimized Amazon Linux 2

interface AppMeshProxyConfigurationConfigProps

interface AppMeshProxyConfigurationConfigProps {}

The configuration to use when setting an App Mesh proxy configuration.

property containerName

readonly containerName: string;

The name of the container that will serve as the App Mesh proxy.

property properties

readonly properties: AppMeshProxyConfigurationProps;

The set of network configuration parameters to provide the Container Network Interface (CNI) plugin.

interface AppMeshProxyConfigurationProps

interface AppMeshProxyConfigurationProps {}

Interface for setting the properties of proxy configuration.

property appPorts

readonly appPorts: number[];

The list of ports that the application uses. Network traffic to these ports is forwarded to the ProxyIngressPort and ProxyEgressPort.

property egressIgnoredIPs

readonly egressIgnoredIPs?: string[];

The egress traffic going to these specified IP addresses is ignored and not redirected to the ProxyEgressPort. It can be an empty list.

property egressIgnoredPorts

readonly egressIgnoredPorts?: number[];

The egress traffic going to these specified ports is ignored and not redirected to the ProxyEgressPort. It can be an empty list.

property ignoredGID

readonly ignoredGID?: number;

The group ID (GID) of the proxy container as defined by the user parameter in a container definition. This is used to ensure the proxy ignores its own traffic. If IgnoredUID is specified, this field can be empty.

property ignoredUID

readonly ignoredUID?: number;

The user ID (UID) of the proxy container as defined by the user parameter in a container definition. This is used to ensure the proxy ignores its own traffic. If IgnoredGID is specified, this field can be empty.

property proxyEgressPort

readonly proxyEgressPort: number;

Specifies the port that outgoing traffic from the AppPorts is directed to.

property proxyIngressPort

readonly proxyIngressPort: number;

Specifies the port that incoming traffic to the AppPorts is directed to.

interface AsgCapacityProviderProps

interface AsgCapacityProviderProps extends AddAutoScalingGroupCapacityOptions {}

The options for creating an Auto Scaling Group Capacity Provider.

property autoScalingGroup

readonly autoScalingGroup: autoscaling.IAutoScalingGroup;

The autoscaling group to add as a Capacity Provider.

property capacityProviderName

readonly capacityProviderName?: string;

The name of the capacity provider. If a name is specified, it cannot start with aws, ecs, or fargate. If no name is specified, a default name in the CFNStackName-CFNResourceName-RandomString format is used.
CloudFormation-generated name

property enableManagedScaling

readonly enableManagedScaling?: boolean;

Whether to enable managed scaling
true

property enableManagedTerminationProtection

readonly enableManagedTerminationProtection?: boolean;

Whether to enable managed termination protection
true

property maximumScalingStepSize

readonly maximumScalingStepSize?: number;

Maximum scaling step size. In most cases this should be left alone.
1000

property minimumScalingStepSize

readonly minimumScalingStepSize?: number;

Minimum scaling step size. In most cases this should be left alone.
1

property targetCapacityPercent

readonly targetCapacityPercent?: number;

Target capacity percent. In most cases this should be left alone.
100

interface AssetImageProps

interface AssetImageProps extends DockerImageAssetOptions {}

The properties for building an AssetImage.

interface AssociateCloudMapServiceOptions

interface AssociateCloudMapServiceOptions {}

The options for using a cloudmap service.

property container

readonly container?: ContainerDefinition;

The container to point to for a SRV record. - the task definition's default container

property containerPort

readonly containerPort?: number;

The port to point to for a SRV record. - the default port of the task definition's default container

property service

readonly service: cloudmap.IService;

The cloudmap service to register with.

interface AuthorizationConfig

interface AuthorizationConfig {}

The authorization configuration details for the Amazon EFS file system.

property accessPointId

readonly accessPointId?: string;

The access point ID to use. If an access point is specified, the root directory value will be relative to the directory set for the access point. If specified, transit encryption must be enabled in the EFSVolumeConfiguration.
No id

property iam

readonly iam?: string;

Whether or not to use the Amazon ECS task IAM role defined in a task definition when mounting the Amazon EFS file system. If enabled, transit encryption must be enabled in the EFSVolumeConfiguration.
Valid values: ENABLED | DISABLED
If this parameter is omitted, the default value of DISABLED is used.

interface AwsLogDriverProps

interface AwsLogDriverProps {}

Specifies the awslogs log driver configuration options.

property datetimeFormat

readonly datetimeFormat?: string;

This option defines a multiline start pattern in Python strftime format.
A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. Thus the matched line is the delimiter between log messages.
- No multiline matching.

property logGroup

readonly logGroup?: logs.ILogGroup;

The log group to log to
- A log group is automatically created.

property logRetention

readonly logRetention?: logs.RetentionDays;

The number of days log events are kept in CloudWatch Logs when the log group is automatically created by this construct.
- Logs never expire.

property mode

readonly mode?: AwsLogDriverMode;

The delivery mode of log messages from the container to awslogs.
- AwsLogDriverMode.BLOCKING

property multilinePattern

readonly multilinePattern?: string;

This option defines a multiline start pattern using a regular expression.
A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. Thus the matched line is the delimiter between log messages.
This option is ignored if datetimeFormat is also configured.
- No multiline matching.

property streamPrefix

readonly streamPrefix: string;

Prefix for the log streams
The awslogs-stream-prefix option allows you to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task to which the container belongs. If you specify a prefix with this option, then the log stream takes the following format:
prefix-name/container-name/ecs-task-id

interface BaseLogDriverProps

interface BaseLogDriverProps {}

property env

readonly env?: string[];

The env option takes an array of keys. If there is collision between label and env keys, the value of the env takes precedence. Adds additional fields to the extra attributes of a logging message.
- No env

property envRegex

readonly envRegex?: string;

The env-regex option is similar to and compatible with env. Its value is a regular expression to match logging-related environment variables. It is used for advanced log tag options.
- No envRegex

property labels

readonly labels?: string[];

The labels option takes an array of keys. If there is collision between label and env keys, the value of the env takes precedence. Adds additional fields to the extra attributes of a logging message.
- No labels

property tag

readonly tag?: string;

By default, Docker uses the first 12 characters of the container ID to tag log messages. Refer to the log tag option documentation for customizing the log tag format.
- The first 12 characters of the container ID

interface BaseServiceOptions

interface BaseServiceOptions {}

The properties for the base Ec2Service or FargateService service.

property capacityProviderStrategies

readonly capacityProviderStrategies?: CapacityProviderStrategy[];

A list of Capacity Provider strategies used to place a service.
- undefined

property circuitBreaker

readonly circuitBreaker?: DeploymentCircuitBreaker;

Whether to enable the deployment circuit breaker. If this property is defined, circuit breaker will be implicitly enabled. - disabled

property cloudMapOptions

readonly cloudMapOptions?: CloudMapOptions;

The options for configuring an Amazon ECS service to use service discovery.
- AWS Cloud Map service discovery is not enabled.

property cluster

readonly cluster: ICluster;

The name of the cluster that hosts the service.

property deploymentController

readonly deploymentController?: DeploymentController;

Specifies which deployment controller to use for the service. For more information, see [Amazon ECS Deployment Types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html)
- Rolling update (ECS)

property desiredCount

readonly desiredCount?: number;

The desired number of instantiations of the task definition to keep running on the service.
- When creating the service, default is 1; when updating the service, default uses the current task number.

property enableECSManagedTags

readonly enableECSManagedTags?: boolean;

Specifies whether to enable Amazon ECS managed tags for the tasks within the service. For more information, see [Tagging Your Amazon ECS Resources](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-using-tags.html)
false

property enableExecuteCommand

readonly enableExecuteCommand?: boolean;

Whether to enable the ability to execute into a container
- undefined

property healthCheckGracePeriod

readonly healthCheckGracePeriod?: Duration;

The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing target health checks after a task has first started.
- defaults to 60 seconds if at least one load balancer is in-use and it is not already set

property maxHealthyPercent

readonly maxHealthyPercent?: number;

The maximum number of tasks, specified as a percentage of the Amazon ECS service's DesiredCount value, that can run in a service during a deployment.
- 100 if daemon, otherwise 200

property minHealthyPercent

readonly minHealthyPercent?: number;

The minimum number of tasks, specified as a percentage of the Amazon ECS service's DesiredCount value, that must continue to run and remain healthy during a deployment.
- 0 if daemon, otherwise 50

property propagateTags

readonly propagateTags?: PropagatedTagSource;

Specifies whether to propagate the tags from the task definition or the service to the tasks in the service
Valid values are: PropagatedTagSource.SERVICE, PropagatedTagSource.TASK_DEFINITION or PropagatedTagSource.NONE
PropagatedTagSource.NONE

property propagateTaskTagsFrom

readonly propagateTaskTagsFrom?: PropagatedTagSource;

Specifies whether to propagate the tags from the task definition or the service to the tasks in the service. Tags can only be propagated to the tasks within the service during service creation.
Deprecated
Use propagateTags instead. PropagatedTagSource.NONE

property serviceName

readonly serviceName?: string;

The name of the service.
- CloudFormation-generated name.

interface BaseServiceProps

interface BaseServiceProps extends BaseServiceOptions {}

Complete base service properties that are required to be supplied by the implementation of the BaseService class.

property launchType

readonly launchType: LaunchType;

The launch type on which to run your service.
LaunchType will be omitted if capacity provider strategies are specified on the service.
See Also
- - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-capacityproviderstrategy
  Valid values are: LaunchType.ECS or LaunchType.FARGATE or LaunchType.EXTERNAL

interface BottleRocketImageProps

interface BottleRocketImageProps {}

Properties for BottleRocketImage

property architecture

readonly architecture?: ec2.InstanceArchitecture;

The CPU architecture
- x86_64

property cachedInContext

readonly cachedInContext?: boolean;

Whether the AMI ID is cached to be stable between deployments
By default, the newest image is used on each deployment. This will cause instances to be replaced whenever a new version is released, and may cause downtime if there aren't enough running instances in the AutoScalingGroup to reschedule the tasks on.
If set to true, the AMI ID will be cached in cdk.context.json and the same value will be used on future runs. Your instances will not be replaced but your AMI version will grow old over time. To refresh the AMI lookup, you will have to evict the value from the cache using the cdk context command. See https://docs.aws.amazon.com/cdk/latest/guide/context.html for more information.
Can not be set to true in environment-agnostic stacks.
false

property variant

readonly variant?: BottlerocketEcsVariant;

The Amazon ECS variant to use. Only aws-ecs-1 is currently available
- BottlerocketEcsVariant.AWS_ECS_1

interface CapacityProviderStrategy

interface CapacityProviderStrategy {}

A Capacity Provider strategy to use for the service.
NOTE: defaultCapacityProviderStrategy on cluster not currently supported.

property base

readonly base?: number;

The base value designates how many tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined. If no value is specified, the default value of 0 is used.
- none

property capacityProvider

readonly capacityProvider: string;

The name of the capacity provider.

property weight

readonly weight?: number;

The weight value designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The weight value is taken into consideration after the base value, if defined, is satisfied.
- 0

interface CfnCapacityProviderProps

interface CfnCapacityProviderProps {}

Properties for defining a CfnCapacityProvider
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-capacityprovider.html

property autoScalingGroupProvider

readonly autoScalingGroupProvider:
    | CfnCapacityProvider.AutoScalingGroupProviderProperty
    | cdk.IResolvable;

The Auto Scaling group settings for the capacity provider.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-capacityprovider.html#cfn-ecs-capacityprovider-autoscalinggroupprovider

property name

readonly name?: string;

The name of the capacity provider. If a name is specified, it cannot start with aws , ecs , or fargate . If no name is specified, a default name in the CFNStackName-CFNResourceName-RandomString format is used.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-capacityprovider.html#cfn-ecs-capacityprovider-name

property tags

readonly tags?: cdk.CfnTag[];

The metadata that you apply to the capacity provider to help you categorize and organize it. Each tag consists of a key and an optional value. You define both.
The following basic restrictions apply to tags:
- Maximum number of tags per resource - 50 - For each resource, each tag key must be unique, and each tag key can have only one value. - Maximum key length - 128 Unicode characters in UTF-8 - Maximum value length - 256 Unicode characters in UTF-8 - If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @. - Tag keys and values are case-sensitive. - Do not use aws: , AWS: , or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-capacityprovider.html#cfn-ecs-capacityprovider-tags

interface CfnClusterCapacityProviderAssociationsProps

interface CfnClusterCapacityProviderAssociationsProps {}

Properties for defining a CfnClusterCapacityProviderAssociations
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-clustercapacityproviderassociations.html

property capacityProviders

readonly capacityProviders: string[];

The capacity providers to associate with the cluster.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-clustercapacityproviderassociations.html#cfn-ecs-clustercapacityproviderassociations-capacityproviders

property cluster

readonly cluster: string;

The cluster the capacity provider association is the target of.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-clustercapacityproviderassociations.html#cfn-ecs-clustercapacityproviderassociations-cluster

property defaultCapacityProviderStrategy

readonly defaultCapacityProviderStrategy:
    | Array<
          | CfnClusterCapacityProviderAssociations.CapacityProviderStrategyProperty
          | cdk.IResolvable
      >
    | cdk.IResolvable;

The default capacity provider strategy to associate with the cluster.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-clustercapacityproviderassociations.html#cfn-ecs-clustercapacityproviderassociations-defaultcapacityproviderstrategy

interface CfnClusterProps

interface CfnClusterProps {}

Properties for defining a CfnCluster
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-cluster.html

property capacityProviders

readonly capacityProviders?: string[];

The short name of one or more capacity providers to associate with the cluster. A capacity provider must be associated with a cluster before it can be included as part of the default capacity provider strategy of the cluster or used in a capacity provider strategy when calling the [CreateService](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CreateService.html) or [RunTask](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_RunTask.html) actions.
If specifying a capacity provider that uses an Auto Scaling group, the capacity provider must be created but not associated with another cluster. New Auto Scaling group capacity providers can be created with the [CreateCapacityProvider](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CreateCapacityProvider.html) API operation.
To use a AWS Fargate capacity provider, specify either the FARGATE or FARGATE_SPOT capacity providers. The AWS Fargate capacity providers are available to all accounts and only need to be associated with a cluster to be used.
The [PutCapacityProvider](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PutCapacityProvider.html) API operation is used to update the list of available capacity providers for a cluster after the cluster is created.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-cluster.html#cfn-ecs-cluster-capacityproviders

property clusterName

readonly clusterName?: string;

A user-generated string that you use to identify your cluster. If you don't specify a name, AWS CloudFormation generates a unique physical ID for the name.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-cluster.html#cfn-ecs-cluster-clustername

property clusterSettings

readonly clusterSettings?:
    | Array<CfnCluster.ClusterSettingsProperty | cdk.IResolvable>
    | cdk.IResolvable;

The settings to use when creating a cluster. This parameter is used to turn on CloudWatch Container Insights for a cluster.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-cluster.html#cfn-ecs-cluster-clustersettings

property configuration

readonly configuration?:
    | CfnCluster.ClusterConfigurationProperty
    | cdk.IResolvable;

The execute command configuration for the cluster.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-cluster.html#cfn-ecs-cluster-configuration

property defaultCapacityProviderStrategy

readonly defaultCapacityProviderStrategy?:
    | Array<CfnCluster.CapacityProviderStrategyItemProperty | cdk.IResolvable>
    | cdk.IResolvable;

The default capacity provider strategy for the cluster. When services or tasks are run in the cluster with no launch type or capacity provider strategy specified, the default capacity provider strategy is used.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-cluster.html#cfn-ecs-cluster-defaultcapacityproviderstrategy

property serviceConnectDefaults

readonly serviceConnectDefaults?:
    | CfnCluster.ServiceConnectDefaultsProperty
    | cdk.IResolvable;

Use this parameter to set a default Service Connect namespace. After you set a default Service Connect namespace, any new services with Service Connect turned on that are created in the cluster are added as client services in the namespace. This setting only applies to new services that set the enabled parameter to true in the ServiceConnectConfiguration . You can set the namespace of each service individually in the ServiceConnectConfiguration to override this default parameter.
Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-cluster.html#cfn-ecs-cluster-serviceconnectdefaults

property tags

readonly tags?: cdk.CfnTag[];

The metadata that you apply to the cluster to help you categorize and organize them. Each tag consists of a key and an optional value. You define both.
The following basic restrictions apply to tags:
- Maximum number of tags per resource - 50 - For each resource, each tag key must be unique, and each tag key can have only one value. - Maximum key length - 128 Unicode characters in UTF-8 - Maximum value length - 256 Unicode characters in UTF-8 - If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @. - Tag keys and values are case-sensitive. - Do not use aws: , AWS: , or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-cluster.html#cfn-ecs-cluster-tags

interface CfnPrimaryTaskSetProps

interface CfnPrimaryTaskSetProps {}

Properties for defining a CfnPrimaryTaskSet
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-primarytaskset.html

property cluster

readonly cluster: string;

The short name or full Amazon Resource Name (ARN) of the cluster that hosts the service that the task set exists in.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-primarytaskset.html#cfn-ecs-primarytaskset-cluster

property service

readonly service: string;

The short name or full Amazon Resource Name (ARN) of the service that the task set exists in.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-primarytaskset.html#cfn-ecs-primarytaskset-service

property taskSetId

readonly taskSetId: string;

The short name or full Amazon Resource Name (ARN) of the task set to set as the primary task set in the deployment.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-primarytaskset.html#cfn-ecs-primarytaskset-tasksetid

interface CfnServiceProps

interface CfnServiceProps {}

Properties for defining a CfnService
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html

property capacityProviderStrategy

readonly capacityProviderStrategy?:
    | Array<CfnService.CapacityProviderStrategyItemProperty | cdk.IResolvable>
    | cdk.IResolvable;

The capacity provider strategy to use for the service.
If a capacityProviderStrategy is specified, the launchType parameter must be omitted. If no capacityProviderStrategy or launchType is specified, the defaultCapacityProviderStrategy for the cluster is used.
A capacity provider strategy may contain a maximum of 6 capacity providers.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-capacityproviderstrategy

property cluster

readonly cluster?: string;

The short name or full Amazon Resource Name (ARN) of the cluster that you run your service on. If you do not specify a cluster, the default cluster is assumed.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-cluster

property deploymentConfiguration

readonly deploymentConfiguration?:
    | CfnService.DeploymentConfigurationProperty
    | cdk.IResolvable;

Optional deployment parameters that control how many tasks run during the deployment and the ordering of stopping and starting tasks.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-deploymentconfiguration

property deploymentController

readonly deploymentController?:
    | CfnService.DeploymentControllerProperty
    | cdk.IResolvable;

The deployment controller to use for the service. If no deployment controller is specified, the default value of ECS is used.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-deploymentcontroller

property desiredCount

readonly desiredCount?: number;

The number of instantiations of the specified task definition to place and keep running in your service.
For new services, if a desired count is not specified, a default value of 1 is used. When using the DAEMON scheduling strategy, the desired count is not required.
For existing services, if a desired count is not specified, it is omitted from the operation.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-desiredcount

property enableEcsManagedTags

readonly enableEcsManagedTags?: boolean | cdk.IResolvable;

Specifies whether to turn on Amazon ECS managed tags for the tasks within the service. For more information, see [Tagging your Amazon ECS resources](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-using-tags.html) in the *Amazon Elastic Container Service Developer Guide* .
When you use Amazon ECS managed tags, you need to set the propagateTags request parameter.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-enableecsmanagedtags

property enableExecuteCommand

readonly enableExecuteCommand?: boolean | cdk.IResolvable;

Determines whether the execute command functionality is turned on for the service. If true , the execute command functionality is turned on for all containers in tasks as part of the service.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-enableexecutecommand

property healthCheckGracePeriodSeconds

readonly healthCheckGracePeriodSeconds?: number;

The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing target health checks after a task has first started. This is only used when your service is configured to use a load balancer. If your service has a load balancer defined and you don't specify a health check grace period value, the default value of 0 is used.
If you do not use an Elastic Load Balancing, we recommend that you use the startPeriod in the task definition health check parameters. For more information, see [Health check](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_HealthCheck.html) .
If your service's tasks take a while to start and respond to Elastic Load Balancing health checks, you can specify a health check grace period of up to 2,147,483,647 seconds (about 69 years). During that time, the Amazon ECS service scheduler ignores health check status. This grace period can prevent the service scheduler from marking tasks as unhealthy and stopping them before they have time to come up.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-healthcheckgraceperiodseconds

property launchType

readonly launchType?: string;

The launch type on which to run your service. For more information, see [Amazon ECS Launch Types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-launchtype

property loadBalancers

readonly loadBalancers?:
    | Array<CfnService.LoadBalancerProperty | cdk.IResolvable>
    | cdk.IResolvable;

A list of load balancer objects to associate with the service. If you specify the Role property, LoadBalancers must be specified as well. For information about the number of load balancers that you can specify per service, see [Service Load Balancing](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-load-balancing.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-loadbalancers

property networkConfiguration

readonly networkConfiguration?:
    | CfnService.NetworkConfigurationProperty
    | cdk.IResolvable;

The network configuration for the service. This parameter is required for task definitions that use the awsvpc network mode to receive their own elastic network interface, and it is not supported for other network modes. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-networkconfiguration

property placementConstraints

readonly placementConstraints?:
    | Array<CfnService.PlacementConstraintProperty | cdk.IResolvable>
    | cdk.IResolvable;

An array of placement constraint objects to use for tasks in your service. You can specify a maximum of 10 constraints for each task. This limit includes constraints in the task definition and those specified at runtime.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-placementconstraints

property placementStrategies

readonly placementStrategies?:
    | Array<CfnService.PlacementStrategyProperty | cdk.IResolvable>
    | cdk.IResolvable;

The placement strategy objects to use for tasks in your service. You can specify a maximum of 5 strategy rules for each service.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-placementstrategies

property platformVersion

readonly platformVersion?: string;

The platform version that your tasks in the service are running on. A platform version is specified only for tasks using the Fargate launch type. If one isn't specified, the LATEST platform version is used. For more information, see [AWS Fargate platform versions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-platformversion

property propagateTags

readonly propagateTags?: string;

Specifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags aren't propagated. Tags can only be propagated to the task during task creation. To add tags to a task after task creation, use the [TagResource](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_TagResource.html) API action.
The default is NONE .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-propagatetags

property role

readonly role?: string;

The name or full Amazon Resource Name (ARN) of the IAM role that allows Amazon ECS to make calls to your load balancer on your behalf. This parameter is only permitted if you are using a load balancer with your service and your task definition doesn't use the awsvpc network mode. If you specify the role parameter, you must also specify a load balancer object with the loadBalancers parameter.
> If your account has already created the Amazon ECS service-linked role, that role is used for your service unless you specify a role here. The service-linked role is required if your task definition uses the awsvpc network mode or if the service is configured to use service discovery, an external deployment controller, multiple target groups, or Elastic Inference accelerators in which case you don't specify a role here. For more information, see [Using service-linked roles for Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using-service-linked-roles.html) in the *Amazon Elastic Container Service Developer Guide* .
If your specified role has a path other than / , then you must either specify the full role ARN (this is recommended) or prefix the role name with the path. For example, if a role with the name bar has a path of /foo/ then you would specify /foo/bar as the role name. For more information, see [Friendly names and paths](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names) in the *IAM User Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-role

property schedulingStrategy

readonly schedulingStrategy?: string;

The scheduling strategy to use for the service. For more information, see [Services](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html) .
There are two service scheduler strategies available:
- REPLICA -The replica scheduling strategy places and maintains the desired number of tasks across your cluster. By default, the service scheduler spreads tasks across Availability Zones. You can use task placement strategies and constraints to customize task placement decisions. This scheduler strategy is required if the service uses the CODE_DEPLOY or EXTERNAL deployment controller types. - DAEMON -The daemon scheduling strategy deploys exactly one task on each active container instance that meets all of the task placement constraints that you specify in your cluster. The service scheduler also evaluates the task placement constraints for running tasks and will stop tasks that don't meet the placement constraints. When you're using this strategy, you don't need to specify a desired number of tasks, a task placement strategy, or use Service Auto Scaling policies.
> Tasks using the Fargate launch type or the CODE_DEPLOY or EXTERNAL deployment controller types don't support the DAEMON scheduling strategy.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-schedulingstrategy

property serviceConnectConfiguration

readonly serviceConnectConfiguration?:
    | CfnService.ServiceConnectConfigurationProperty
    | cdk.IResolvable;

The configuration for this service to discover and connect to services, and be discovered by, and connected from, other services within a namespace.
Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-serviceconnectconfiguration

property serviceName

readonly serviceName?: string;

The name of your service. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. Service names must be unique within a cluster, but you can have similarly named services in multiple clusters within a Region or across multiple Regions.
> The stack update fails if you change any properties that require replacement and the ServiceName is configured. This is because AWS CloudFormation creates the replacement service first, but each ServiceName must be unique in the cluster.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-servicename

property serviceRegistries

readonly serviceRegistries?:
    | Array<CfnService.ServiceRegistryProperty | cdk.IResolvable>
    | cdk.IResolvable;

The details of the service discovery registry to associate with this service. For more information, see [Service discovery](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html) .
> Each service may be associated with one service registry. Multiple service registries for each service isn't supported.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-serviceregistries

property tags

readonly tags?: cdk.CfnTag[];

The metadata that you apply to the service to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. When a service is deleted, the tags are deleted as well.
The following basic restrictions apply to tags:
- Maximum number of tags per resource - 50 - For each resource, each tag key must be unique, and each tag key can have only one value. - Maximum key length - 128 Unicode characters in UTF-8 - Maximum value length - 256 Unicode characters in UTF-8 - If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @. - Tag keys and values are case-sensitive. - Do not use aws: , AWS: , or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-tags

property taskDefinition

readonly taskDefinition?: string;

The family and revision ( family:revision ) or full ARN of the task definition to run in your service. If a revision isn't specified, the latest ACTIVE revision is used.
A task definition must be specified if the service uses either the ECS or CODE_DEPLOY deployment controllers.
For more information about deployment types, see [Amazon ECS deployment types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-taskdefinition

interface CfnTaskDefinitionProps

interface CfnTaskDefinitionProps {}

Properties for defining a CfnTaskDefinition
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html

property containerDefinitions

readonly containerDefinitions?:
    | Array<CfnTaskDefinition.ContainerDefinitionProperty | cdk.IResolvable>
    | cdk.IResolvable;

A list of container definitions in JSON format that describe the different containers that make up your task. For more information about container definition parameters and defaults, see [Amazon ECS Task Definitions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_defintions.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-containerdefinitions

property cpu

readonly cpu?: string;

The number of cpu units used by the task. If you use the EC2 launch type, this field is optional. Any value can be used. If you use the Fargate launch type, this field is required. You must use one of the following values. The value that you choose determines your range of valid values for the memory parameter.
The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate.
- 256 (.25 vCPU) - Available memory values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - 512 (.5 vCPU) - Available memory values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - 1024 (1 vCPU) - Available memory values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - 2048 (2 vCPU) - Available memory values: 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - 4096 (4 vCPU) - Available memory values: 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - 8192 (8 vCPU) - Available memory values: 16 GB and 60 GB in 4 GB increments
This option requires Linux platform 1.4.0 or later. - 16384 (16vCPU) - Available memory values: 32GB and 120 GB in 8 GB increments
This option requires Linux platform 1.4.0 or later.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-cpu

property ephemeralStorage

readonly ephemeralStorage?:
    | CfnTaskDefinition.EphemeralStorageProperty
    | cdk.IResolvable;

The ephemeral storage settings to use for tasks run with the task definition.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-ephemeralstorage

property executionRoleArn

readonly executionRoleArn?: string;

The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf. The task execution IAM role is required depending on the requirements of your task. For more information, see [Amazon ECS task execution IAM role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-executionrolearn

property family

readonly family?: string;

The name of a family that this task definition is registered to. Up to 255 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed.
A family groups multiple versions of a task definition. Amazon ECS gives the first task definition that you registered to a family a revision number of 1. Amazon ECS gives sequential revision numbers to each task definition that you add.
> To use revision numbers when you update a task definition, specify this property. If you don't specify a value, AWS CloudFormation generates a new task definition each time that you update it.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-family

property inferenceAccelerators

readonly inferenceAccelerators?:
    | Array<CfnTaskDefinition.InferenceAcceleratorProperty | cdk.IResolvable>
    | cdk.IResolvable;

The Elastic Inference accelerators to use for the containers in the task.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-inferenceaccelerators

property ipcMode

readonly ipcMode?: string;

The IPC resource namespace to use for the containers in the task. The valid values are host , task , or none . If host is specified, then all containers within the tasks that specified the host IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If task is specified, all containers within the specified task share the same IPC resources. If none is specified, then IPC resources within the containers of a task are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance. For more information, see [IPC settings](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#ipc-settings---ipc) in the *Docker run reference* .
If the host IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose. For more information, see [Docker security](https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/) .
If you are setting namespaced kernel parameters using systemControls for the containers in the task, the following will apply to your IPC resource namespace. For more information, see [System Controls](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html) in the *Amazon Elastic Container Service Developer Guide* .
- For tasks that use the host IPC mode, IPC namespace related systemControls are not supported. - For tasks that use the task IPC mode, IPC namespace related systemControls will apply to all containers within a task.
> This parameter is not supported for Windows containers or tasks run on AWS Fargate .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-ipcmode

property memory

readonly memory?: string;

The amount (in MiB) of memory used by the task.
If your tasks runs on Amazon EC2 instances, you must specify either a task-level memory value or a container-level memory value. This field is optional and any value can be used. If a task-level memory value is specified, the container-level memory value is optional. For more information regarding container-level memory and memory reservation, see [ContainerDefinition](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html) .
If your tasks runs on AWS Fargate , this field is required. You must use one of the following values. The value you choose determines your range of valid values for the cpu parameter.
- 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - Available cpu values: 256 (.25 vCPU) - 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - Available cpu values: 512 (.5 vCPU) - 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - Available cpu values: 1024 (1 vCPU) - Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - Available cpu values: 2048 (2 vCPU) - Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - Available cpu values: 4096 (4 vCPU) - Between 16 GB and 60 GB in 4 GB increments - Available cpu values: 8192 (8 vCPU)
This option requires Linux platform 1.4.0 or later. - Between 32GB and 120 GB in 8 GB increments - Available cpu values: 16384 (16 vCPU)
This option requires Linux platform 1.4.0 or later.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-memory

property networkMode

readonly networkMode?: string;

The Docker networking mode to use for the containers in the task. The valid values are none , bridge , awsvpc , and host . If no network mode is specified, the default is bridge .
For Amazon ECS tasks on Fargate, the awsvpc network mode is required. For Amazon ECS tasks on Amazon EC2 Linux instances, any network mode can be used. For Amazon ECS tasks on Amazon EC2 Windows instances, <default> or awsvpc can be used. If the network mode is set to none , you cannot specify port mappings in your container definitions, and the tasks containers do not have external connectivity. The host and awsvpc network modes offer the highest networking performance for containers because they use the EC2 network stack instead of the virtualized network stack provided by the bridge mode.
With the host and awsvpc network modes, exposed container ports are mapped directly to the corresponding host port (for the host network mode) or the attached elastic network interface port (for the awsvpc network mode), so you cannot take advantage of dynamic host port mappings.
> When using the host network mode, you should not run containers using the root user (UID 0). It is considered best practice to use a non-root user.
If the network mode is awsvpc , the task is allocated an elastic network interface, and you must specify a NetworkConfiguration value when you create a service or run a task with the task definition. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide* .
If the network mode is host , you cannot run multiple instantiations of the same task on a single container instance when port mappings are used.
For more information, see [Network settings](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#network-settings) in the *Docker run reference* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-networkmode

property pidMode

readonly pidMode?: string;

The process namespace to use for the containers in the task. The valid values are host or task . If host is specified, then all containers within the tasks that specified the host PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance. If task is specified, all containers within the specified task share the same process namespace. If no value is specified, the default is a private namespace. For more information, see [PID settings](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#pid-settings---pid) in the *Docker run reference* .
If the host PID mode is used, be aware that there is a heightened risk of undesired process namespace expose. For more information, see [Docker security](https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/) .
> This parameter is not supported for Windows containers or tasks run on AWS Fargate .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-pidmode

property placementConstraints

readonly placementConstraints?:
    | Array<
          | CfnTaskDefinition.TaskDefinitionPlacementConstraintProperty
          | cdk.IResolvable
      >
    | cdk.IResolvable;

An array of placement constraint objects to use for tasks.
> This parameter isn't supported for tasks run on AWS Fargate .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-placementconstraints

property proxyConfiguration

readonly proxyConfiguration?:
    | CfnTaskDefinition.ProxyConfigurationProperty
    | cdk.IResolvable;

The configuration details for the App Mesh proxy.
Your Amazon ECS container instances require at least version 1.26.0 of the container agent and at least version 1.26.0-1 of the ecs-init package to use a proxy configuration. If your container instances are launched from the Amazon ECS optimized AMI version 20190301 or later, they contain the required versions of the container agent and ecs-init . For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-proxyconfiguration

property requiresCompatibilities

readonly requiresCompatibilities?: string[];

The task launch types the task definition was validated against. For more information, see [Amazon ECS launch types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-requirescompatibilities

property runtimePlatform

readonly runtimePlatform?:
    | CfnTaskDefinition.RuntimePlatformProperty
    | cdk.IResolvable;

The operating system that your tasks definitions run on. A platform family is specified only for tasks using the Fargate launch type.
When you specify a task definition in a service, this value must match the runtimePlatform value of the service.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-runtimeplatform

property tags

readonly tags?: cdk.CfnTag[];

The metadata that you apply to the task definition to help you categorize and organize them. Each tag consists of a key and an optional value. You define both of them.
The following basic restrictions apply to tags:
- Maximum number of tags per resource - 50 - For each resource, each tag key must be unique, and each tag key can have only one value. - Maximum key length - 128 Unicode characters in UTF-8 - Maximum value length - 256 Unicode characters in UTF-8 - If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @. - Tag keys and values are case-sensitive. - Do not use aws: , AWS: , or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-tags

property taskRoleArn

readonly taskRoleArn?: string;

The short name or full Amazon Resource Name (ARN) of the AWS Identity and Access Management role that grants containers in the task permission to call AWS APIs on your behalf. For more information, see [Amazon ECS Task Role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) in the *Amazon Elastic Container Service Developer Guide* .
IAM roles for tasks on Windows require that the -EnableTaskIAMRole option is set when you launch the Amazon ECS-optimized Windows AMI. Your containers must also run some configuration code to use the feature. For more information, see [Windows IAM roles for tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows_task_IAM_roles.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-taskrolearn

property volumes

readonly volumes?:
    | Array<CfnTaskDefinition.VolumeProperty | cdk.IResolvable>
    | cdk.IResolvable;

The list of data volume definitions for the task. For more information, see [Using data volumes in tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_data_volumes.html) in the *Amazon Elastic Container Service Developer Guide* .
> The host and sourcePath parameters aren't supported for tasks run on AWS Fargate .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-volumes

interface CfnTaskSetProps

interface CfnTaskSetProps {}

Properties for defining a CfnTaskSet
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskset.html

property cluster

readonly cluster: string;

The short name or full Amazon Resource Name (ARN) of the cluster that hosts the service to create the task set in.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskset.html#cfn-ecs-taskset-cluster

property externalId

readonly externalId?: string;

An optional non-unique tag that identifies this task set in external systems. If the task set is associated with a service discovery registry, the tasks in this task set will have the ECS_TASK_SET_EXTERNAL_ID AWS Cloud Map attribute set to the provided value.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskset.html#cfn-ecs-taskset-externalid

property launchType

readonly launchType?: string;

The launch type that new tasks in the task set uses. For more information, see [Amazon ECS launch types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html) in the *Amazon Elastic Container Service Developer Guide* .
If a launchType is specified, the capacityProviderStrategy parameter must be omitted.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskset.html#cfn-ecs-taskset-launchtype

property loadBalancers

readonly loadBalancers?:
    | Array<CfnTaskSet.LoadBalancerProperty | cdk.IResolvable>
    | cdk.IResolvable;

A load balancer object representing the load balancer to use with the task set. The supported load balancer types are either an Application Load Balancer or a Network Load Balancer.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskset.html#cfn-ecs-taskset-loadbalancers

property networkConfiguration

readonly networkConfiguration?:
    | CfnTaskSet.NetworkConfigurationProperty
    | cdk.IResolvable;

The network configuration for the task set.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskset.html#cfn-ecs-taskset-networkconfiguration

property platformVersion

readonly platformVersion?: string;

The platform version that the tasks in the task set uses. A platform version is specified only for tasks using the Fargate launch type. If one isn't specified, the LATEST platform version is used.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskset.html#cfn-ecs-taskset-platformversion

property scale

readonly scale?: CfnTaskSet.ScaleProperty | cdk.IResolvable;

A floating-point percentage of your desired number of tasks to place and keep running in the task set.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskset.html#cfn-ecs-taskset-scale

property service

readonly service: string;

The short name or full Amazon Resource Name (ARN) of the service to create the task set in.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskset.html#cfn-ecs-taskset-service

property serviceRegistries

readonly serviceRegistries?:
    | Array<CfnTaskSet.ServiceRegistryProperty | cdk.IResolvable>
    | cdk.IResolvable;

The details of the service discovery registries to assign to this task set. For more information, see [Service discovery](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskset.html#cfn-ecs-taskset-serviceregistries

property taskDefinition

readonly taskDefinition: string;

The task definition for the tasks in the task set to use.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskset.html#cfn-ecs-taskset-taskdefinition

interface CloudMapNamespaceOptions

interface CloudMapNamespaceOptions {}

The options for creating an AWS Cloud Map namespace.

property name

readonly name: string;

The name of the namespace, such as example.com.

property type

readonly type?: cloudmap.NamespaceType;

The type of CloudMap Namespace to create.
PrivateDns

property vpc

readonly vpc?: ec2.IVpc;

The VPC to associate the namespace with. This property is required for private DNS namespaces.
VPC of the cluster for Private DNS Namespace, otherwise none

interface CloudMapOptions

interface CloudMapOptions {}

The options to enabling AWS Cloud Map for an Amazon ECS service.

property cloudMapNamespace

readonly cloudMapNamespace?: cloudmap.INamespace;

The service discovery namespace for the Cloud Map service to attach to the ECS service.
- the defaultCloudMapNamespace associated to the cluster

property container

readonly container?: ContainerDefinition;

The container to point to for a SRV record. - the task definition's default container

property containerPort

readonly containerPort?: number;

The port to point to for a SRV record. - the default port of the task definition's default container

property dnsRecordType

readonly dnsRecordType?: cloudmap.DnsRecordType.A | cloudmap.DnsRecordType.SRV;

The DNS record type that you want AWS Cloud Map to create. The supported record types are A or SRV.
- DnsRecordType.A if TaskDefinition.networkMode = AWS_VPC, otherwise DnsRecordType.SRV

property dnsTtl

readonly dnsTtl?: Duration;

The amount of time that you want DNS resolvers to cache the settings for this record.
Duration.minutes(1)

property failureThreshold

readonly failureThreshold?: number;

The number of 30-second intervals that you want Cloud Map to wait after receiving an UpdateInstanceCustomHealthStatus request before it changes the health status of a service instance.
NOTE: This is used for HealthCheckCustomConfig

property name

readonly name?: string;

The name of the Cloud Map service to attach to the ECS service.
CloudFormation-generated name

interface ClusterAttributes

interface ClusterAttributes {}

The properties to import from the ECS cluster.

property autoscalingGroup

readonly autoscalingGroup?: autoscaling.IAutoScalingGroup;

Autoscaling group added to the cluster if capacity is added
- No default autoscaling group

property clusterArn

readonly clusterArn?: string;

The Amazon Resource Name (ARN) that identifies the cluster.
Derived from clusterName

property clusterName

readonly clusterName: string;

The name of the cluster.

property defaultCloudMapNamespace

readonly defaultCloudMapNamespace?: cloudmap.INamespace;

The AWS Cloud Map namespace to associate with the cluster.
- No default namespace

property executeCommandConfiguration

readonly executeCommandConfiguration?: ExecuteCommandConfiguration;

The execute command configuration for the cluster
- none.

property hasEc2Capacity

readonly hasEc2Capacity?: boolean;

Specifies whether the cluster has EC2 instance capacity.
true

property securityGroups

readonly securityGroups: ec2.ISecurityGroup[];

The security groups associated with the container instances registered to the cluster.

property vpc

readonly vpc: ec2.IVpc;

The VPC associated with the cluster.

interface ClusterProps

interface ClusterProps {}

The properties used to define an ECS cluster.

property capacity

readonly capacity?: AddCapacityOptions;

The ec2 capacity to add to the cluster
- no EC2 capacity will be added, you can use addCapacity to add capacity later.

property capacityProviders

readonly capacityProviders?: string[];

The capacity providers to add to the cluster
- None. Currently only FARGATE and FARGATE_SPOT are supported.
Deprecated
Use ClusterProps.enableFargateCapacityProviders instead.

property clusterName

readonly clusterName?: string;

The name for the cluster.
CloudFormation-generated name

property containerInsights

readonly containerInsights?: boolean;

If true CloudWatch Container Insights will be enabled for the cluster
- Container Insights will be disabled for this cluser.

property defaultCloudMapNamespace

readonly defaultCloudMapNamespace?: CloudMapNamespaceOptions;

The service discovery namespace created in this cluster
- no service discovery namespace created, you can use addDefaultCloudMapNamespace to add a default service discovery namespace later.

property enableFargateCapacityProviders

readonly enableFargateCapacityProviders?: boolean;

Whether to enable Fargate Capacity Providers
false

property executeCommandConfiguration

readonly executeCommandConfiguration?: ExecuteCommandConfiguration;

The execute command configuration for the cluster
- no configuration will be provided.

property vpc

readonly vpc?: ec2.IVpc;

The VPC where your ECS instances will be running or your ENIs will be deployed
- creates a new VPC with two AZs

interface CommonTaskDefinitionAttributes

interface CommonTaskDefinitionAttributes {}

The common task definition attributes used across all types of task definitions.

property networkMode

readonly networkMode?: NetworkMode;

The networking mode to use for the containers in the task.
Network mode cannot be provided to the imported task.

property taskDefinitionArn

readonly taskDefinitionArn: string;

The arn of the task definition

property taskRole

readonly taskRole?: iam.IRole;

The name of the IAM role that grants containers in the task permission to call AWS APIs on your behalf.
Permissions cannot be granted to the imported task.

interface CommonTaskDefinitionProps

interface CommonTaskDefinitionProps {}

The common properties for all task definitions. For more information, see [Task Definition Parameters](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html).

property executionRole

readonly executionRole?: iam.IRole;

The name of the IAM task execution role that grants the ECS agent permission to call AWS APIs on your behalf.
The role will be used to retrieve container images from ECR and create CloudWatch log groups.
- An execution role will be automatically created if you use ECR images in your task definition.

property family

readonly family?: string;

The name of a family that this task definition is registered to. A family groups multiple versions of a task definition.
- Automatically generated name.

property proxyConfiguration

readonly proxyConfiguration?: ProxyConfiguration;

The configuration details for the App Mesh proxy.
- No proxy configuration.

property taskRole

readonly taskRole?: iam.IRole;

The name of the IAM role that grants containers in the task permission to call AWS APIs on your behalf.
- A task role is automatically created for you.

property volumes

readonly volumes?: Volume[];

The list of volume definitions for the task. For more information, see [Task Definition Parameter Volumes](https://docs.aws.amazon.com/AmazonECS/latest/developerguide//task_definition_parameters.html#volumes).
- No volumes are passed to the Docker daemon on a container instance.

interface ContainerDefinitionOptions

interface ContainerDefinitionOptions {}

property command

readonly command?: string[];

The command that is passed to the container.
If you provide a shell command as a single string, you have to quote command-line arguments.
- CMD value built into container image.

property containerName

readonly containerName?: string;

The name of the container.
- id of node associated with ContainerDefinition.

property cpu

readonly cpu?: number;

The minimum number of CPU units to reserve for the container.
- No minimum CPU units reserved.

property disableNetworking

readonly disableNetworking?: boolean;

Specifies whether networking is disabled within the container.
When this parameter is true, networking is disabled within the container.
false

property dnsSearchDomains

readonly dnsSearchDomains?: string[];

A list of DNS search domains that are presented to the container.
- No search domains.

property dnsServers

readonly dnsServers?: string[];

A list of DNS servers that are presented to the container.
- Default DNS servers.

property dockerLabels

readonly dockerLabels?: {
    [key: string]: string;
};

A key/value map of labels to add to the container.
- No labels.

property dockerSecurityOptions

readonly dockerSecurityOptions?: string[];

A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems.
- No security labels.

property entryPoint

readonly entryPoint?: string[];

The ENTRYPOINT value to pass to the container.
See Also
- https://docs.docker.com/engine/reference/builder/#entrypoint
  - Entry point configured in container.

property environment

readonly environment?: {
    [key: string]: string;
};

The environment variables to pass to the container.
- No environment variables.

property environmentFiles

readonly environmentFiles?: EnvironmentFile[];

The environment files to pass to the container.
See Also
- https://docs.aws.amazon.com/AmazonECS/latest/developerguide/taskdef-envfiles.html
  - No environment files.

property essential

readonly essential?: boolean;

Specifies whether the container is marked essential.
If the essential parameter of a container is marked as true, and that container fails or stops for any reason, all other containers that are part of the task are stopped. If the essential parameter of a container is marked as false, then its failure does not affect the rest of the containers in a task. All tasks must have at least one essential container.
If this parameter is omitted, a container is assumed to be essential.
true

property extraHosts

readonly extraHosts?: {
    [name: string]: string;
};

A list of hostnames and IP address mappings to append to the /etc/hosts file on the container.
- No extra hosts.

property gpuCount

readonly gpuCount?: number;

The number of GPUs assigned to the container.
- No GPUs assigned.

property healthCheck

readonly healthCheck?: HealthCheck;

The health check command and associated configuration parameters for the container.
- Health check configuration from container.

property hostname

readonly hostname?: string;

The hostname to use for your container.
- Automatic hostname.

property image

readonly image: ContainerImage;

The image used to start a container.
This string is passed directly to the Docker daemon. Images in the Docker Hub registry are available by default. Other repositories are specified with either repository-url/image:tag or repository-url/image@digest. TODO: Update these to specify using classes of IContainerImage

property inferenceAcceleratorResources

readonly inferenceAcceleratorResources?: string[];

The inference accelerators referenced by the container. - No inference accelerators assigned.

property linuxParameters

readonly linuxParameters?: LinuxParameters;

Linux-specific modifications that are applied to the container, such as Linux kernel capabilities. For more information see [KernelCapabilities](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_KernelCapabilities.html).
- No Linux parameters.

property logging

readonly logging?: LogDriver;

The log configuration specification for the container.
- Containers use the same logging driver that the Docker daemon uses.

property memoryLimitMiB

readonly memoryLimitMiB?: number;

The amount (in MiB) of memory to present to the container.
If your container attempts to exceed the allocated memory, the container is terminated.
At least one of memoryLimitMiB and memoryReservationMiB is required for non-Fargate services.
- No memory limit.

property memoryReservationMiB

readonly memoryReservationMiB?: number;

The soft limit (in MiB) of memory to reserve for the container.
When system memory is under heavy contention, Docker attempts to keep the container memory to this soft limit. However, your container can consume more memory when it needs to, up to either the hard limit specified with the memory parameter (if applicable), or all of the available memory on the container instance, whichever comes first.
At least one of memoryLimitMiB and memoryReservationMiB is required for non-Fargate services.
- No memory reserved.

property portMappings

readonly portMappings?: PortMapping[];

The port mappings to add to the container definition. - No ports are mapped.

property privileged

readonly privileged?: boolean;

Specifies whether the container is marked as privileged. When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user).
false

property readonlyRootFilesystem

readonly readonlyRootFilesystem?: boolean;

When this parameter is true, the container is given read-only access to its root file system.
false

property secrets

readonly secrets?: {
    [key: string]: Secret;
};

The secret environment variables to pass to the container.
- No secret environment variables.

property startTimeout

readonly startTimeout?: cdk.Duration;

Time duration (in seconds) to wait before giving up on resolving dependencies for a container.
- none

property stopTimeout

readonly stopTimeout?: cdk.Duration;

Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own.
- none

property systemControls

readonly systemControls?: SystemControl[];

A list of namespaced kernel parameters to set in the container.
- No system controls are set.
See Also
- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-systemcontrol.html
- https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#container_definition_systemcontrols

property user

readonly user?: string;

The user name to use inside the container.
root

property workingDirectory

readonly workingDirectory?: string;

The working directory in which to run commands inside the container.
/

interface ContainerDefinitionProps

interface ContainerDefinitionProps extends ContainerDefinitionOptions {}

The properties in a container definition.

property taskDefinition

readonly taskDefinition: TaskDefinition;

The name of the task definition that includes this container definition.
[disable-awslint:ref-via-interface]

interface ContainerDependency

interface ContainerDependency {}

The details of a dependency on another container in the task definition.
See Also
- https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDependency.html

property condition

readonly condition?: ContainerDependencyCondition;

The state the container needs to be in to satisfy the dependency and proceed with startup. Valid values are ContainerDependencyCondition.START, ContainerDependencyCondition.COMPLETE, ContainerDependencyCondition.SUCCESS and ContainerDependencyCondition.HEALTHY.
ContainerDependencyCondition.HEALTHY

property container

readonly container: ContainerDefinition;

The container to depend on.

interface ContainerImageConfig

interface ContainerImageConfig {}

The configuration for creating a container image.

property imageName

readonly imageName: string;

Specifies the name of the container image.

property repositoryCredentials

readonly repositoryCredentials?: CfnTaskDefinition.RepositoryCredentialsProperty;

Specifies the credentials used to access the image repository.

interface CpuUtilizationScalingProps

interface CpuUtilizationScalingProps extends appscaling.BaseTargetTrackingProps {}

The properties for enabling scaling based on CPU utilization.

property targetUtilizationPercent

readonly targetUtilizationPercent: number;

The target value for CPU utilization across all tasks in the service.

interface DeploymentCircuitBreaker

interface DeploymentCircuitBreaker {}

The deployment circuit breaker to use for the service

property rollback

readonly rollback?: boolean;

Whether to enable rollback on deployment failure false

interface DeploymentController

interface DeploymentController {}

The deployment controller to use for the service.

property type

readonly type?: DeploymentControllerType;

The deployment controller type to use.
DeploymentControllerType.ECS

interface Device

interface Device {}

A container instance host device.

property containerPath

readonly containerPath?: string;

The path inside the container at which to expose the host device.
Same path as the host

property hostPath

readonly hostPath: string;

The path for the device on the host container instance.

property permissions

readonly permissions?: DevicePermission[];

The explicit permissions to provide to the container for the device. By default, the container has permissions for read, write, and mknod for the device.
Readonly

interface DockerVolumeConfiguration

interface DockerVolumeConfiguration {}

The configuration for a Docker volume. Docker volumes are only supported when you are using the EC2 launch type.

property autoprovision

readonly autoprovision?: boolean;

Specifies whether the Docker volume should be created if it does not already exist. If true is specified, the Docker volume will be created for you.
false

property driver

readonly driver: string;

The Docker volume driver to use.

property driverOpts

readonly driverOpts?: {
    [key: string]: string;
};

A map of Docker driver-specific options passed through.
No options

property labels

readonly labels?: {
    [key: string]: string;
};

Custom metadata to add to your Docker volume.
No labels

property scope

readonly scope: Scope;

The scope for the Docker volume that determines its lifecycle.

interface Ec2ServiceAttributes

interface Ec2ServiceAttributes {}

The properties to import from the service using the EC2 launch type.

property cluster

readonly cluster: ICluster;

The cluster that hosts the service.

property serviceArn

readonly serviceArn?: string;

The service ARN.
- either this, or serviceName, is required

property serviceName

readonly serviceName?: string;

The name of the service.
- either this, or serviceArn, is required

interface Ec2ServiceProps

interface Ec2ServiceProps extends BaseServiceOptions {}

The properties for defining a service using the EC2 launch type.

property assignPublicIp

readonly assignPublicIp?: boolean;

Specifies whether the task's elastic network interface receives a public IP address. If true, each task will receive a public IP address.
This property is only used for tasks that use the awsvpc network mode.
false

property daemon

readonly daemon?: boolean;

Specifies whether the service will use the daemon scheduling strategy. If true, the service scheduler deploys exactly one task on each container instance in your cluster.
When you are using this strategy, do not specify a desired number of tasks orany task placement strategies.
false

property placementConstraints

readonly placementConstraints?: PlacementConstraint[];

The placement constraints to use for tasks in the service. For more information, see [Amazon ECS Task Placement Constraints](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-constraints.html).
- No constraints.

property placementStrategies

readonly placementStrategies?: PlacementStrategy[];

The placement strategies to use for tasks in the service. For more information, see [Amazon ECS Task Placement Strategies](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-strategies.html).
- No strategies.

property securityGroup

readonly securityGroup?: ec2.ISecurityGroup;

The security groups to associate with the service. If you do not specify a security group, a new security group is created.
This property is only used for tasks that use the awsvpc network mode.
- A new security group is created.
Deprecated
use securityGroups instead.

property securityGroups

readonly securityGroups?: ec2.ISecurityGroup[];

The security groups to associate with the service. If you do not specify a security group, a new security group is created.
This property is only used for tasks that use the awsvpc network mode.
- A new security group is created.

property taskDefinition

readonly taskDefinition: TaskDefinition;

The task definition to use for tasks in the service.
[disable-awslint:ref-via-interface]

property vpcSubnets

readonly vpcSubnets?: ec2.SubnetSelection;

The subnets to associate with the service.
This property is only used for tasks that use the awsvpc network mode.
- Public subnets if assignPublicIp is set, otherwise the first available one of Private, Isolated, Public, in that order.

interface Ec2TaskDefinitionAttributes

interface Ec2TaskDefinitionAttributes extends CommonTaskDefinitionAttributes {}

Attributes used to import an existing EC2 task definition

interface Ec2TaskDefinitionProps

interface Ec2TaskDefinitionProps extends CommonTaskDefinitionProps {}

The properties for a task definition run on an EC2 cluster.

property inferenceAccelerators

readonly inferenceAccelerators?: InferenceAccelerator[];

The inference accelerators to use for the containers in the task.
Not supported in Fargate.
- No inference accelerators.

property ipcMode

readonly ipcMode?: IpcMode;

The IPC resource namespace to use for the containers in the task.
Not supported in Fargate and Windows containers.
- IpcMode used by the task is not specified

property networkMode

readonly networkMode?: NetworkMode;

The Docker networking mode to use for the containers in the task.
The valid values are NONE, BRIDGE, AWS_VPC, and HOST.
- NetworkMode.BRIDGE for EC2 tasks, AWS_VPC for Fargate tasks.

property pidMode

readonly pidMode?: PidMode;

The process namespace to use for the containers in the task.
Not supported in Fargate and Windows containers.
- PidMode used by the task is not specified

property placementConstraints

readonly placementConstraints?: PlacementConstraint[];

An array of placement constraint objects to use for the task. You can specify a maximum of 10 constraints per task (this limit includes constraints in the task definition and those specified at run time).
- No placement constraints.

interface EcsOptimizedAmiProps

interface EcsOptimizedAmiProps {}

The properties that define which ECS-optimized AMI is used.
Deprecated
see EcsOptimizedImage

property cachedInContext

readonly cachedInContext?: boolean;

Whether the AMI ID is cached to be stable between deployments
By default, the newest image is used on each deployment. This will cause instances to be replaced whenever a new version is released, and may cause downtime if there aren't enough running instances in the AutoScalingGroup to reschedule the tasks on.
If set to true, the AMI ID will be cached in cdk.context.json and the same value will be used on future runs. Your instances will not be replaced but your AMI version will grow old over time. To refresh the AMI lookup, you will have to evict the value from the cache using the cdk context command. See https://docs.aws.amazon.com/cdk/latest/guide/context.html for more information.
Can not be set to true in environment-agnostic stacks.
false

property generation

readonly generation?: ec2.AmazonLinuxGeneration;

The Amazon Linux generation to use.
AmazonLinuxGeneration.AmazonLinux2

property hardwareType

readonly hardwareType?: AmiHardwareType;

The ECS-optimized AMI variant to use.
AmiHardwareType.Standard

property windowsVersion

readonly windowsVersion?: WindowsOptimizedVersion;

The Windows Server version to use.
none, uses Linux generation

interface EcsOptimizedImageOptions

interface EcsOptimizedImageOptions {}

Additional configuration properties for EcsOptimizedImage factory functions

property cachedInContext

readonly cachedInContext?: boolean;

Whether the AMI ID is cached to be stable between deployments
By default, the newest image is used on each deployment. This will cause instances to be replaced whenever a new version is released, and may cause downtime if there aren't enough running instances in the AutoScalingGroup to reschedule the tasks on.
If set to true, the AMI ID will be cached in cdk.context.json and the same value will be used on future runs. Your instances will not be replaced but your AMI version will grow old over time. To refresh the AMI lookup, you will have to evict the value from the cache using the cdk context command. See https://docs.aws.amazon.com/cdk/latest/guide/context.html for more information.
Can not be set to true in environment-agnostic stacks.
false

interface EcsTarget

interface EcsTarget {}

property containerName

readonly containerName: string;

The name of the container.

property containerPort

readonly containerPort?: number;

The port number of the container. Only applicable when using application/network load balancers.
- Container port of the first added port mapping.

property listener

readonly listener: ListenerConfig;

Listener and properties for adding target group to the listener.

property newTargetGroupId

readonly newTargetGroupId: string;

ID for a target group to be created.

property protocol

readonly protocol?: Protocol;

The protocol used for the port mapping. Only applicable when using application load balancers.
Protocol.TCP

interface EfsVolumeConfiguration

interface EfsVolumeConfiguration {}

The configuration for an Elastic FileSystem volume.

property authorizationConfig

readonly authorizationConfig?: AuthorizationConfig;

The authorization configuration details for the Amazon EFS file system.
No configuration.

property fileSystemId

readonly fileSystemId: string;

The Amazon EFS file system ID to use.

property rootDirectory

readonly rootDirectory?: string;

The directory within the Amazon EFS file system to mount as the root directory inside the host. Specifying / will have the same effect as omitting this parameter.
The root of the Amazon EFS volume

property transitEncryption

readonly transitEncryption?: string;

Whether or not to enable encryption for Amazon EFS data in transit between the Amazon ECS host and the Amazon EFS server. Transit encryption must be enabled if Amazon EFS IAM authorization is used.
Valid values: ENABLED | DISABLED
DISABLED

property transitEncryptionPort

readonly transitEncryptionPort?: number;

The port to use when sending encrypted data between the Amazon ECS host and the Amazon EFS server. EFS mount helper uses.
Port selection strategy that the Amazon EFS mount helper uses.

interface EnvironmentFileConfig

interface EnvironmentFileConfig {}

Configuration for the environment file

property fileType

readonly fileType: EnvironmentFileType;

The type of environment file

property s3Location

readonly s3Location: Location;

The location of the environment file in S3

interface ExecuteCommandConfiguration

interface ExecuteCommandConfiguration {}

The details of the execute command configuration. For more information, see [ExecuteCommandConfiguration] https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-executecommandconfiguration.html

property kmsKey

readonly kmsKey?: kms.IKey;

The AWS Key Management Service key ID to encrypt the data between the local client and the container.
- none

property logConfiguration

readonly logConfiguration?: ExecuteCommandLogConfiguration;

The log configuration for the results of the execute command actions. The logs can be sent to CloudWatch Logs or an Amazon S3 bucket.
- none

property logging

readonly logging?: ExecuteCommandLogging;

The log settings to use for logging the execute command session.
- none

interface ExecuteCommandLogConfiguration

interface ExecuteCommandLogConfiguration {}

The log configuration for the results of the execute command actions. The logs can be sent to CloudWatch Logs and/ or an Amazon S3 bucket. For more information, see [ExecuteCommandLogConfiguration] https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-executecommandlogconfiguration.html

property cloudWatchEncryptionEnabled

readonly cloudWatchEncryptionEnabled?: boolean;

Whether or not to enable encryption on the CloudWatch logs.
- encryption will be disabled.

property cloudWatchLogGroup

readonly cloudWatchLogGroup?: logs.ILogGroup;

The name of the CloudWatch log group to send logs to. The CloudWatch log group must already be created. - none

property s3Bucket

readonly s3Bucket?: s3.IBucket;

The name of the S3 bucket to send logs to. The S3 bucket must already be created.
- none

property s3EncryptionEnabled

readonly s3EncryptionEnabled?: boolean;

Whether or not to enable encryption on the CloudWatch logs.
- encryption will be disabled.

property s3KeyPrefix

readonly s3KeyPrefix?: string;

An optional folder in the S3 bucket to place logs in.
- none

interface ExternalServiceAttributes

interface ExternalServiceAttributes {}

The properties to import from the service using the External launch type.

property cluster

readonly cluster: ICluster;

The cluster that hosts the service.

property serviceArn

readonly serviceArn?: string;

The service ARN.
- either this, or serviceName, is required

property serviceName

readonly serviceName?: string;

The name of the service.
- either this, or serviceArn, is required

interface ExternalServiceProps

interface ExternalServiceProps extends BaseServiceOptions {}

The properties for defining a service using the External launch type.

property securityGroups

readonly securityGroups?: ec2.ISecurityGroup[];

The security groups to associate with the service. If you do not specify a security group, a new security group is created.
- A new security group is created.

property taskDefinition

readonly taskDefinition: TaskDefinition;

The task definition to use for tasks in the service.
[disable-awslint:ref-via-interface]

interface ExternalTaskDefinitionAttributes

interface ExternalTaskDefinitionAttributes extends CommonTaskDefinitionAttributes {}

Attributes used to import an existing External task definition

interface ExternalTaskDefinitionProps

interface ExternalTaskDefinitionProps extends CommonTaskDefinitionProps {}

The properties for a task definition run on an External cluster.

interface FargateServiceAttributes

interface FargateServiceAttributes {}

The properties to import from the service using the Fargate launch type.

property cluster

readonly cluster: ICluster;

The cluster that hosts the service.

property serviceArn

readonly serviceArn?: string;

The service ARN.
- either this, or serviceName, is required

property serviceName

readonly serviceName?: string;

The name of the service.
- either this, or serviceArn, is required

interface FargateServiceProps

interface FargateServiceProps extends BaseServiceOptions {}

The properties for defining a service using the Fargate launch type.

property assignPublicIp

readonly assignPublicIp?: boolean;

Specifies whether the task's elastic network interface receives a public IP address.
If true, each task will receive a public IP address.
false

property platformVersion

readonly platformVersion?: FargatePlatformVersion;

The platform version on which to run your service.
If one is not specified, the LATEST platform version is used by default. For more information, see [AWS Fargate Platform Versions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html) in the Amazon Elastic Container Service Developer Guide.
Latest

property securityGroup

readonly securityGroup?: ec2.ISecurityGroup;

The security groups to associate with the service. If you do not specify a security group, a new security group is created.
- A new security group is created.
Deprecated
use securityGroups instead.

property securityGroups

readonly securityGroups?: ec2.ISecurityGroup[];

The security groups to associate with the service. If you do not specify a security group, a new security group is created.
- A new security group is created.

property taskDefinition

readonly taskDefinition: TaskDefinition;

The task definition to use for tasks in the service.
[disable-awslint:ref-via-interface]

property vpcSubnets

readonly vpcSubnets?: ec2.SubnetSelection;

The subnets to associate with the service.
- Public subnets if assignPublicIp is set, otherwise the first available one of Private, Isolated, Public, in that order.

interface FargateTaskDefinitionAttributes

interface FargateTaskDefinitionAttributes extends CommonTaskDefinitionAttributes {}

Attributes used to import an existing Fargate task definition

interface FargateTaskDefinitionProps

interface FargateTaskDefinitionProps extends CommonTaskDefinitionProps {}

The properties for a task definition.

property cpu

readonly cpu?: number;

The number of cpu units used by the task. For tasks using the Fargate launch type, this field is required and you must use one of the following values, which determines your range of valid values for the memory parameter:
256 (.25 vCPU) - Available memory values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB)
512 (.5 vCPU) - Available memory values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB)
1024 (1 vCPU) - Available memory values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB)
2048 (2 vCPU) - Available memory values: Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB)
4096 (4 vCPU) - Available memory values: Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB)
256

property ephemeralStorageGiB

readonly ephemeralStorageGiB?: number;

The amount (in GiB) of ephemeral storage to be allocated to the task. The maximum supported value is 200 GiB.
NOTE: This parameter is only supported for tasks hosted on AWS Fargate using platform version 1.4.0 or later.
20

property memoryLimitMiB

readonly memoryLimitMiB?: number;

The amount (in MiB) of memory used by the task. For tasks using the Fargate launch type, this field is required and you must use one of the following values, which determines your range of valid values for the cpu parameter:
512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - Available cpu values: 256 (.25 vCPU)
1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - Available cpu values: 512 (.5 vCPU)
2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - Available cpu values: 1024 (1 vCPU)
Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - Available cpu values: 2048 (2 vCPU)
Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - Available cpu values: 4096 (4 vCPU)
512

property runtimePlatform

readonly runtimePlatform?: RuntimePlatform;

The operating system that your task definitions are running on.
A runtimePlatform is supported only for tasks using the Fargate launch type.
- Undefined.

interface FirelensConfig

interface FirelensConfig {}

Firelens Configuration https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html#firelens-taskdef

property options

readonly options?: FirelensOptions;

Firelens options - no additional options

property type

readonly type: FirelensLogRouterType;

The log router to use - fluentbit

interface FireLensLogDriverProps

interface FireLensLogDriverProps extends BaseLogDriverProps {}

Specifies the firelens log driver configuration options.

property options

readonly options?: {
    [key: string]: string;
};

The configuration options to send to the log driver. - the log driver options

property secretOptions

readonly secretOptions?: {
    [key: string]: Secret;
};

The secrets to pass to the log configuration. - No secret options provided.

interface FirelensLogRouterDefinitionOptions

interface FirelensLogRouterDefinitionOptions extends ContainerDefinitionOptions {}

The options for creating a firelens log router.

property firelensConfig

readonly firelensConfig: FirelensConfig;

Firelens configuration

interface FirelensLogRouterProps

interface FirelensLogRouterProps extends ContainerDefinitionProps {}

The properties in a firelens log router.

property firelensConfig

readonly firelensConfig: FirelensConfig;

Firelens configuration

interface FirelensOptions

interface FirelensOptions {}

The options for firelens log router https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html#firelens-taskdef-customconfig

property configFileType

readonly configFileType?: FirelensConfigFileType;

Custom configuration file, s3 or file. Both configFileType and configFileValue must be used together to define a custom configuration source.
- determined by checking configFileValue with S3 ARN.

property configFileValue

readonly configFileValue?: string;

Custom configuration file, S3 ARN or a file path Both configFileType and configFileValue must be used together to define a custom configuration source.
- no config file value

property enableECSLogMetadata

readonly enableECSLogMetadata?: boolean;

By default, Amazon ECS adds additional fields in your log entries that help identify the source of the logs. You can disable this action by setting enable-ecs-log-metadata to false. - true

interface FluentdLogDriverProps

interface FluentdLogDriverProps extends BaseLogDriverProps {}

Specifies the fluentd log driver configuration options.
[Source](https://docs.docker.com/config/containers/logging/fluentd/)

property address

readonly address?: string;

By default, the logging driver connects to localhost:24224. Supply the address option to connect to a different address. tcp(default) and unix sockets are supported.
- address not set.

property asyncConnect

readonly asyncConnect?: boolean;

Docker connects to Fluentd in the background. Messages are buffered until the connection is established.
- false

property bufferLimit

readonly bufferLimit?: number;

The amount of data to buffer before flushing to disk.
- The amount of RAM available to the container.

property maxRetries

readonly maxRetries?: number;

The maximum number of retries.
- 4294967295 (2**32 - 1).

property retryWait

readonly retryWait?: Duration;

How long to wait between retries.
- 1 second

property subSecondPrecision

readonly subSecondPrecision?: boolean;

Generates event logs in nanosecond resolution.
- false

interface GelfLogDriverProps

interface GelfLogDriverProps extends BaseLogDriverProps {}

Specifies the journald log driver configuration options.
[Source](https://docs.docker.com/config/containers/logging/gelf/)

property address

readonly address: string;

The address of the GELF server. tcp and udp are the only supported URI specifier and you must specify the port.

property compressionLevel

readonly compressionLevel?: number;

UDP Only The level of compression when gzip or zlib is the gelf-compression-type. An integer in the range of -1 to 9 (BestCompression). Higher levels provide more compression at lower speed. Either -1 or 0 disables compression.
- 1

property compressionType

readonly compressionType?: GelfCompressionType;

UDP Only The type of compression the GELF driver uses to compress each log message. Allowed values are gzip, zlib and none.
- gzip

property tcpMaxReconnect

readonly tcpMaxReconnect?: number;

TCP Only The maximum number of reconnection attempts when the connection drop. A positive integer.
- 3

property tcpReconnectDelay

readonly tcpReconnectDelay?: Duration;

TCP Only The number of seconds to wait between reconnection attempts. A positive integer.
- 1

interface GenericLogDriverProps

interface GenericLogDriverProps {}

The configuration to use when creating a log driver.

property logDriver

readonly logDriver: string;

The log driver to use for the container. The valid values listed for this parameter are log drivers that the Amazon ECS container agent can communicate with by default.
For tasks using the Fargate launch type, the supported log drivers are awslogs and splunk. For tasks using the EC2 launch type, the supported log drivers are awslogs, syslog, gelf, fluentd, splunk, journald, and json-file.
For more information about using the awslogs log driver, see [Using the awslogs Log Driver](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html) in the Amazon Elastic Container Service Developer Guide.

property options

readonly options?: {
    [key: string]: string;
};

The configuration options to send to the log driver. - the log driver options.

property secretOptions

readonly secretOptions?: {
    [key: string]: Secret;
};

The secrets to pass to the log configuration. - no secret options provided.

interface HealthCheck

interface HealthCheck {}

The health check command and associated configuration parameters for the container.

property command

readonly command: string[];

A string array representing the command that the container runs to determine if it is healthy. The string array must start with CMD to execute the command arguments directly, or CMD-SHELL to run the command with the container's default shell.
For example: [ "CMD-SHELL", "curl -f http://localhost/ || exit 1" ]

property interval

readonly interval?: cdk.Duration;

The time period in seconds between each health check execution.
You may specify between 5 and 300 seconds.
Duration.seconds(30)

property retries

readonly retries?: number;

The number of times to retry a failed health check before the container is considered unhealthy.
You may specify between 1 and 10 retries.
3

property startPeriod

readonly startPeriod?: cdk.Duration;

The optional grace period within which to provide containers time to bootstrap before failed health checks count towards the maximum number of retries.
You may specify between 0 and 300 seconds.
No start period

property timeout

readonly timeout?: cdk.Duration;

The time period in seconds to wait for a health check to succeed before it is considered a failure.
You may specify between 2 and 60 seconds.
Duration.seconds(5)

interface Host

interface Host {}

The details on a container instance bind mount host volume.

property sourcePath

readonly sourcePath?: string;

Specifies the path on the host container instance that is presented to the container. If the sourcePath value does not exist on the host container instance, the Docker daemon creates it. If the location does exist, the contents of the source path folder are exported.
This property is not supported for tasks that use the Fargate launch type.

interface IBaseService

interface IBaseService extends IService {}

The interface for BaseService.

property cluster

readonly cluster: ICluster;

The cluster that hosts the service.

interface ICluster

interface ICluster extends IResource {}

A regional grouping of one or more container instances on which you can run tasks and services.

property autoscalingGroup

readonly autoscalingGroup?: autoscaling.IAutoScalingGroup;

The autoscaling group added to the cluster if capacity is associated to the cluster

property clusterArn

readonly clusterArn: string;

The Amazon Resource Name (ARN) that identifies the cluster.

property clusterName

readonly clusterName: string;

The name of the cluster.

property connections

readonly connections: ec2.Connections;

Manage the allowed network connections for the cluster with Security Groups.

property defaultCloudMapNamespace

readonly defaultCloudMapNamespace?: cloudmap.INamespace;

The AWS Cloud Map namespace to associate with the cluster.

property executeCommandConfiguration

readonly executeCommandConfiguration?: ExecuteCommandConfiguration;

The execute command configuration for the cluster

property hasEc2Capacity

readonly hasEc2Capacity: boolean;

Specifies whether the cluster has EC2 instance capacity.

property vpc

readonly vpc: ec2.IVpc;

The VPC associated with the cluster.

interface IEc2Service

interface IEc2Service extends IService {}

The interface for a service using the EC2 launch type on an ECS cluster.

interface IEc2TaskDefinition

interface IEc2TaskDefinition extends ITaskDefinition {}

The interface of a task definition run on an EC2 cluster.

interface IEcsLoadBalancerTarget

interface IEcsLoadBalancerTarget
    extends elbv2.IApplicationLoadBalancerTarget,
        elbv2.INetworkLoadBalancerTarget,
        elb.ILoadBalancerTarget {}

Interface for ECS load balancer target.

interface IExternalService

interface IExternalService extends IService {}

The interface for a service using the External launch type on an ECS cluster.

interface IExternalTaskDefinition

interface IExternalTaskDefinition extends ITaskDefinition {}

The interface of a task definition run on an External cluster.

interface IFargateService

interface IFargateService extends IService {}

The interface for a service using the Fargate launch type on an ECS cluster.

interface IFargateTaskDefinition

interface IFargateTaskDefinition extends ITaskDefinition {}

The interface of a task definition run on a Fargate cluster.

interface InferenceAccelerator

interface InferenceAccelerator {}

Elastic Inference Accelerator. For more information, see [Elastic Inference Basics](https://docs.aws.amazon.com/elastic-inference/latest/developerguide/basics.html)

property deviceName

readonly deviceName?: string;

The Elastic Inference accelerator device name. - empty

property deviceType

readonly deviceType?: string;

The Elastic Inference accelerator type to use. The allowed values are: eia2.medium, eia2.large and eia2.xlarge. - empty

interface IService

interface IService extends IResource {}

The interface for a service.

property serviceArn

readonly serviceArn: string;

The Amazon Resource Name (ARN) of the service.

property serviceName

readonly serviceName: string;

The name of the service.

interface ITaskDefinition

interface ITaskDefinition extends IResource {}

The interface for all task definitions.

property compatibility

readonly compatibility: Compatibility;

What launch types this task definition should be compatible with.

property executionRole

readonly executionRole?: iam.IRole;

Execution role for this task definition

property isEc2Compatible

readonly isEc2Compatible: boolean;

Return true if the task definition can be run on an EC2 cluster

property isExternalCompatible

readonly isExternalCompatible: boolean;

Return true if the task definition can be run on a ECS Anywhere cluster

property isFargateCompatible

readonly isFargateCompatible: boolean;

Return true if the task definition can be run on a Fargate cluster

property networkMode

readonly networkMode: NetworkMode;

The networking mode to use for the containers in the task.

property taskDefinitionArn

readonly taskDefinitionArn: string;

ARN of this task definition

property taskRole

readonly taskRole: iam.IRole;

The name of the IAM role that grants containers in the task permission to call AWS APIs on your behalf.

interface ITaskDefinitionExtension

interface ITaskDefinitionExtension {}

An extension for Task Definitions
Classes that want to make changes to a TaskDefinition (such as adding helper containers) can implement this interface, and can then be "added" to a TaskDefinition like so:
taskDefinition.addExtension(new MyExtension("some_parameter"));

method extend

extend: (taskDefinition: TaskDefinition) => void;

Apply the extension to the given TaskDefinition
Parameter taskDefinition
[disable-awslint:ref-via-interface]

interface JournaldLogDriverProps

interface JournaldLogDriverProps extends BaseLogDriverProps {}

Specifies the journald log driver configuration options.
[Source](https://docs.docker.com/config/containers/logging/journald/)

interface JsonFileLogDriverProps

interface JsonFileLogDriverProps extends BaseLogDriverProps {}

Specifies the json-file log driver configuration options.
[Source](https://docs.docker.com/config/containers/logging/json-file/)

property compress

readonly compress?: boolean;

Toggles compression for rotated logs.
- false

property maxFile

readonly maxFile?: number;

The maximum number of log files that can be present. If rolling the logs creates excess files, the oldest file is removed. Only effective when max-size is also set. A positive integer.
- 1

property maxSize

readonly maxSize?: string;

The maximum size of the log before it is rolled. A positive integer plus a modifier representing the unit of measure (k, m, or g).
- -1 (unlimited)

interface LinuxParametersProps

interface LinuxParametersProps {}

The properties for defining Linux-specific options that are applied to the container.

property initProcessEnabled

readonly initProcessEnabled?: boolean;

Specifies whether to run an init process inside the container that forwards signals and reaps processes.
false

property sharedMemorySize

readonly sharedMemorySize?: number;

The value for the size (in MiB) of the /dev/shm volume.
No shared memory.

interface LoadBalancerTargetOptions

interface LoadBalancerTargetOptions {}

Properties for defining an ECS target. The port mapping for it must already have been created through addPortMapping().

property containerName

readonly containerName: string;

The name of the container.

property containerPort

readonly containerPort?: number;

The port number of the container. Only applicable when using application/network load balancers.
- Container port of the first added port mapping.

property protocol

readonly protocol?: Protocol;

The protocol used for the port mapping. Only applicable when using application load balancers.
Protocol.TCP

interface LogDriverConfig

interface LogDriverConfig {}

The configuration to use when creating a log driver.

property logDriver

readonly logDriver: string;

The log driver to use for the container. The valid values listed for this parameter are log drivers that the Amazon ECS container agent can communicate with by default.
For tasks using the Fargate launch type, the supported log drivers are awslogs, splunk, and awsfirelens. For tasks using the EC2 launch type, the supported log drivers are awslogs, fluentd, gelf, json-file, journald, logentries,syslog, splunk, and awsfirelens.
For more information about using the awslogs log driver, see [Using the awslogs Log Driver](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html) in the Amazon Elastic Container Service Developer Guide.
For more information about using the awsfirelens log driver, see [Custom Log Routing](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html) in the Amazon Elastic Container Service Developer Guide.

property options

readonly options?: {
    [key: string]: string;
};

The configuration options to send to the log driver.

property secretOptions

readonly secretOptions?: CfnTaskDefinition.SecretProperty[];

The secrets to pass to the log configuration. - No secret options provided.

interface MemoryUtilizationScalingProps

interface MemoryUtilizationScalingProps extends appscaling.BaseTargetTrackingProps {}

The properties for enabling scaling based on memory utilization.

property targetUtilizationPercent

readonly targetUtilizationPercent: number;

The target value for memory utilization across all tasks in the service.

interface MountPoint

interface MountPoint {}

The details of data volume mount points for a container.

property containerPath

readonly containerPath: string;

The path on the container to mount the host volume at.

property readOnly

readonly readOnly: boolean;

Specifies whether to give the container read-only access to the volume.
If this value is true, the container has read-only access to the volume. If this value is false, then the container can write to the volume.

property sourceVolume

readonly sourceVolume: string;

The name of the volume to mount.
Must be a volume name referenced in the name parameter of task definition volume.

interface PortMapping

interface PortMapping {}

Port mappings allow containers to access ports on the host container instance to send or receive traffic.

property containerPort

readonly containerPort: number;

The port number on the container that is bound to the user-specified or automatically assigned host port.
If you are using containers in a task with the awsvpc or host network mode, exposed ports should be specified using containerPort. If you are using containers in a task with the bridge network mode and you specify a container port and not a host port, your container automatically receives a host port in the ephemeral port range.
For more information, see hostPort. Port mappings that are automatically assigned in this way do not count toward the 100 reserved ports limit of a container instance.

property hostPort

readonly hostPort?: number;

The port number on the container instance to reserve for your container.
If you are using containers in a task with the awsvpc or host network mode, the hostPort can either be left blank or set to the same value as the containerPort.
If you are using containers in a task with the bridge network mode, you can specify a non-reserved host port for your container port mapping, or you can omit the hostPort (or set it to 0) while specifying a containerPort and your container automatically receives a port in the ephemeral port range for your container instance operating system and Docker version.

property protocol

readonly protocol?: Protocol;

The protocol used for the port mapping. Valid values are Protocol.TCP and Protocol.UDP.
TCP

interface RepositoryImageProps

interface RepositoryImageProps {}

The properties for an image hosted in a public or private repository.

property credentials

readonly credentials?: secretsmanager.ISecret;

The secret to expose to the container that contains the credentials for the image repository. The supported value is the full ARN of an AWS Secrets Manager secret.

interface RequestCountScalingProps

interface RequestCountScalingProps extends appscaling.BaseTargetTrackingProps {}

The properties for enabling scaling based on Application Load Balancer (ALB) request counts.

property requestsPerTarget

readonly requestsPerTarget: number;

The number of ALB requests per target.

property targetGroup

readonly targetGroup: elbv2.ApplicationTargetGroup;

The ALB target group name.

interface RuntimePlatform

interface RuntimePlatform {}

The interface for Runtime Platform.

property cpuArchitecture

readonly cpuArchitecture?: CpuArchitecture;

The CpuArchitecture for Fargate Runtime Platform.
- Undefined.

property operatingSystemFamily

readonly operatingSystemFamily?: OperatingSystemFamily;

The operating system for Fargate Runtime Platform.
- Undefined.

interface ScalableTaskCountProps

interface ScalableTaskCountProps extends appscaling.BaseScalableAttributeProps {}

The properties of a scalable attribute representing task count.

interface ScratchSpace

interface ScratchSpace {}

The temporary disk space mounted to the container.

property containerPath

readonly containerPath: string;

The path on the container to mount the scratch volume at.

property name

readonly name: string;

The name of the scratch volume to mount. Must be a volume name referenced in the name parameter of task definition volume.

property readOnly

readonly readOnly: boolean;

Specifies whether to give the container read-only access to the scratch volume.
If this value is true, the container has read-only access to the scratch volume. If this value is false, then the container can write to the scratch volume.

property sourcePath

readonly sourcePath: string;

interface SecretVersionInfo

interface SecretVersionInfo {}

Specify the secret's version id or version stage

property versionId

readonly versionId?: string;

version id of the secret
- use default version id

property versionStage

readonly versionStage?: string;

version stage of the secret
- use default version stage

interface SplunkLogDriverProps

interface SplunkLogDriverProps extends BaseLogDriverProps {}

Specifies the splunk log driver configuration options.
[Source](https://docs.docker.com/config/containers/logging/splunk/)

property caName

readonly caName?: string;

Name to use for validating server certificate.
- The hostname of the splunk-url

property caPath

readonly caPath?: string;

Path to root certificate.
- caPath not set.

property format

readonly format?: SplunkLogFormat;

Message format. Can be inline, json or raw.
- inline

property gzip

readonly gzip?: boolean;

Enable/disable gzip compression to send events to Splunk Enterprise or Splunk Cloud instance.
- false

property gzipLevel

readonly gzipLevel?: number;

Set compression level for gzip. Valid values are -1 (default), 0 (no compression), 1 (best speed) ... 9 (best compression).
- -1 (Default Compression)

property index

readonly index?: string;

Event index.
- index not set.

property insecureSkipVerify

readonly insecureSkipVerify?: string;

Ignore server certificate validation.
- insecureSkipVerify not set.

property secretToken

readonly secretToken?: Secret;

Splunk HTTP Event Collector token (Secret).
The splunk-token is added to the SecretOptions property of the Log Driver Configuration. So the secret value will not be resolved or viewable as plain text.
Please provide at least one of token or secretToken. - If secret token is not provided, then the value provided in token will be used.

property source

readonly source?: string;

Event source.
- source not set.

property sourceType

readonly sourceType?: string;

Event source type.
- sourceType not set.

property token

readonly token?: SecretValue;

Splunk HTTP Event Collector token.
The splunk-token is added to the Options property of the Log Driver Configuration. So the secret value will be resolved and viewable in plain text in the console.
Please provide at least one of token or secretToken.
Deprecated
Use SplunkLogDriverProps.secretToken instead. - token not provided.

property url

readonly url: string;

Path to your Splunk Enterprise, self-service Splunk Cloud instance, or Splunk Cloud managed cluster (including port and scheme used by HTTP Event Collector) in one of the following formats: https://your_splunk_instance:8088 or https://input-prd-p-XXXXXXX.cloud.splunk.com:8088 or https://http-inputs-XXXXXXXX.splunkcloud.com.

property verifyConnection

readonly verifyConnection?: boolean;

Verify on start, that docker can connect to Splunk server.
- true

interface SyslogLogDriverProps

interface SyslogLogDriverProps extends BaseLogDriverProps {}

Specifies the syslog log driver configuration options.
[Source](https://docs.docker.com/config/containers/logging/syslog/)

property address

readonly address?: string;

The address of an external syslog server. The URI specifier may be [tcp|udp|tcp+tls]://host:port, unix://path, or unixgram://path.
- If the transport is tcp, udp, or tcp+tls, the default port is 514.

property facility

readonly facility?: string;

The syslog facility to use. Can be the number or name for any valid syslog facility. See the syslog documentation: https://tools.ietf.org/html/rfc5424#section-6.2.1.
- facility not set

property format

readonly format?: string;

The syslog message format to use. If not specified the local UNIX syslog format is used, without a specified hostname. Specify rfc3164 for the RFC-3164 compatible format, rfc5424 for RFC-5424 compatible format, or rfc5424micro for RFC-5424 compatible format with microsecond timestamp resolution.
- format not set

property tlsCaCert

readonly tlsCaCert?: string;

The absolute path to the trust certificates signed by the CA. Ignored if the address protocol is not tcp+tls.
- tlsCaCert not set

property tlsCert

readonly tlsCert?: string;

The absolute path to the TLS certificate file. Ignored if the address protocol is not tcp+tls.
- tlsCert not set

property tlsKey

readonly tlsKey?: string;

The absolute path to the TLS key file. Ignored if the address protocol is not tcp+tls.
- tlsKey not set

property tlsSkipVerify

readonly tlsSkipVerify?: boolean;

If set to true, TLS verification is skipped when connecting to the syslog daemon. Ignored if the address protocol is not tcp+tls.
- false

interface SystemControl

interface SystemControl {}

Kernel parameters to set in the container

property namespace

readonly namespace: string;

The namespaced kernel parameter for which to set a value.

property value

readonly value: string;

The value for the namespaced kernel parameter specified in namespace.

interface TaskDefinitionAttributes

interface TaskDefinitionAttributes extends CommonTaskDefinitionAttributes {}

A reference to an existing task definition

property compatibility

readonly compatibility?: Compatibility;

What launch types this task definition should be compatible with.
Compatibility.EC2_AND_FARGATE

interface TaskDefinitionProps

interface TaskDefinitionProps extends CommonTaskDefinitionProps {}

The properties for task definitions.

property compatibility

readonly compatibility: Compatibility;

The task launch type compatiblity requirement.

property cpu

readonly cpu?: string;

The number of cpu units used by the task.
If you are using the EC2 launch type, this field is optional and any value can be used. If you are using the Fargate launch type, this field is required and you must use one of the following values, which determines your range of valid values for the memory parameter:
256 (.25 vCPU) - Available memory values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB)
512 (.5 vCPU) - Available memory values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB)
1024 (1 vCPU) - Available memory values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB)
2048 (2 vCPU) - Available memory values: Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB)
4096 (4 vCPU) - Available memory values: Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB)
- CPU units are not specified.

property ephemeralStorageGiB

readonly ephemeralStorageGiB?: number;

The amount (in GiB) of ephemeral storage to be allocated to the task.
Only supported in Fargate platform version 1.4.0 or later.
- Undefined, in which case, the task will receive 20GiB ephemeral storage.

property inferenceAccelerators

readonly inferenceAccelerators?: InferenceAccelerator[];

The inference accelerators to use for the containers in the task.
Not supported in Fargate.
- No inference accelerators.

property ipcMode

readonly ipcMode?: IpcMode;

The IPC resource namespace to use for the containers in the task.
Not supported in Fargate and Windows containers.
- IpcMode used by the task is not specified

property memoryMiB

readonly memoryMiB?: string;

The amount (in MiB) of memory used by the task.
If using the EC2 launch type, this field is optional and any value can be used. If using the Fargate launch type, this field is required and you must use one of the following values, which determines your range of valid values for the cpu parameter:
512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - Available cpu values: 256 (.25 vCPU)
1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - Available cpu values: 512 (.5 vCPU)
2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - Available cpu values: 1024 (1 vCPU)
Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - Available cpu values: 2048 (2 vCPU)
Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - Available cpu values: 4096 (4 vCPU)
- Memory used by task is not specified.

property networkMode

readonly networkMode?: NetworkMode;

The networking mode to use for the containers in the task.
On Fargate, the only supported networking mode is AwsVpc.
- NetworkMode.Bridge for EC2 & External tasks, AwsVpc for Fargate tasks.

property pidMode

readonly pidMode?: PidMode;

The process namespace to use for the containers in the task.
Not supported in Fargate and Windows containers.
- PidMode used by the task is not specified

property placementConstraints

readonly placementConstraints?: PlacementConstraint[];

The placement constraints to use for tasks in the service.
You can specify a maximum of 10 constraints per task (this limit includes constraints in the task definition and those specified at run time).
Not supported in Fargate.
- No placement constraints.

property runtimePlatform

readonly runtimePlatform?: RuntimePlatform;

The operating system that your task definitions are running on. A runtimePlatform is supported only for tasks using the Fargate launch type.
- Undefined.

interface Tmpfs

interface Tmpfs {}

The details of a tmpfs mount for a container.

property containerPath

readonly containerPath: string;

The absolute file path where the tmpfs volume is to be mounted.

property mountOptions

readonly mountOptions?: TmpfsMountOption[];

The list of tmpfs volume mount options. For more information, see [TmpfsMountOptions](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_Tmpfs.html).

property size

readonly size: number;

The size (in MiB) of the tmpfs volume.

interface TrackCustomMetricProps

interface TrackCustomMetricProps extends appscaling.BaseTargetTrackingProps {}

The properties for enabling target tracking scaling based on a custom CloudWatch metric.

property metric

readonly metric: cloudwatch.IMetric;

The custom CloudWatch metric to track.
The metric must represent utilization; that is, you will always get the following behavior:
- metric > targetValue => scale out - metric < targetValue => scale in

property targetValue

readonly targetValue: number;

The target value for the custom CloudWatch metric.

interface Ulimit

interface Ulimit {}

The ulimit settings to pass to the container.
NOTE: Does not work for Windows containers.

property hardLimit

readonly hardLimit: number;

The hard limit for the ulimit type.

property name

readonly name: UlimitName;

The type of the ulimit.
For more information, see [UlimitName](https://docs.aws.amazon.com/cdk/api/latest/typescript/api/aws-ecs/ulimitname.html#aws_ecs_UlimitName).

property softLimit

readonly softLimit: number;

The soft limit for the ulimit type.

interface Volume

interface Volume {}

A data volume used in a task definition.
For tasks that use a Docker volume, specify a DockerVolumeConfiguration. For tasks that use a bind mount host volume, specify a host and optional sourcePath.
For more information, see [Using Data Volumes in Tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_data_volumes.html).

property dockerVolumeConfiguration

readonly dockerVolumeConfiguration?: DockerVolumeConfiguration;

This property is specified when you are using Docker volumes.
Docker volumes are only supported when you are using the EC2 launch type. Windows containers only support the use of the local driver. To use bind mounts, specify a host instead.

property efsVolumeConfiguration

readonly efsVolumeConfiguration?: EfsVolumeConfiguration;

This property is specified when you are using Amazon EFS.
When specifying Amazon EFS volumes in tasks using the Fargate launch type, Fargate creates a supervisor container that is responsible for managing the Amazon EFS volume. The supervisor container uses a small amount of the task's memory. The supervisor container is visible when querying the task metadata version 4 endpoint, but is not visible in CloudWatch Container Insights.
No Elastic FileSystem is setup

property host

readonly host?: Host;

This property is specified when you are using bind mount host volumes.
Bind mount host volumes are supported when you are using either the EC2 or Fargate launch types. The contents of the host parameter determine whether your bind mount host volume persists on the host container instance and where it is stored. If the host parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data is not guaranteed to persist after the containers associated with it stop running.

property name

readonly name: string;

The name of the volume.
Up to 255 letters (uppercase and lowercase), numbers, and hyphens are allowed. This name is referenced in the sourceVolume parameter of container definition mountPoints.

interface VolumeFrom

interface VolumeFrom {}

The details on a data volume from another container in the same task definition.

property readOnly

readonly readOnly: boolean;

Specifies whether the container has read-only access to the volume.
If this value is true, the container has read-only access to the volume. If this value is false, then the container can write to the volume.

property sourceContainer

readonly sourceContainer: string;

The name of another container within the same task definition from which to mount volumes.

Enums

enum AmiHardwareType

enum AmiHardwareType {
    STANDARD = 'Standard',
    GPU = 'GPU',
    ARM = 'ARM64',
}

The ECS-optimized AMI variant to use. For more information, see [Amazon ECS-optimized AMIs](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html).

member ARM

ARM = 'ARM64'

Use the Amazon ECS-optimized Amazon Linux 2 (arm64) AMI.

member GPU

GPU = 'GPU'

Use the Amazon ECS GPU-optimized AMI.

member STANDARD

STANDARD = 'Standard'

Use the standard Amazon ECS-optimized AMI.

enum AwsLogDriverMode

enum AwsLogDriverMode {
    BLOCKING = 'blocking',
    NON_BLOCKING = 'non-blocking',
}

awslogs provides two modes for delivering messages from the container to the log driver

member BLOCKING

BLOCKING = 'blocking'

(default) direct, blocking delivery from container to driver.

member NON_BLOCKING

NON_BLOCKING = 'non-blocking'

The non-blocking message delivery mode prevents applications from blocking due to logging back pressure. Applications are likely to fail in unexpected ways when STDERR or STDOUT streams block.

enum BinPackResource

enum BinPackResource {
    CPU = 'cpu',
    MEMORY = 'memory',
}

Instance resource used for bin packing

member CPU

CPU = 'cpu'

Fill up hosts' CPU allocations first

member MEMORY

MEMORY = 'memory'

Fill up hosts' memory allocations first

enum BottlerocketEcsVariant

enum BottlerocketEcsVariant {
    AWS_ECS_1 = 'aws-ecs-1',
}

Amazon ECS variant

member AWS_ECS_1

AWS_ECS_1 = 'aws-ecs-1'

aws-ecs-1 variant

enum Capability

enum Capability {
    ALL = 'ALL',
    AUDIT_CONTROL = 'AUDIT_CONTROL',
    AUDIT_WRITE = 'AUDIT_WRITE',
    BLOCK_SUSPEND = 'BLOCK_SUSPEND',
    CHOWN = 'CHOWN',
    DAC_OVERRIDE = 'DAC_OVERRIDE',
    DAC_READ_SEARCH = 'DAC_READ_SEARCH',
    FOWNER = 'FOWNER',
    FSETID = 'FSETID',
    IPC_LOCK = 'IPC_LOCK',
    IPC_OWNER = 'IPC_OWNER',
    KILL = 'KILL',
    LEASE = 'LEASE',
    LINUX_IMMUTABLE = 'LINUX_IMMUTABLE',
    MAC_ADMIN = 'MAC_ADMIN',
    MAC_OVERRIDE = 'MAC_OVERRIDE',
    MKNOD = 'MKNOD',
    NET_ADMIN = 'NET_ADMIN',
    NET_BIND_SERVICE = 'NET_BIND_SERVICE',
    NET_BROADCAST = 'NET_BROADCAST',
    NET_RAW = 'NET_RAW',
    SETFCAP = 'SETFCAP',
    SETGID = 'SETGID',
    SETPCAP = 'SETPCAP',
    SETUID = 'SETUID',
    SYS_ADMIN = 'SYS_ADMIN',
    SYS_BOOT = 'SYS_BOOT',
    SYS_CHROOT = 'SYS_CHROOT',
    SYS_MODULE = 'SYS_MODULE',
    SYS_NICE = 'SYS_NICE',
    SYS_PACCT = 'SYS_PACCT',
    SYS_PTRACE = 'SYS_PTRACE',
    SYS_RAWIO = 'SYS_RAWIO',
    SYS_RESOURCE = 'SYS_RESOURCE',
    SYS_TIME = 'SYS_TIME',
    SYS_TTY_CONFIG = 'SYS_TTY_CONFIG',
    SYSLOG = 'SYSLOG',
    WAKE_ALARM = 'WAKE_ALARM',
}

A Linux capability

member ALL

ALL = 'ALL'

member AUDIT_CONTROL

AUDIT_CONTROL = 'AUDIT_CONTROL'

member AUDIT_WRITE

AUDIT_WRITE = 'AUDIT_WRITE'

member BLOCK_SUSPEND

BLOCK_SUSPEND = 'BLOCK_SUSPEND'

member CHOWN

CHOWN = 'CHOWN'

member DAC_OVERRIDE

DAC_OVERRIDE = 'DAC_OVERRIDE'

member DAC_READ_SEARCH

DAC_READ_SEARCH = 'DAC_READ_SEARCH'

member FOWNER

FOWNER = 'FOWNER'

member FSETID

FSETID = 'FSETID'

member IPC_LOCK

IPC_LOCK = 'IPC_LOCK'

member IPC_OWNER

IPC_OWNER = 'IPC_OWNER'

member KILL

KILL = 'KILL'

member LEASE

LEASE = 'LEASE'

member LINUX_IMMUTABLE

LINUX_IMMUTABLE = 'LINUX_IMMUTABLE'

member MAC_ADMIN

MAC_ADMIN = 'MAC_ADMIN'

member MAC_OVERRIDE

MAC_OVERRIDE = 'MAC_OVERRIDE'

member MKNOD

MKNOD = 'MKNOD'

member NET_ADMIN

NET_ADMIN = 'NET_ADMIN'

member NET_BIND_SERVICE

NET_BIND_SERVICE = 'NET_BIND_SERVICE'

member NET_BROADCAST

NET_BROADCAST = 'NET_BROADCAST'

member NET_RAW

NET_RAW = 'NET_RAW'

member SETFCAP

SETFCAP = 'SETFCAP'

member SETGID

SETGID = 'SETGID'

member SETPCAP

SETPCAP = 'SETPCAP'

member SETUID

SETUID = 'SETUID'

member SYS_ADMIN

SYS_ADMIN = 'SYS_ADMIN'

member SYS_BOOT

SYS_BOOT = 'SYS_BOOT'

member SYS_CHROOT

SYS_CHROOT = 'SYS_CHROOT'

member SYS_MODULE

SYS_MODULE = 'SYS_MODULE'

member SYS_NICE

SYS_NICE = 'SYS_NICE'

member SYS_PACCT

SYS_PACCT = 'SYS_PACCT'

member SYS_PTRACE

SYS_PTRACE = 'SYS_PTRACE'

member SYS_RAWIO

SYS_RAWIO = 'SYS_RAWIO'

member SYS_RESOURCE

SYS_RESOURCE = 'SYS_RESOURCE'

member SYS_TIME

SYS_TIME = 'SYS_TIME'

member SYS_TTY_CONFIG

SYS_TTY_CONFIG = 'SYS_TTY_CONFIG'

member SYSLOG

SYSLOG = 'SYSLOG'

member WAKE_ALARM

WAKE_ALARM = 'WAKE_ALARM'

enum Compatibility

enum Compatibility {
    EC2 = 0,
    FARGATE = 1,
    EC2_AND_FARGATE = 2,
    EXTERNAL = 3,
}

The task launch type compatibility requirement.

member EC2

EC2 = 0

The task should specify the EC2 launch type.

member EC2_AND_FARGATE

EC2_AND_FARGATE = 2

The task can specify either the EC2 or Fargate launch types.

member EXTERNAL

EXTERNAL = 3

The task should specify the External launch type.

member FARGATE

FARGATE = 1

The task should specify the Fargate launch type.

enum ContainerDependencyCondition

enum ContainerDependencyCondition {
    START = 'START',
    COMPLETE = 'COMPLETE',
    SUCCESS = 'SUCCESS',
    HEALTHY = 'HEALTHY',
}

member COMPLETE

COMPLETE = 'COMPLETE'

This condition validates that a dependent container runs to completion (exits) before permitting other containers to start. This can be useful for nonessential containers that run a script and then exit.

member HEALTHY

HEALTHY = 'HEALTHY'

This condition validates that the dependent container passes its Docker health check before permitting other containers to start. This requires that the dependent container has health checks configured. This condition is confirmed only at task startup.

member START

START = 'START'

This condition emulates the behavior of links and volumes today. It validates that a dependent container is started before permitting other containers to start.

member SUCCESS

SUCCESS = 'SUCCESS'

This condition is the same as COMPLETE, but it also requires that the container exits with a zero status.

enum DeploymentControllerType

enum DeploymentControllerType {
    ECS = 'ECS',
    CODE_DEPLOY = 'CODE_DEPLOY',
    EXTERNAL = 'EXTERNAL',
}

The deployment controller type to use for the service.

member CODE_DEPLOY

CODE_DEPLOY = 'CODE_DEPLOY'

The blue/green (CODE_DEPLOY) deployment type uses the blue/green deployment model powered by AWS CodeDeploy

member ECS

ECS = 'ECS'

The rolling update (ECS) deployment type involves replacing the current running version of the container with the latest version.

member EXTERNAL

EXTERNAL = 'EXTERNAL'

The external (EXTERNAL) deployment type enables you to use any third-party deployment controller

enum DevicePermission

enum DevicePermission {
    READ = 'read',
    WRITE = 'write',
    MKNOD = 'mknod',
}

Permissions for device access

member MKNOD

MKNOD = 'mknod'

Make a node

member READ

READ = 'read'

Read

member WRITE

WRITE = 'write'

Write

enum EnvironmentFileType

enum EnvironmentFileType {
    S3 = 's3',
}

Type of environment file to be included in the container definition

member S3

S3 = 's3'

Environment file hosted on S3, referenced by object ARN

enum ExecuteCommandLogging

enum ExecuteCommandLogging {
    NONE = 'NONE',
    DEFAULT = 'DEFAULT',
    OVERRIDE = 'OVERRIDE',
}

The log settings to use to for logging the execute command session. For more information, see [Logging] https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-executecommandconfiguration.html#cfn-ecs-cluster-executecommandconfiguration-logging

member DEFAULT

DEFAULT = 'DEFAULT'

The awslogs configuration in the task definition is used. If no logging parameter is specified, it defaults to this value. If no awslogs log driver is configured in the task definition, the output won't be logged.

member NONE

NONE = 'NONE'

The execute command session is not logged.

member OVERRIDE

OVERRIDE = 'OVERRIDE'

Specify the logging details as a part of logConfiguration.

enum FargatePlatformVersion

enum FargatePlatformVersion {
    LATEST = 'LATEST',
    VERSION1_4 = '1.4.0',
    VERSION1_3 = '1.3.0',
    VERSION1_2 = '1.2.0',
    VERSION1_1 = '1.1.0',
    VERSION1_0 = '1.0.0',
}

The platform version on which to run your service.
See Also
- https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html

member LATEST

LATEST = 'LATEST'

The latest, recommended platform version.

member VERSION1_0

VERSION1_0 = '1.0.0'

Initial release
Based on Amazon Linux 2017.09.

member VERSION1_1

VERSION1_1 = '1.1.0'

Version 1.1.0
Supports task metadata, health checks, service discovery.

member VERSION1_2

VERSION1_2 = '1.2.0'

Version 1.2.0
Supports private registries.

member VERSION1_3

VERSION1_3 = '1.3.0'

Version 1.3.0
Supports secrets, task recycling.

member VERSION1_4

VERSION1_4 = '1.4.0'

Version 1.4.0
Supports EFS endpoints, CAP_SYS_PTRACE Linux capability, network performance metrics in CloudWatch Container Insights, consolidated 20 GB ephemeral volume.

enum FirelensConfigFileType

enum FirelensConfigFileType {
    S3 = 's3',
    FILE = 'file',
}

Firelens configuration file type, s3 or file path. https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html#firelens-taskdef-customconfig

member FILE

FILE = 'file'

fluentd

member S3

S3 = 's3'

enum FirelensLogRouterType

enum FirelensLogRouterType {
    FLUENTBIT = 'fluentbit',
    FLUENTD = 'fluentd',
}

Firelens log router type, fluentbit or fluentd. https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html

member FLUENTBIT

FLUENTBIT = 'fluentbit'

fluentbit

member FLUENTD

FLUENTD = 'fluentd'

fluentd

enum GelfCompressionType

enum GelfCompressionType {
    GZIP = 'gzip',
    ZLIB = 'zlib',
    NONE = 'none',
}

The type of compression the GELF driver uses to compress each log message.

member GZIP

GZIP = 'gzip'

member NONE

NONE = 'none'

member ZLIB

ZLIB = 'zlib'

enum IpcMode

enum IpcMode {
    NONE = 'none',
    HOST = 'host',
    TASK = 'task',
}

The IPC resource namespace to use for the containers in the task.

member HOST

HOST = 'host'

If host is specified, then all containers within the tasks that specified the host IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance.

member NONE

NONE = 'none'

If none is specified, then IPC resources within the containers of a task are private and not shared with other containers in a task or on the container instance

member TASK

TASK = 'task'

If task is specified, all containers within the specified task share the same IPC resources.

enum LaunchType

enum LaunchType {
    EC2 = 'EC2',
    FARGATE = 'FARGATE',
    EXTERNAL = 'EXTERNAL',
}

The launch type of an ECS service

member EC2

EC2 = 'EC2'

The service will be launched using the EC2 launch type

member EXTERNAL

EXTERNAL = 'EXTERNAL'

The service will be launched using the EXTERNAL launch type

member FARGATE

FARGATE = 'FARGATE'

The service will be launched using the FARGATE launch type

enum MachineImageType

enum MachineImageType {
    AMAZON_LINUX_2 = 0,
    BOTTLEROCKET = 1,
}

The machine image type

member AMAZON_LINUX_2

AMAZON_LINUX_2 = 0

Amazon ECS-optimized Amazon Linux 2 AMI

member BOTTLEROCKET

BOTTLEROCKET = 1

Bottlerocket AMI

enum NetworkMode

enum NetworkMode {
    NONE = 'none',
    BRIDGE = 'bridge',
    AWS_VPC = 'awsvpc',
    HOST = 'host',
    NAT = 'nat',
}

The networking mode to use for the containers in the task.

member AWS_VPC

AWS_VPC = 'awsvpc'

The task is allocated an elastic network interface.

member BRIDGE

BRIDGE = 'bridge'

The task utilizes Docker's built-in virtual network which runs inside each container instance.

member HOST

HOST = 'host'

The task bypasses Docker's built-in virtual network and maps container ports directly to the EC2 instance's network interface directly.
In this mode, you can't run multiple instantiations of the same task on a single container instance when port mappings are used.

member NAT

NAT = 'nat'

The task utilizes NAT network mode required by Windows containers.
This is the only supported network mode for Windows containers. For more information, see [Task Definition Parameters](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#network_mode).

member NONE

NONE = 'none'

The task's containers do not have external connectivity and port mappings can't be specified in the container definition.

enum PidMode

enum PidMode {
    HOST = 'host',
    TASK = 'task',
}

The process namespace to use for the containers in the task.

member HOST

HOST = 'host'

If host is specified, then all containers within the tasks that specified the host PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance.

member TASK

TASK = 'task'

If task is specified, all containers within the specified task share the same process namespace.

enum PropagatedTagSource

enum PropagatedTagSource {
    SERVICE = 'SERVICE',
    TASK_DEFINITION = 'TASK_DEFINITION',
    NONE = 'NONE',
}

Propagate tags from either service or task definition

member NONE

NONE = 'NONE'

Do not propagate

member SERVICE

SERVICE = 'SERVICE'

Propagate tags from service

member TASK_DEFINITION

TASK_DEFINITION = 'TASK_DEFINITION'

Propagate tags from task definition

enum Protocol

enum Protocol {
    TCP = 'tcp',
    UDP = 'udp',
}

Network protocol

member TCP

TCP = 'tcp'

member UDP

UDP = 'udp'

enum Scope

enum Scope {
    TASK = 'task',
    SHARED = 'shared',
}

The scope for the Docker volume that determines its lifecycle. Docker volumes that are scoped to a task are automatically provisioned when the task starts and destroyed when the task stops. Docker volumes that are scoped as shared persist after the task stops.

member SHARED

SHARED = 'shared'

Docker volumes that are scoped as shared persist after the task stops.

member TASK

TASK = 'task'

Docker volumes that are scoped to a task are automatically provisioned when the task starts and destroyed when the task stops.

enum SplunkLogFormat

enum SplunkLogFormat {
    INLINE = 'inline',
    JSON = 'json',
    RAW = 'raw',
}

Log Message Format

member INLINE

INLINE = 'inline'

member JSON

JSON = 'json'

member RAW

RAW = 'raw'

enum TmpfsMountOption

enum TmpfsMountOption {
    DEFAULTS = 'defaults',
    RO = 'ro',
    RW = 'rw',
    SUID = 'suid',
    NOSUID = 'nosuid',
    DEV = 'dev',
    NODEV = 'nodev',
    EXEC = 'exec',
    NOEXEC = 'noexec',
    SYNC = 'sync',
    ASYNC = 'async',
    DIRSYNC = 'dirsync',
    REMOUNT = 'remount',
    MAND = 'mand',
    NOMAND = 'nomand',
    ATIME = 'atime',
    NOATIME = 'noatime',
    DIRATIME = 'diratime',
    NODIRATIME = 'nodiratime',
    BIND = 'bind',
    RBIND = 'rbind',
    UNBINDABLE = 'unbindable',
    RUNBINDABLE = 'runbindable',
    PRIVATE = 'private',
    RPRIVATE = 'rprivate',
    SHARED = 'shared',
    RSHARED = 'rshared',
    SLAVE = 'slave',
    RSLAVE = 'rslave',
    RELATIME = 'relatime',
    NORELATIME = 'norelatime',
    STRICTATIME = 'strictatime',
    NOSTRICTATIME = 'nostrictatime',
    MODE = 'mode',
    UID = 'uid',
    GID = 'gid',
    NR_INODES = 'nr_inodes',
    NR_BLOCKS = 'nr_blocks',
    MPOL = 'mpol',
}

The supported options for a tmpfs mount for a container.

member ASYNC

ASYNC = 'async'

member ATIME

ATIME = 'atime'

member BIND

BIND = 'bind'

member DEFAULTS

DEFAULTS = 'defaults'

member DEV

DEV = 'dev'

member DIRATIME

DIRATIME = 'diratime'

member DIRSYNC

DIRSYNC = 'dirsync'

member EXEC

EXEC = 'exec'

member GID

GID = 'gid'

member MAND

MAND = 'mand'

member MODE

MODE = 'mode'

member MPOL

MPOL = 'mpol'

member NOATIME

NOATIME = 'noatime'

member NODEV

NODEV = 'nodev'

member NODIRATIME

NODIRATIME = 'nodiratime'

member NOEXEC

NOEXEC = 'noexec'

member NOMAND

NOMAND = 'nomand'

member NORELATIME

NORELATIME = 'norelatime'

member NOSTRICTATIME

NOSTRICTATIME = 'nostrictatime'

member NOSUID

NOSUID = 'nosuid'

member NR_BLOCKS

NR_BLOCKS = 'nr_blocks'

member NR_INODES

NR_INODES = 'nr_inodes'

member PRIVATE

PRIVATE = 'private'

member RBIND

RBIND = 'rbind'

member RELATIME

RELATIME = 'relatime'

member REMOUNT

REMOUNT = 'remount'

member RO

RO = 'ro'

member RPRIVATE

RPRIVATE = 'rprivate'

member RSHARED

RSHARED = 'rshared'

member RSLAVE

RSLAVE = 'rslave'

member RUNBINDABLE

RUNBINDABLE = 'runbindable'

member RW

RW = 'rw'

member SHARED

SHARED = 'shared'

member SLAVE

SLAVE = 'slave'

member STRICTATIME

STRICTATIME = 'strictatime'

member SUID

SUID = 'suid'

member SYNC

SYNC = 'sync'

member UID

UID = 'uid'

member UNBINDABLE

UNBINDABLE = 'unbindable'

enum UlimitName

enum UlimitName {
    CORE = 'core',
    CPU = 'cpu',
    DATA = 'data',
    FSIZE = 'fsize',
    LOCKS = 'locks',
    MEMLOCK = 'memlock',
    MSGQUEUE = 'msgqueue',
    NICE = 'nice',
    NOFILE = 'nofile',
    NPROC = 'nproc',
    RSS = 'rss',
    RTPRIO = 'rtprio',
    RTTIME = 'rttime',
    SIGPENDING = 'sigpending',
    STACK = 'stack',
}

Type of resource to set a limit on

member CORE

CORE = 'core'

member CPU

CPU = 'cpu'

member DATA

DATA = 'data'

member FSIZE

FSIZE = 'fsize'

member LOCKS

LOCKS = 'locks'

member MEMLOCK

MEMLOCK = 'memlock'

member MSGQUEUE

MSGQUEUE = 'msgqueue'

member NICE

NICE = 'nice'

member NOFILE

NOFILE = 'nofile'

member NPROC

NPROC = 'nproc'

member RSS

RSS = 'rss'

member RTPRIO

RTPRIO = 'rtprio'

member RTTIME

RTTIME = 'rttime'

member SIGPENDING

SIGPENDING = 'sigpending'

member STACK

STACK = 'stack'

enum WindowsOptimizedVersion

enum WindowsOptimizedVersion {
    SERVER_2019 = '2019',
    SERVER_2016 = '2016',
}

ECS-optimized Windows version list

member SERVER_2016

SERVER_2016 = '2016'

member SERVER_2019

SERVER_2019 = '2019'

Namespaces

namespace CfnCapacityProvider

namespace CfnCapacityProvider {}

interface AutoScalingGroupProviderProperty

interface AutoScalingGroupProviderProperty {}

The details of the Auto Scaling group for the capacity provider.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-capacityprovider-autoscalinggroupprovider.html

property autoScalingGroupArn

readonly autoScalingGroupArn: string;

The Amazon Resource Name (ARN) that identifies the Auto Scaling group.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-capacityprovider-autoscalinggroupprovider.html#cfn-ecs-capacityprovider-autoscalinggroupprovider-autoscalinggrouparn

property managedScaling

readonly managedScaling?:
    | CfnCapacityProvider.ManagedScalingProperty
    | cdk.IResolvable;

The managed scaling settings for the Auto Scaling group capacity provider.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-capacityprovider-autoscalinggroupprovider.html#cfn-ecs-capacityprovider-autoscalinggroupprovider-managedscaling

property managedTerminationProtection

readonly managedTerminationProtection?: string;

The managed termination protection setting to use for the Auto Scaling group capacity provider. This determines whether the Auto Scaling group has managed termination protection. The default is off.
> When using managed termination protection, managed scaling must also be used otherwise managed termination protection doesn't work.
When managed termination protection is on, Amazon ECS prevents the Amazon EC2 instances in an Auto Scaling group that contain tasks from being terminated during a scale-in action. The Auto Scaling group and each instance in the Auto Scaling group must have instance protection from scale-in actions on as well. For more information, see [Instance Protection](https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-instance-termination.html#instance-protection) in the *AWS Auto Scaling User Guide* .
When managed termination protection is off, your Amazon EC2 instances aren't protected from termination when the Auto Scaling group scales in.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-capacityprovider-autoscalinggroupprovider.html#cfn-ecs-capacityprovider-autoscalinggroupprovider-managedterminationprotection

interface ManagedScalingProperty

interface ManagedScalingProperty {}

The managed scaling settings for the Auto Scaling group capacity provider.
When managed scaling is turned on, Amazon ECS manages the scale-in and scale-out actions of the Auto Scaling group. Amazon ECS manages a target tracking scaling policy using an Amazon ECS managed CloudWatch metric with the specified targetCapacity value as the target value for the metric. For more information, see [Using managed scaling](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/asg-capacity-providers.html#asg-capacity-providers-managed-scaling) in the *Amazon Elastic Container Service Developer Guide* .
If managed scaling is off, the user must manage the scaling of the Auto Scaling group.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-capacityprovider-managedscaling.html

property instanceWarmupPeriod

readonly instanceWarmupPeriod?: number;

The period of time, in seconds, after a newly launched Amazon EC2 instance can contribute to CloudWatch metrics for Auto Scaling group. If this parameter is omitted, the default value of 300 seconds is used.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-capacityprovider-managedscaling.html#cfn-ecs-capacityprovider-managedscaling-instancewarmupperiod

property maximumScalingStepSize

readonly maximumScalingStepSize?: number;

The maximum number of Amazon EC2 instances that Amazon ECS will scale out at one time. The scale in process is not affected by this parameter. If this parameter is omitted, the default value of 1 is used.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-capacityprovider-managedscaling.html#cfn-ecs-capacityprovider-managedscaling-maximumscalingstepsize

property minimumScalingStepSize

readonly minimumScalingStepSize?: number;

The minimum number of Amazon EC2 instances that Amazon ECS will scale out at one time. The scale in process is not affected by this parameter If this parameter is omitted, the default value of 1 is used.
When additional capacity is required, Amazon ECS will scale up the minimum scaling step size even if the actual demand is less than the minimum scaling step size.
If you use a capacity provider with an Auto Scaling group configured with more than one Amazon EC2 instance type or Availability Zone, Amazon ECS will scale up by the exact minimum scaling step size value and will ignore both the maximum scaling step size as well as the capacity demand.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-capacityprovider-managedscaling.html#cfn-ecs-capacityprovider-managedscaling-minimumscalingstepsize

property status

readonly status?: string;

Determines whether to use managed scaling for the capacity provider.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-capacityprovider-managedscaling.html#cfn-ecs-capacityprovider-managedscaling-status

property targetCapacity

readonly targetCapacity?: number;

The target capacity utilization as a percentage for the capacity provider. The specified value must be greater than 0 and less than or equal to 100 . For example, if you want the capacity provider to maintain 10% spare capacity, then that means the utilization is 90%, so use a targetCapacity of 90 . The default value of 100 percent results in the Amazon EC2 instances in your Auto Scaling group being completely used.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-capacityprovider-managedscaling.html#cfn-ecs-capacityprovider-managedscaling-targetcapacity

namespace CfnCluster

namespace CfnCluster {}

interface CapacityProviderStrategyItemProperty

interface CapacityProviderStrategyItemProperty {}

The CapacityProviderStrategyItem property specifies the details of the default capacity provider strategy for the cluster. When services or tasks are run in the cluster with no launch type or capacity provider strategy specified, the default capacity provider strategy is used.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-capacityproviderstrategyitem.html

property base

readonly base?: number;

The *base* value designates how many tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a *base* defined. If no value is specified, the default value of 0 is used.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-capacityproviderstrategyitem.html#cfn-ecs-cluster-capacityproviderstrategyitem-base

property capacityProvider

readonly capacityProvider?: string;

The short name of the capacity provider.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-capacityproviderstrategyitem.html#cfn-ecs-cluster-capacityproviderstrategyitem-capacityprovider

property weight

readonly weight?: number;

The *weight* value designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The weight value is taken into consideration after the base value, if defined, is satisfied.
If no weight value is specified, the default value of 0 is used. When multiple capacity providers are specified within a capacity provider strategy, at least one of the capacity providers must have a weight value greater than zero and any capacity providers with a weight of 0 can't be used to place tasks. If you specify multiple capacity providers in a strategy that all have a weight of 0 , any RunTask or CreateService actions using the capacity provider strategy will fail.
An example scenario for using weights is defining a strategy that contains two capacity providers and both have a weight of 1 , then when the base is satisfied, the tasks will be split evenly across the two capacity providers. Using that same logic, if you specify a weight of 1 for *capacityProviderA* and a weight of 4 for *capacityProviderB* , then for every one task that's run using *capacityProviderA* , four tasks would use *capacityProviderB* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-capacityproviderstrategyitem.html#cfn-ecs-cluster-capacityproviderstrategyitem-weight

interface ClusterConfigurationProperty

interface ClusterConfigurationProperty {}

The execute command configuration for the cluster.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-clusterconfiguration.html

property executeCommandConfiguration

readonly executeCommandConfiguration?:
    | CfnCluster.ExecuteCommandConfigurationProperty
    | cdk.IResolvable;

The details of the execute command configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-clusterconfiguration.html#cfn-ecs-cluster-clusterconfiguration-executecommandconfiguration

interface ClusterSettingsProperty

interface ClusterSettingsProperty {}

The settings to use when creating a cluster. This parameter is used to turn on CloudWatch Container Insights for a cluster.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-clustersettings.html

property name

readonly name?: string;

The name of the cluster setting. The value is containerInsights .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-clustersettings.html#cfn-ecs-cluster-clustersettings-name

property value

readonly value?: string;

The value to set for the cluster setting. The supported values are enabled and disabled .
If you set name to containerInsights and value to enabled , CloudWatch Container Insights will be on for the cluster, otherwise it will be off unless the containerInsights account setting is turned on. If a cluster value is specified, it will override the containerInsights value set with [PutAccountSetting](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PutAccountSetting.html) or [PutAccountSettingDefault](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PutAccountSettingDefault.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-clustersettings.html#cfn-ecs-cluster-clustersettings-value

interface ExecuteCommandConfigurationProperty

interface ExecuteCommandConfigurationProperty {}

The details of the execute command configuration.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-executecommandconfiguration.html

property kmsKeyId

readonly kmsKeyId?: string;

Specify an AWS Key Management Service key ID to encrypt the data between the local client and the container.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-executecommandconfiguration.html#cfn-ecs-cluster-executecommandconfiguration-kmskeyid

property logConfiguration

readonly logConfiguration?:
    | CfnCluster.ExecuteCommandLogConfigurationProperty
    | cdk.IResolvable;

The log configuration for the results of the execute command actions. The logs can be sent to CloudWatch Logs or an Amazon S3 bucket. When logging=OVERRIDE is specified, a logConfiguration must be provided.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-executecommandconfiguration.html#cfn-ecs-cluster-executecommandconfiguration-logconfiguration

property logging

readonly logging?: string;

The log setting to use for redirecting logs for your execute command results. The following log settings are available.
- NONE : The execute command session is not logged. - DEFAULT : The awslogs configuration in the task definition is used. If no logging parameter is specified, it defaults to this value. If no awslogs log driver is configured in the task definition, the output won't be logged. - OVERRIDE : Specify the logging details as a part of logConfiguration . If the OVERRIDE logging option is specified, the logConfiguration is required.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-executecommandconfiguration.html#cfn-ecs-cluster-executecommandconfiguration-logging

interface ExecuteCommandLogConfigurationProperty

interface ExecuteCommandLogConfigurationProperty {}

The log configuration for the results of the execute command actions. The logs can be sent to CloudWatch Logs or an Amazon S3 bucket.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-executecommandlogconfiguration.html

property cloudWatchEncryptionEnabled

readonly cloudWatchEncryptionEnabled?: boolean | cdk.IResolvable;

Determines whether to use encryption on the CloudWatch logs. If not specified, encryption will be off.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-executecommandlogconfiguration.html#cfn-ecs-cluster-executecommandlogconfiguration-cloudwatchencryptionenabled

property cloudWatchLogGroupName

readonly cloudWatchLogGroupName?: string;

The name of the CloudWatch log group to send logs to.
> The CloudWatch log group must already be created.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-executecommandlogconfiguration.html#cfn-ecs-cluster-executecommandlogconfiguration-cloudwatchloggroupname

property s3BucketName

readonly s3BucketName?: string;

The name of the S3 bucket to send logs to.
> The S3 bucket must already be created.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-executecommandlogconfiguration.html#cfn-ecs-cluster-executecommandlogconfiguration-s3bucketname

property s3EncryptionEnabled

readonly s3EncryptionEnabled?: boolean | cdk.IResolvable;

Determines whether to use encryption on the S3 logs. If not specified, encryption is not used.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-executecommandlogconfiguration.html#cfn-ecs-cluster-executecommandlogconfiguration-s3encryptionenabled

property s3KeyPrefix

readonly s3KeyPrefix?: string;

An optional folder in the S3 bucket to place logs in.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-executecommandlogconfiguration.html#cfn-ecs-cluster-executecommandlogconfiguration-s3keyprefix

interface ServiceConnectDefaultsProperty

interface ServiceConnectDefaultsProperty {}

Use this parameter to set a default Service Connect namespace. After you set a default Service Connect namespace, any new services with Service Connect turned on that are created in the cluster are added as client services in the namespace. This setting only applies to new services that set the enabled parameter to true in the ServiceConnectConfiguration . You can set the namespace of each service individually in the ServiceConnectConfiguration to override this default parameter.
Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide* .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-serviceconnectdefaults.html

property namespace

readonly namespace?: string;

The namespace name or full Amazon Resource Name (ARN) of the AWS Cloud Map namespace that's used when you create a service and don't specify a Service Connect configuration. The namespace name can include up to 1024 characters. The name is case-sensitive. The name can't include hyphens (-), tilde (~), greater than (>), less than (<), or slash (/).
If you enter an existing namespace name or ARN, then that namespace will be used. Any namespace type is supported. The namespace must be in this account and this AWS Region.
If you enter a new name, a AWS Cloud Map namespace will be created. Amazon ECS creates a AWS Cloud Map namespace with the "API calls" method of instance discovery only. This instance discovery method is the "HTTP" namespace type in the AWS Command Line Interface . Other types of instance discovery aren't used by Service Connect.
If you update the service with an empty string "" for the namespace name, the cluster configuration for Service Connect is removed. Note that the namespace will remain in AWS Cloud Map and must be deleted separately.
For more information about AWS Cloud Map , see [Working with Services](https://docs.aws.amazon.com/cloud-map/latest/dg/working-with-services.html) in the *AWS Cloud Map Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-serviceconnectdefaults.html#cfn-ecs-cluster-serviceconnectdefaults-namespace

namespace CfnClusterCapacityProviderAssociations

namespace CfnClusterCapacityProviderAssociations {}

interface CapacityProviderStrategyProperty

interface CapacityProviderStrategyProperty {}

The CapacityProviderStrategy property specifies the details of the default capacity provider strategy for the cluster. When services or tasks are run in the cluster with no launch type or capacity provider strategy specified, the default capacity provider strategy is used.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-clustercapacityproviderassociations-capacityproviderstrategy.html

property base

readonly base?: number;

The *base* value designates how many tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a *base* defined. If no value is specified, the default value of 0 is used.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-clustercapacityproviderassociations-capacityproviderstrategy.html#cfn-ecs-clustercapacityproviderassociations-capacityproviderstrategy-base

property capacityProvider

readonly capacityProvider: string;

The short name of the capacity provider.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-clustercapacityproviderassociations-capacityproviderstrategy.html#cfn-ecs-clustercapacityproviderassociations-capacityproviderstrategy-capacityprovider

property weight

readonly weight?: number;

The *weight* value designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The weight value is taken into consideration after the base value, if defined, is satisfied.
If no weight value is specified, the default value of 0 is used. When multiple capacity providers are specified within a capacity provider strategy, at least one of the capacity providers must have a weight value greater than zero and any capacity providers with a weight of 0 will not be used to place tasks. If you specify multiple capacity providers in a strategy that all have a weight of 0 , any RunTask or CreateService actions using the capacity provider strategy will fail.
An example scenario for using weights is defining a strategy that contains two capacity providers and both have a weight of 1 , then when the base is satisfied, the tasks will be split evenly across the two capacity providers. Using that same logic, if you specify a weight of 1 for *capacityProviderA* and a weight of 4 for *capacityProviderB* , then for every one task that is run using *capacityProviderA* , four tasks would use *capacityProviderB* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-clustercapacityproviderassociations-capacityproviderstrategy.html#cfn-ecs-clustercapacityproviderassociations-capacityproviderstrategy-weight

namespace CfnService

namespace CfnService {}

interface AwsVpcConfigurationProperty

interface AwsVpcConfigurationProperty {}

An object representing the networking details for a task or service.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-awsvpcconfiguration.html

property assignPublicIp

readonly assignPublicIp?: string;

Whether the task's elastic network interface receives a public IP address. The default value is DISABLED .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-awsvpcconfiguration.html#cfn-ecs-service-awsvpcconfiguration-assignpublicip

property securityGroups

readonly securityGroups?: string[];

The IDs of the security groups associated with the task or service. If you don't specify a security group, the default security group for the VPC is used. There's a limit of 5 security groups that can be specified per AwsVpcConfiguration .
> All specified security groups must be from the same VPC.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-awsvpcconfiguration.html#cfn-ecs-service-awsvpcconfiguration-securitygroups

property subnets

readonly subnets: string[];

The IDs of the subnets associated with the task or service. There's a limit of 16 subnets that can be specified per AwsVpcConfiguration .
> All specified subnets must be from the same VPC.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-awsvpcconfiguration.html#cfn-ecs-service-awsvpcconfiguration-subnets

interface CapacityProviderStrategyItemProperty

interface CapacityProviderStrategyItemProperty {}

The details of a capacity provider strategy. A capacity provider strategy can be set when using the RunTask or CreateService APIs or as the default capacity provider strategy for a cluster with the CreateCluster API.
Only capacity providers that are already associated with a cluster and have an ACTIVE or UPDATING status can be used in a capacity provider strategy. The PutClusterCapacityProviders API is used to associate a capacity provider with a cluster.
If specifying a capacity provider that uses an Auto Scaling group, the capacity provider must already be created. New Auto Scaling group capacity providers can be created with the CreateCapacityProvider API operation.
To use an AWS Fargate capacity provider, specify either the FARGATE or FARGATE_SPOT capacity providers. The AWS Fargate capacity providers are available to all accounts and only need to be associated with a cluster to be used in a capacity provider strategy.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-capacityproviderstrategyitem.html

property base

readonly base?: number;

The *base* value designates how many tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a *base* defined. If no value is specified, the default value of 0 is used.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-capacityproviderstrategyitem.html#cfn-ecs-service-capacityproviderstrategyitem-base

property capacityProvider

readonly capacityProvider?: string;

The short name of the capacity provider.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-capacityproviderstrategyitem.html#cfn-ecs-service-capacityproviderstrategyitem-capacityprovider

property weight

readonly weight?: number;

The *weight* value designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The weight value is taken into consideration after the base value, if defined, is satisfied.
If no weight value is specified, the default value of 0 is used. When multiple capacity providers are specified within a capacity provider strategy, at least one of the capacity providers must have a weight value greater than zero and any capacity providers with a weight of 0 can't be used to place tasks. If you specify multiple capacity providers in a strategy that all have a weight of 0 , any RunTask or CreateService actions using the capacity provider strategy will fail.
An example scenario for using weights is defining a strategy that contains two capacity providers and both have a weight of 1 , then when the base is satisfied, the tasks will be split evenly across the two capacity providers. Using that same logic, if you specify a weight of 1 for *capacityProviderA* and a weight of 4 for *capacityProviderB* , then for every one task that's run using *capacityProviderA* , four tasks would use *capacityProviderB* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-capacityproviderstrategyitem.html#cfn-ecs-service-capacityproviderstrategyitem-weight

interface DeploymentAlarmsProperty

interface DeploymentAlarmsProperty {}

One of the methods which provide a way for you to quickly identify when a deployment has failed, and then to optionally roll back the failure to the last working deployment.
When the alarms are generated, Amazon ECS sets the service deployment to failed. Set the rollback parameter to have Amazon ECS to roll back your service to the last completed deployment after a failure.
You can only use the DeploymentAlarms method to detect failures when the DeploymentController is set to ECS (rolling update).
For more information, see [Rolling update](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-ecs.html) in the **Amazon Elastic Container Service Developer Guide** .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-deploymentalarms.html

property alarmNames

readonly alarmNames: string[];

One or more CloudWatch alarm names. Use a "," to separate the alarms.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-deploymentalarms.html#cfn-ecs-service-deploymentalarms-alarmnames

property enable

readonly enable: boolean | cdk.IResolvable;

Determines whether to use the CloudWatch alarm option in the service deployment process.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-deploymentalarms.html#cfn-ecs-service-deploymentalarms-enable

property rollback

readonly rollback: boolean | cdk.IResolvable;

Determines whether to configure Amazon ECS to roll back the service if a service deployment fails. If rollback is used, when a service deployment fails, the service is rolled back to the last deployment that completed successfully.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-deploymentalarms.html#cfn-ecs-service-deploymentalarms-rollback

interface DeploymentCircuitBreakerProperty

interface DeploymentCircuitBreakerProperty {}

> The deployment circuit breaker can only be used for services using the rolling update ( ECS ) deployment type.
The *deployment circuit breaker* determines whether a service deployment will fail if the service can't reach a steady state. If it is turned on, a service deployment will transition to a failed state and stop launching new tasks. You can also configure Amazon ECS to roll back your service to the last completed deployment after a failure. For more information, see [Rolling update](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-ecs.html) in the *Amazon Elastic Container Service Developer Guide* .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-deploymentcircuitbreaker.html

property enable

readonly enable: boolean | cdk.IResolvable;

Determines whether to use the deployment circuit breaker logic for the service.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-deploymentcircuitbreaker.html#cfn-ecs-service-deploymentcircuitbreaker-enable

property rollback

readonly rollback: boolean | cdk.IResolvable;

Determines whether to configure Amazon ECS to roll back the service if a service deployment fails. If rollback is on, when a service deployment fails, the service is rolled back to the last deployment that completed successfully.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-deploymentcircuitbreaker.html#cfn-ecs-service-deploymentcircuitbreaker-rollback

interface DeploymentConfigurationProperty

interface DeploymentConfigurationProperty {}

The DeploymentConfiguration property specifies optional deployment parameters that control how many tasks run during the deployment and the ordering of stopping and starting tasks.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-deploymentconfiguration.html

property alarms

readonly alarms?: CfnService.DeploymentAlarmsProperty | cdk.IResolvable;

Information about the CloudWatch alarms.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-deploymentconfiguration.html#cfn-ecs-service-deploymentconfiguration-alarms

property deploymentCircuitBreaker

readonly deploymentCircuitBreaker?:
    | CfnService.DeploymentCircuitBreakerProperty
    | cdk.IResolvable;

> The deployment circuit breaker can only be used for services using the rolling update ( ECS ) deployment type.
The *deployment circuit breaker* determines whether a service deployment will fail if the service can't reach a steady state. If you use the deployment circuit breaker, a service deployment will transition to a failed state and stop launching new tasks. If you use the rollback option, when a service deployment fails, the service is rolled back to the last deployment that completed successfully. For more information, see [Rolling update](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-ecs.html) in the *Amazon Elastic Container Service Developer Guide*
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-deploymentconfiguration.html#cfn-ecs-service-deploymentconfiguration-deploymentcircuitbreaker

property maximumPercent

readonly maximumPercent?: number;

If a service is using the rolling update ( ECS ) deployment type, the maximumPercent parameter represents an upper limit on the number of your service's tasks that are allowed in the RUNNING or PENDING state during a deployment, as a percentage of the desiredCount (rounded down to the nearest integer). This parameter enables you to define the deployment batch size. For example, if your service is using the REPLICA service scheduler and has a desiredCount of four tasks and a maximumPercent value of 200%, the scheduler may start four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available). The default maximumPercent value for a service using the REPLICA service scheduler is 200%.
If a service is using either the blue/green ( CODE_DEPLOY ) or EXTERNAL deployment types and tasks that use the EC2 launch type, the *maximum percent* value is set to the default value and is used to define the upper limit on the number of the tasks in the service that remain in the RUNNING state while the container instances are in the DRAINING state. If the tasks in the service use the Fargate launch type, the maximum percent value is not used, although it is returned when describing your service.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-deploymentconfiguration.html#cfn-ecs-service-deploymentconfiguration-maximumpercent

property minimumHealthyPercent

readonly minimumHealthyPercent?: number;

If a service is using the rolling update ( ECS ) deployment type, the minimumHealthyPercent represents a lower limit on the number of your service's tasks that must remain in the RUNNING state during a deployment, as a percentage of the desiredCount (rounded up to the nearest integer). This parameter enables you to deploy without using additional cluster capacity. For example, if your service has a desiredCount of four tasks and a minimumHealthyPercent of 50%, the service scheduler may stop two existing tasks to free up cluster capacity before starting two new tasks.
For services that *do not* use a load balancer, the following should be noted:
- A service is considered healthy if all essential containers within the tasks in the service pass their health checks. - If a task has no essential containers with a health check defined, the service scheduler will wait for 40 seconds after a task reaches a RUNNING state before the task is counted towards the minimum healthy percent total. - If a task has one or more essential containers with a health check defined, the service scheduler will wait for the task to reach a healthy status before counting it towards the minimum healthy percent total. A task is considered healthy when all essential containers within the task have passed their health checks. The amount of time the service scheduler can wait for is determined by the container health check settings.
For services are that *do* use a load balancer, the following should be noted:
- If a task has no essential containers with a health check defined, the service scheduler will wait for the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total. - If a task has an essential container with a health check defined, the service scheduler will wait for both the task to reach a healthy status and the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.
If a service is using either the blue/green ( CODE_DEPLOY ) or EXTERNAL deployment types and is running tasks that use the EC2 launch type, the *minimum healthy percent* value is set to the default value and is used to define the lower limit on the number of the tasks in the service that remain in the RUNNING state while the container instances are in the DRAINING state. If a service is using either the blue/green ( CODE_DEPLOY ) or EXTERNAL deployment types and is running tasks that use the Fargate launch type, the minimum healthy percent value is not used, although it is returned when describing your service.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-deploymentconfiguration.html#cfn-ecs-service-deploymentconfiguration-minimumhealthypercent

interface DeploymentControllerProperty

interface DeploymentControllerProperty {}

The deployment controller to use for the service. For more information, see [Amazon ECS deployment types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html) in the *Amazon Elastic Container Service Developer Guide* .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-deploymentcontroller.html

property type

readonly type?: string;

The deployment controller type to use. There are three deployment controller types available:
- **ECS** - The rolling update ( ECS ) deployment type involves replacing the current running version of the container with the latest version. The number of containers Amazon ECS adds or removes from the service during a rolling update is controlled by adjusting the minimum and maximum number of healthy tasks allowed during a service deployment, as specified in the [DeploymentConfiguration](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DeploymentConfiguration.html) . - **CODE_DEPLOY** - The blue/green ( CODE_DEPLOY ) deployment type uses the blue/green deployment model powered by AWS CodeDeploy , which allows you to verify a new deployment of a service before sending production traffic to it. - **EXTERNAL** - The external ( EXTERNAL ) deployment type enables you to use any third-party deployment controller for full control over the deployment process for an Amazon ECS service.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-deploymentcontroller.html#cfn-ecs-service-deploymentcontroller-type

interface LoadBalancerProperty

interface LoadBalancerProperty {}

The LoadBalancer property specifies details on a load balancer that is used with a service.
If the service is using the CODE_DEPLOY deployment controller, the service is required to use either an Application Load Balancer or Network Load Balancer. When you are creating an AWS CodeDeploy deployment group, you specify two target groups (referred to as a targetGroupPair ). Each target group binds to a separate task set in the deployment. The load balancer can also have up to two listeners, a required listener for production traffic and an optional listener that allows you to test new revisions of the service before routing production traffic to it.
Services with tasks that use the awsvpc network mode (for example, those with the Fargate launch type) only support Application Load Balancers and Network Load Balancers. Classic Load Balancers are not supported. Also, when you create any target groups for these services, you must choose ip as the target type, not instance . Tasks that use the awsvpc network mode are associated with an elastic network interface, not an Amazon EC2 instance.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-loadbalancer.html

property containerName

readonly containerName?: string;

The name of the container (as it appears in a container definition) to associate with the load balancer.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-loadbalancer.html#cfn-ecs-service-loadbalancer-containername

property containerPort

readonly containerPort: number;

The port on the container to associate with the load balancer. This port must correspond to a containerPort in the task definition the tasks in the service are using. For tasks that use the EC2 launch type, the container instance they're launched on must allow ingress traffic on the hostPort of the port mapping.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-loadbalancer.html#cfn-ecs-service-loadbalancer-containerport

property loadBalancerName

readonly loadBalancerName?: string;

The name of the load balancer to associate with the Amazon ECS service or task set.
A load balancer name is only specified when using a Classic Load Balancer. If you are using an Application Load Balancer or a Network Load Balancer the load balancer name parameter should be omitted.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-loadbalancer.html#cfn-ecs-service-loadbalancer-loadbalancername

property targetGroupArn

readonly targetGroupArn?: string;

The full Amazon Resource Name (ARN) of the Elastic Load Balancing target group or groups associated with a service or task set.
A target group ARN is only specified when using an Application Load Balancer or Network Load Balancer. If you're using a Classic Load Balancer, omit the target group ARN.
For services using the ECS deployment controller, you can specify one or multiple target groups. For more information, see [Registering multiple target groups with a service](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/register-multiple-targetgroups.html) in the *Amazon Elastic Container Service Developer Guide* .
For services using the CODE_DEPLOY deployment controller, you're required to define two target groups for the load balancer. For more information, see [Blue/green deployment with CodeDeploy](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-bluegreen.html) in the *Amazon Elastic Container Service Developer Guide* .
> If your service's task definition uses the awsvpc network mode, you must choose ip as the target type, not instance . Do this when creating your target groups because tasks that use the awsvpc network mode are associated with an elastic network interface, not an Amazon EC2 instance. This network mode is required for the Fargate launch type.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-loadbalancer.html#cfn-ecs-service-loadbalancer-targetgrouparn

interface LogConfigurationProperty

interface LogConfigurationProperty {}

The log configuration for the container. This parameter maps to LogConfig in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the --log-driver option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/commandline/run/) .
By default, containers use the same logging driver that the Docker daemon uses. However, the container might use a different logging driver than the Docker daemon by specifying a log driver configuration in the container definition. For more information about the options for different supported log drivers, see [Configure logging drivers](https://docs.aws.amazon.com/https://docs.docker.com/engine/admin/logging/overview/) in the Docker documentation.
Understand the following when specifying a log configuration for your containers.
- Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon (shown in the valid values below). Additional log drivers may be available in future releases of the Amazon ECS container agent. - This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. - For tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must register the available logging drivers with the ECS_AVAILABLE_LOGGING_DRIVERS environment variable before containers placed on that instance can use these log configuration options. For more information, see [Amazon ECS container agent configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html) in the *Amazon Elastic Container Service Developer Guide* . - For tasks that are on AWS Fargate , because you don't have access to the underlying infrastructure your tasks are hosted on, any additional software needed must be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-logconfiguration.html

property logDriver

readonly logDriver?: string;

The log driver to use for the container.
For tasks on AWS Fargate , the supported log drivers are awslogs , splunk , and awsfirelens .
For tasks hosted on Amazon EC2 instances, the supported log drivers are awslogs , fluentd , gelf , json-file , journald , logentries , syslog , splunk , and awsfirelens .
For more information about using the awslogs log driver, see [Using the awslogs log driver](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html) in the *Amazon Elastic Container Service Developer Guide* .
For more information about using the awsfirelens log driver, see [Custom log routing](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html) in the *Amazon Elastic Container Service Developer Guide* .
> If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's [available on GitHub](https://docs.aws.amazon.com/https://github.com/aws/amazon-ecs-agent) and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-logconfiguration.html#cfn-ecs-service-logconfiguration-logdriver

property options

readonly options?:
    | {
          [key: string]: string;
      }
    | cdk.IResolvable;

The configuration options to send to the log driver. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-logconfiguration.html#cfn-ecs-service-logconfiguration-options

property secretOptions

readonly secretOptions?:
    | Array<CfnService.SecretProperty | cdk.IResolvable>
    | cdk.IResolvable;

The secrets to pass to the log configuration. For more information, see [Specifying sensitive data](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-logconfiguration.html#cfn-ecs-service-logconfiguration-secretoptions

interface NetworkConfigurationProperty

interface NetworkConfigurationProperty {}

The NetworkConfiguration property specifies an object representing the network configuration for a task or service.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-networkconfiguration.html

property awsvpcConfiguration

readonly awsvpcConfiguration?:
    | CfnService.AwsVpcConfigurationProperty
    | cdk.IResolvable;

The VPC subnets and security groups that are associated with a task.
> All specified subnets and security groups must be from the same VPC.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-networkconfiguration.html#cfn-ecs-service-networkconfiguration-awsvpcconfiguration

interface PlacementConstraintProperty

interface PlacementConstraintProperty {}

The PlacementConstraint property specifies an object representing a constraint on task placement in the task definition. For more information, see [Task Placement Constraints](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-constraints.html) in the *Amazon Elastic Container Service Developer Guide* .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-placementconstraint.html

property expression

readonly expression?: string;

A cluster query language expression to apply to the constraint. The expression can have a maximum length of 2000 characters. You can't specify an expression if the constraint type is distinctInstance . For more information, see [Cluster query language](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-query-language.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-placementconstraint.html#cfn-ecs-service-placementconstraint-expression

property type

readonly type: string;

The type of constraint. Use distinctInstance to ensure that each task in a particular group is running on a different container instance. Use memberOf to restrict the selection to a group of valid candidates.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-placementconstraint.html#cfn-ecs-service-placementconstraint-type

interface PlacementStrategyProperty

interface PlacementStrategyProperty {}

The PlacementStrategy property specifies the task placement strategy for a task or service. For more information, see [Task Placement Strategies](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-strategies.html) in the *Amazon Elastic Container Service Developer Guide* .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-placementstrategy.html

property field

readonly field?: string;

The field to apply the placement strategy against. For the spread placement strategy, valid values are instanceId (or host , which has the same effect), or any platform or custom attribute that is applied to a container instance, such as attribute:ecs.availability-zone . For the binpack placement strategy, valid values are CPU and MEMORY . For the random placement strategy, this field is not used.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-placementstrategy.html#cfn-ecs-service-placementstrategy-field

property type

readonly type: string;

The type of placement strategy. The random placement strategy randomly places tasks on available candidates. The spread placement strategy spreads placement across available candidates evenly based on the field parameter. The binpack strategy places tasks on available candidates that have the least available amount of the resource that's specified with the field parameter. For example, if you binpack on memory, a task is placed on the instance with the least amount of remaining memory but still enough to run the task.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-placementstrategy.html#cfn-ecs-service-placementstrategy-type

interface SecretProperty

interface SecretProperty {}

An object representing the secret to expose to your container. Secrets can be exposed to a container in the following ways:
- To inject sensitive data into your containers as environment variables, use the secrets container definition parameter. - To reference sensitive information in the log configuration of a container, use the secretOptions container definition parameter.
For more information, see [Specifying sensitive data](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html) in the *Amazon Elastic Container Service Developer Guide* .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-secret.html

property name

readonly name: string;

The name of the secret.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-secret.html#cfn-ecs-service-secret-name

property valueFrom

readonly valueFrom: string;

The secret to expose to the container. The supported values are either the full ARN of the AWS Secrets Manager secret or the full ARN of the parameter in the SSM Parameter Store.
For information about the require AWS Identity and Access Management permissions, see [Required IAM permissions for Amazon ECS secrets](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data-secrets.html#secrets-iam) (for Secrets Manager) or [Required IAM permissions for Amazon ECS secrets](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data-parameters.html) (for Systems Manager Parameter store) in the *Amazon Elastic Container Service Developer Guide* .
> If the SSM Parameter Store parameter exists in the same Region as the task you're launching, then you can use either the full ARN or name of the parameter. If the parameter exists in a different Region, then the full ARN must be specified.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-secret.html#cfn-ecs-service-secret-valuefrom

interface ServiceConnectClientAliasProperty

interface ServiceConnectClientAliasProperty {}

Each alias ("endpoint") is a fully-qualified name and port number that other tasks ("clients") can use to connect to this service.
Each name and port mapping must be unique within the namespace.
Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide* .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-serviceconnectclientalias.html

property dnsName

readonly dnsName?: string;

The dnsName is the name that you use in the applications of client tasks to connect to this service. The name must be a valid DNS name but doesn't need to be fully-qualified. The name can include up to 127 characters. The name can include lowercase letters, numbers, underscores (_), hyphens (-), and periods (.). The name can't start with a hyphen.
If this parameter isn't specified, the default value of discoveryName.namespace is used. If the discoveryName isn't specified, the port mapping name from the task definition is used in portName.namespace .
To avoid changing your applications in client Amazon ECS services, set this to the same name that the client application uses by default. For example, a few common names are database , db , or the lowercase name of a database, such as mysql or redis . For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-serviceconnectclientalias.html#cfn-ecs-service-serviceconnectclientalias-dnsname

property port

readonly port: number;

The listening port number for the Service Connect proxy. This port is available inside of all of the tasks within the same namespace.
To avoid changing your applications in client Amazon ECS services, set this to the same port that the client application uses by default. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-serviceconnectclientalias.html#cfn-ecs-service-serviceconnectclientalias-port

interface ServiceConnectConfigurationProperty

interface ServiceConnectConfigurationProperty {}

The Service Connect configuration of your Amazon ECS service. The configuration for this service to discover and connect to services, and be discovered by, and connected from, other services within a namespace.
Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide* .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-serviceconnectconfiguration.html

property enabled

readonly enabled: boolean | cdk.IResolvable;

Specifies whether to use Service Connect with this service.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-serviceconnectconfiguration.html#cfn-ecs-service-serviceconnectconfiguration-enabled

property logConfiguration

readonly logConfiguration?:
    | CfnService.LogConfigurationProperty
    | cdk.IResolvable;

The log configuration for the container. This parameter maps to LogConfig in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the --log-driver option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/commandline/run/) .
By default, containers use the same logging driver that the Docker daemon uses. However, the container might use a different logging driver than the Docker daemon by specifying a log driver configuration in the container definition. For more information about the options for different supported log drivers, see [Configure logging drivers](https://docs.aws.amazon.com/https://docs.docker.com/engine/admin/logging/overview/) in the Docker documentation.
Understand the following when specifying a log configuration for your containers.
- Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon (shown in the valid values below). Additional log drivers may be available in future releases of the Amazon ECS container agent. - This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. - For tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must register the available logging drivers with the ECS_AVAILABLE_LOGGING_DRIVERS environment variable before containers placed on that instance can use these log configuration options. For more information, see [Amazon ECS container agent configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html) in the *Amazon Elastic Container Service Developer Guide* . - For tasks that are on AWS Fargate , because you don't have access to the underlying infrastructure your tasks are hosted on, any additional software needed must be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-serviceconnectconfiguration.html#cfn-ecs-service-serviceconnectconfiguration-logconfiguration

property namespace

readonly namespace?: string;

The namespace name or full Amazon Resource Name (ARN) of the AWS Cloud Map namespace for use with Service Connect. The namespace must be in the same AWS Region as the Amazon ECS service and cluster. The type of namespace doesn't affect Service Connect. For more information about AWS Cloud Map , see [Working with Services](https://docs.aws.amazon.com/cloud-map/latest/dg/working-with-services.html) in the *AWS Cloud Map Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-serviceconnectconfiguration.html#cfn-ecs-service-serviceconnectconfiguration-namespace

property services

readonly services?:
    | Array<CfnService.ServiceConnectServiceProperty | cdk.IResolvable>
    | cdk.IResolvable;

The list of Service Connect service objects. These are names and aliases (also known as endpoints) that are used by other Amazon ECS services to connect to this service.
This field is not required for a "client" Amazon ECS service that's a member of a namespace only to connect to other services within the namespace. An example of this would be a frontend application that accepts incoming requests from either a load balancer that's attached to the service or by other means.
An object selects a port from the task definition, assigns a name for the AWS Cloud Map service, and a list of aliases (endpoints) and ports for client applications to refer to this service.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-serviceconnectconfiguration.html#cfn-ecs-service-serviceconnectconfiguration-services

interface ServiceConnectServiceProperty

interface ServiceConnectServiceProperty {}

The Service Connect service object configuration. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide* .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-serviceconnectservice.html

property clientAliases

readonly clientAliases?:
    | Array<CfnService.ServiceConnectClientAliasProperty | cdk.IResolvable>
    | cdk.IResolvable;

The list of client aliases for this Service Connect service. You use these to assign names that can be used by client applications. The maximum number of client aliases that you can have in this list is 1.
Each alias ("endpoint") is a fully-qualified name and port number that other Amazon ECS tasks ("clients") can use to connect to this service.
Each name and port mapping must be unique within the namespace.
For each ServiceConnectService , you must provide at least one clientAlias with one port .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-serviceconnectservice.html#cfn-ecs-service-serviceconnectservice-clientaliases

property discoveryName

readonly discoveryName?: string;

The discoveryName is the name of the new AWS Cloud Map service that Amazon ECS creates for this Amazon ECS service. This must be unique within the AWS Cloud Map namespace. The name can contain up to 64 characters. The name can include lowercase letters, numbers, underscores (_), and hyphens (-). The name can't start with a hyphen.
If the discoveryName isn't specified, the port mapping name from the task definition is used in portName.namespace .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-serviceconnectservice.html#cfn-ecs-service-serviceconnectservice-discoveryname

property ingressPortOverride

readonly ingressPortOverride?: number;

The port number for the Service Connect proxy to listen on.
Use the value of this field to bypass the proxy for traffic on the port number specified in the named portMapping in the task definition of this application, and then use it in your VPC security groups to allow traffic into the proxy for this Amazon ECS service.
In awsvpc mode and Fargate, the default value is the container port number. The container port number is in the portMapping in the task definition. In bridge mode, the default value is the ephemeral port of the Service Connect proxy.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-serviceconnectservice.html#cfn-ecs-service-serviceconnectservice-ingressportoverride

property portName

readonly portName: string;

The portName must match the name of one of the portMappings from all the containers in the task definition of this Amazon ECS service.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-serviceconnectservice.html#cfn-ecs-service-serviceconnectservice-portname

interface ServiceRegistryProperty

interface ServiceRegistryProperty {}

The ServiceRegistry property specifies details of the service registry. For more information, see [Service Discovery](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html) in the *Amazon Elastic Container Service Developer Guide* .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-serviceregistry.html

property containerName

readonly containerName?: string;

The container name value to be used for your service discovery service. It's already specified in the task definition. If the task definition that your service task specifies uses the bridge or host network mode, you must specify a containerName and containerPort combination from the task definition. If the task definition that your service task specifies uses the awsvpc network mode and a type SRV DNS record is used, you must specify either a containerName and containerPort combination or a port value. However, you can't specify both.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-serviceregistry.html#cfn-ecs-service-serviceregistry-containername

property containerPort

readonly containerPort?: number;

The port value to be used for your service discovery service. It's already specified in the task definition. If the task definition your service task specifies uses the bridge or host network mode, you must specify a containerName and containerPort combination from the task definition. If the task definition your service task specifies uses the awsvpc network mode and a type SRV DNS record is used, you must specify either a containerName and containerPort combination or a port value. However, you can't specify both.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-serviceregistry.html#cfn-ecs-service-serviceregistry-containerport

property port

readonly port?: number;

The port value used if your service discovery service specified an SRV record. This field might be used if both the awsvpc network mode and SRV records are used.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-serviceregistry.html#cfn-ecs-service-serviceregistry-port

property registryArn

readonly registryArn?: string;

The Amazon Resource Name (ARN) of the service registry. The currently supported service registry is AWS Cloud Map . For more information, see [CreateService](https://docs.aws.amazon.com/cloud-map/latest/api/API_CreateService.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-serviceregistry.html#cfn-ecs-service-serviceregistry-registryarn

namespace CfnTaskDefinition

namespace CfnTaskDefinition {}

interface AuthorizationConfigProperty

interface AuthorizationConfigProperty {}

The authorization configuration details for the Amazon EFS file system.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-authorizationconfig.html

property accessPointId

readonly accessPointId?: string;

The Amazon EFS access point ID to use. If an access point is specified, the root directory value specified in the EFSVolumeConfiguration must either be omitted or set to / which will enforce the path set on the EFS access point. If an access point is used, transit encryption must be on in the EFSVolumeConfiguration . For more information, see [Working with Amazon EFS access points](https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html) in the *Amazon Elastic File System User Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-authorizationconfig.html#cfn-ecs-taskdefinition-authorizationconfig-accesspointid

property iam

readonly iam?: string;

Determines whether to use the Amazon ECS task role defined in a task definition when mounting the Amazon EFS file system. If it is turned on, transit encryption must be turned on in the EFSVolumeConfiguration . If this parameter is omitted, the default value of DISABLED is used. For more information, see [Using Amazon EFS access points](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/efs-volumes.html#efs-volume-accesspoints) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-authorizationconfig.html#cfn-ecs-taskdefinition-authorizationconfig-iam

interface ContainerDefinitionProperty

interface ContainerDefinitionProperty {}

The ContainerDefinition property specifies a container definition. Container definitions are used in task definitions to describe the different containers that are launched as part of a task.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html

property command

readonly command?: string[];

The command that's passed to the container. This parameter maps to Cmd in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the COMMAND parameter to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) . For more information, see [https://docs.docker.com/engine/reference/builder/#cmd](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/builder/#cmd) . If there are multiple arguments, each argument is a separated string in the array.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-command

property cpu

readonly cpu?: number;

The number of cpu units reserved for the container. This parameter maps to CpuShares in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the --cpu-shares option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) .
This field is optional for tasks using the Fargate launch type, and the only requirement is that the total amount of CPU reserved for all containers within a task be lower than the task-level cpu value.
> You can determine the number of CPU units that are available per EC2 instance type by multiplying the vCPUs listed for that instance type on the [Amazon EC2 Instances](https://docs.aws.amazon.com/ec2/instance-types/) detail page by 1,024.
Linux containers share unallocated CPU units with other containers on the container instance with the same ratio as their allocated amount. For example, if you run a single-container task on a single-core instance type with 512 CPU units specified for that container, and that's the only task running on the container instance, that container could use the full 1,024 CPU unit share at any given time. However, if you launched another copy of the same task on that container instance, each task is guaranteed a minimum of 512 CPU units when needed. Moreover, each container could float to higher CPU usage if the other container was not using it. If both tasks were 100% active all of the time, they would be limited to 512 CPU units.
On Linux container instances, the Docker daemon on the container instance uses the CPU value to calculate the relative CPU share ratios for running containers. For more information, see [CPU share constraint](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#cpu-share-constraint) in the Docker documentation. The minimum valid CPU share value that the Linux kernel allows is 2. However, the CPU parameter isn't required, and you can use CPU values below 2 in your container definitions. For CPU values below 2 (including null), the behavior varies based on your Amazon ECS container agent version:
- *Agent versions less than or equal to 1.1.0:* Null and zero CPU values are passed to Docker as 0, which Docker then converts to 1,024 CPU shares. CPU values of 1 are passed to Docker as 1, which the Linux kernel converts to two CPU shares. - *Agent versions greater than or equal to 1.2.0:* Null, zero, and CPU values of 1 are passed to Docker as 2.
On Windows container instances, the CPU limit is enforced as an absolute limit, or a quota. Windows containers only have access to the specified amount of CPU that's described in the task definition. A null or zero CPU value is passed to Docker as 0 , which Windows interprets as 1% of one CPU.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-cpu

property dependsOn

readonly dependsOn?:
    | Array<CfnTaskDefinition.ContainerDependencyProperty | cdk.IResolvable>
    | cdk.IResolvable;

The dependencies defined for container startup and shutdown. A container can contain multiple dependencies. When a dependency is defined for container startup, for container shutdown it is reversed.
For tasks using the EC2 launch type, the container instances require at least version 1.26.0 of the container agent to turn on container dependencies. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see [Updating the Amazon ECS Container Agent](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html) in the *Amazon Elastic Container Service Developer Guide* . If you're using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the ecs-init package. If your container instances are launched from version 20190301 or later, then they contain the required versions of the container agent and ecs-init . For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) in the *Amazon Elastic Container Service Developer Guide* .
For tasks using the Fargate launch type, the task or service requires the following platforms:
- Linux platform version 1.3.0 or later. - Windows platform version 1.0.0 or later.
If the task definition is used in a blue/green deployment that uses [AWS::CodeDeploy::DeploymentGroup BlueGreenDeploymentConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codedeploy-deploymentgroup-bluegreendeploymentconfiguration.html) , the dependsOn parameter is not supported. For more information see [Issue #680](https://docs.aws.amazon.com/https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/680) on the on the GitHub website.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-dependson

property disableNetworking

readonly disableNetworking?: boolean | cdk.IResolvable;

When this parameter is true, networking is off within the container. This parameter maps to NetworkDisabled in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) .
> This parameter is not supported for Windows containers.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-disablenetworking

property dnsSearchDomains

readonly dnsSearchDomains?: string[];

A list of DNS search domains that are presented to the container. This parameter maps to DnsSearch in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the --dns-search option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) .
> This parameter is not supported for Windows containers.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-dnssearchdomains

property dnsServers

readonly dnsServers?: string[];

A list of DNS servers that are presented to the container. This parameter maps to Dns in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the --dns option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) .
> This parameter is not supported for Windows containers.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-dnsservers

property dockerLabels

readonly dockerLabels?:
    | {
          [key: string]: string;
      }
    | cdk.IResolvable;

A key/value map of labels to add to the container. This parameter maps to Labels in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the --label option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) . This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-dockerlabels

property dockerSecurityOptions

readonly dockerSecurityOptions?: string[];

A list of strings to provide custom configuration for multiple security systems. For more information about valid values, see [Docker Run Security Configuration](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) . This field isn't valid for containers in tasks using the Fargate launch type.
For Linux tasks on EC2, this parameter can be used to reference custom labels for SELinux and AppArmor multi-level security systems.
For any tasks on EC2, this parameter can be used to reference a credential spec file that configures a container for Active Directory authentication. For more information, see [Using gMSAs for Windows Containers](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows-gmsa.html) and [Using gMSAs for Linux Containers](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/linux-gmsa.html) in the *Amazon Elastic Container Service Developer Guide* .
This parameter maps to SecurityOpt in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the --security-opt option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) .
> The Amazon ECS container agent running on a container instance must register with the ECS_SELINUX_CAPABLE=true or ECS_APPARMOR_CAPABLE=true environment variables before containers placed on that instance can use these security options. For more information, see [Amazon ECS Container Agent Configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html) in the *Amazon Elastic Container Service Developer Guide* .
For more information about valid values, see [Docker Run Security Configuration](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) .
Valid values: "no-new-privileges" | "apparmor:PROFILE" | "label:value" | "credentialspec:CredentialSpecFilePath"
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-dockersecurityoptions

property entryPoint

readonly entryPoint?: string[];

> Early versions of the Amazon ECS container agent don't properly handle entryPoint parameters. If you have problems using entryPoint , update your container agent or enter your commands and arguments as command array items instead.
The entry point that's passed to the container. This parameter maps to Entrypoint in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the --entrypoint option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) . For more information, see [https://docs.docker.com/engine/reference/builder/#entrypoint](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/builder/#entrypoint) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-entrypoint

property environment

readonly environment?:
    | Array<CfnTaskDefinition.KeyValuePairProperty | cdk.IResolvable>
    | cdk.IResolvable;

The environment variables to pass to a container. This parameter maps to Env in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the --env option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) .
> We don't recommend that you use plaintext environment variables for sensitive information, such as credential data.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-environment

property environmentFiles

readonly environmentFiles?:
    | Array<CfnTaskDefinition.EnvironmentFileProperty | cdk.IResolvable>
    | cdk.IResolvable;

A list of files containing the environment variables to pass to a container. This parameter maps to the --env-file option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) .
You can specify up to ten environment files. The file must have a .env file extension. Each line in an environment file contains an environment variable in VARIABLE=VALUE format. Lines beginning with # are treated as comments and are ignored. For more information about the environment variable file syntax, see [Declare default environment variables in file](https://docs.aws.amazon.com/https://docs.docker.com/compose/env-file/) .
If there are environment variables specified using the environment parameter in a container definition, they take precedence over the variables contained within an environment file. If multiple environment files are specified that contain the same variable, they're processed from the top down. We recommend that you use unique variable names. For more information, see [Specifying Environment Variables](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/taskdef-envfiles.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-environmentfiles

property essential

readonly essential?: boolean | cdk.IResolvable;

If the essential parameter of a container is marked as true , and that container fails or stops for any reason, all other containers that are part of the task are stopped. If the essential parameter of a container is marked as false , its failure doesn't affect the rest of the containers in a task. If this parameter is omitted, a container is assumed to be essential.
All tasks must have at least one essential container. If you have an application that's composed of multiple containers, group containers that are used for a common purpose into components, and separate the different components into multiple task definitions. For more information, see [Application Architecture](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/application_architecture.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-essential

property extraHosts

readonly extraHosts?:
    | Array<CfnTaskDefinition.HostEntryProperty | cdk.IResolvable>
    | cdk.IResolvable;

A list of hostnames and IP address mappings to append to the /etc/hosts file on the container. This parameter maps to ExtraHosts in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the --add-host option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) .
> This parameter isn't supported for Windows containers or tasks that use the awsvpc network mode.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-extrahosts

property firelensConfiguration

readonly firelensConfiguration?:
    | CfnTaskDefinition.FirelensConfigurationProperty
    | cdk.IResolvable;

The FireLens configuration for the container. This is used to specify and configure a log router for container logs. For more information, see [Custom Log Routing](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-firelensconfiguration

property healthCheck

readonly healthCheck?: CfnTaskDefinition.HealthCheckProperty | cdk.IResolvable;

The container health check command and associated configuration parameters for the container. This parameter maps to HealthCheck in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the HEALTHCHECK parameter of [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-healthcheck

property hostname

readonly hostname?: string;

The hostname to use for your container. This parameter maps to Hostname in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the --hostname option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) .
> The hostname parameter is not supported if you're using the awsvpc network mode.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-hostname

property image

readonly image: string;

The image used to start a container. This string is passed directly to the Docker daemon. By default, images in the Docker Hub registry are available. Other repositories are specified with either *repository-url* / *image* : *tag* or *repository-url* / *image* @ *digest* . Up to 255 letters (uppercase and lowercase), numbers, hyphens, underscores, colons, periods, forward slashes, and number signs are allowed. This parameter maps to Image in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the IMAGE parameter of [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) .
- When a new task starts, the Amazon ECS container agent pulls the latest version of the specified image and tag for the container to use. However, subsequent updates to a repository image aren't propagated to already running tasks. - Images in Amazon ECR repositories can be specified by either using the full registry/repository:tag or registry/repository@digest . For example, 012345678910.dkr.ecr.<region-name>.amazonaws.com/<repository-name>:latest or 012345678910.dkr.ecr.<region-name>.amazonaws.com/<repository-name>@sha256:94afd1f2e64d908bc90dbca0035a5b567EXAMPLE . - Images in official repositories on Docker Hub use a single name (for example, ubuntu or mongo ). - Images in other repositories on Docker Hub are qualified with an organization name (for example, amazon/amazon-ecs-agent ). - Images in other online repositories are qualified further by a domain name (for example, quay.io/assemblyline/ubuntu ).
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-image

property interactive

readonly interactive?: boolean | cdk.IResolvable;

When this parameter is true , you can deploy containerized applications that require stdin or a tty to be allocated. This parameter maps to OpenStdin in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the --interactive option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-interactive

property links

readonly links?: string[];

The links parameter allows containers to communicate with each other without the need for port mappings. This parameter is only supported if the network mode of a task definition is bridge . The name:internalName construct is analogous to name:alias in Docker links. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. For more information about linking Docker containers, go to [Legacy container links](https://docs.aws.amazon.com/https://docs.docker.com/network/links/) in the Docker documentation. This parameter maps to Links in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the --link option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) .
> This parameter is not supported for Windows containers. > Containers that are collocated on a single container instance may be able to communicate with each other without requiring links or host port mappings. Network isolation is achieved on the container instance using security groups and VPC settings.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-links

property linuxParameters

readonly linuxParameters?:
    | CfnTaskDefinition.LinuxParametersProperty
    | cdk.IResolvable;

Linux-specific modifications that are applied to the container, such as Linux kernel capabilities. For more information see [KernelCapabilities](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_KernelCapabilities.html) .
> This parameter is not supported for Windows containers.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-linuxparameters

property logConfiguration

readonly logConfiguration?:
    | CfnTaskDefinition.LogConfigurationProperty
    | cdk.IResolvable;

The log configuration specification for the container.
This parameter maps to LogConfig in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the --log-driver option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/) . By default, containers use the same logging driver that the Docker daemon uses. However, the container may use a different logging driver than the Docker daemon by specifying a log driver with this parameter in the container definition. To use a different logging driver for a container, the log system must be configured properly on the container instance (or on a different log server for remote logging options). For more information on the options for different supported log drivers, see [Configure logging drivers](https://docs.aws.amazon.com/https://docs.docker.com/engine/admin/logging/overview/) in the Docker documentation.
> Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon (shown in the [LogConfiguration](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_LogConfiguration.html) data type). Additional log drivers may be available in future releases of the Amazon ECS container agent.
This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'
> The Amazon ECS container agent running on a container instance must register the logging drivers available on that instance with the ECS_AVAILABLE_LOGGING_DRIVERS environment variable before containers placed on that instance can use these log configuration options. For more information, see [Amazon ECS Container Agent Configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-logconfiguration

property memory

readonly memory?: number;

The amount (in MiB) of memory to present to the container. If your container attempts to exceed the memory specified here, the container is killed. The total amount of memory reserved for all containers within a task must be lower than the task memory value, if one is specified. This parameter maps to Memory in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the --memory option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) .
If using the Fargate launch type, this parameter is optional.
If using the EC2 launch type, you must specify either a task-level memory value or a container-level memory value. If you specify both a container-level memory and memoryReservation value, memory must be greater than memoryReservation . If you specify memoryReservation , then that value is subtracted from the available memory resources for the container instance where the container is placed. Otherwise, the value of memory is used.
The Docker 20.10.0 or later daemon reserves a minimum of 6 MiB of memory for a container, so you should not specify fewer than 6 MiB of memory for your containers.
The Docker 19.03.13-ce or earlier daemon reserves a minimum of 4 MiB of memory for a container, so you should not specify fewer than 4 MiB of memory for your containers.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-memory

property memoryReservation

readonly memoryReservation?: number;

The soft limit (in MiB) of memory to reserve for the container. When system memory is under heavy contention, Docker attempts to keep the container memory to this soft limit. However, your container can consume more memory when it needs to, up to either the hard limit specified with the memory parameter (if applicable), or all of the available memory on the container instance, whichever comes first. This parameter maps to MemoryReservation in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the --memory-reservation option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) .
If a task-level memory value is not specified, you must specify a non-zero integer for one or both of memory or memoryReservation in a container definition. If you specify both, memory must be greater than memoryReservation . If you specify memoryReservation , then that value is subtracted from the available memory resources for the container instance where the container is placed. Otherwise, the value of memory is used.
For example, if your container normally uses 128 MiB of memory, but occasionally bursts to 256 MiB of memory for short periods of time, you can set a memoryReservation of 128 MiB, and a memory hard limit of 300 MiB. This configuration would allow the container to only reserve 128 MiB of memory from the remaining resources on the container instance, but also allow the container to consume more memory resources when needed.
The Docker 20.10.0 or later daemon reserves a minimum of 6 MiB of memory for a container. So, don't specify less than 6 MiB of memory for your containers.
The Docker 19.03.13-ce or earlier daemon reserves a minimum of 4 MiB of memory for a container. So, don't specify less than 4 MiB of memory for your containers.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-memoryreservation

property mountPoints

readonly mountPoints?:
    | Array<CfnTaskDefinition.MountPointProperty | cdk.IResolvable>
    | cdk.IResolvable;

The mount points for data volumes in your container.
This parameter maps to Volumes in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the --volume option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) .
Windows containers can mount whole directories on the same drive as $env:ProgramData . Windows containers can't mount directories on a different drive, and mount point can't be across drives.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-mountpoints

property name

readonly name: string;

The name of a container. If you're linking multiple containers together in a task definition, the name of one container can be entered in the links of another container to connect the containers. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. This parameter maps to name in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the --name option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-name

property portMappings

readonly portMappings?:
    | Array<CfnTaskDefinition.PortMappingProperty | cdk.IResolvable>
    | cdk.IResolvable;

The list of port mappings for the container. Port mappings allow containers to access ports on the host container instance to send or receive traffic.
For task definitions that use the awsvpc network mode, you should only specify the containerPort . The hostPort can be left blank or it must be the same value as the containerPort .
Port mappings on Windows use the NetNAT gateway address rather than localhost . There is no loopback for port mappings on Windows, so you cannot access a container's mapped port from the host itself.
This parameter maps to PortBindings in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the --publish option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/) . If the network mode of a task definition is set to none , then you can't specify port mappings. If the network mode of a task definition is set to host , then host ports must either be undefined or they must match the container port in the port mapping.
> After a task reaches the RUNNING status, manual and automatic host and container port assignments are visible in the *Network Bindings* section of a container description for a selected task in the Amazon ECS console. The assignments are also visible in the networkBindings section [DescribeTasks](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DescribeTasks.html) responses.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-portmappings

property privileged

readonly privileged?: boolean | cdk.IResolvable;

When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user). This parameter maps to Privileged in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the --privileged option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) .
> This parameter is not supported for Windows containers or tasks run on AWS Fargate .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-privileged

property pseudoTerminal

readonly pseudoTerminal?: boolean | cdk.IResolvable;

When this parameter is true , a TTY is allocated. This parameter maps to Tty in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the --tty option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-pseudoterminal

property readonlyRootFilesystem

readonly readonlyRootFilesystem?: boolean | cdk.IResolvable;

When this parameter is true, the container is given read-only access to its root file system. This parameter maps to ReadonlyRootfs in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the --read-only option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) .
> This parameter is not supported for Windows containers.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-readonlyrootfilesystem

property repositoryCredentials

readonly repositoryCredentials?:
    | CfnTaskDefinition.RepositoryCredentialsProperty
    | cdk.IResolvable;

The private repository authentication credentials to use.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-repositorycredentials

property resourceRequirements

readonly resourceRequirements?:
    | Array<CfnTaskDefinition.ResourceRequirementProperty | cdk.IResolvable>
    | cdk.IResolvable;

The type and amount of a resource to assign to a container. The only supported resource is a GPU.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-resourcerequirements

property secrets

readonly secrets?:
    | Array<CfnTaskDefinition.SecretProperty | cdk.IResolvable>
    | cdk.IResolvable;

The secrets to pass to the container. For more information, see [Specifying Sensitive Data](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-secrets

property startTimeout

readonly startTimeout?: number;

Time duration (in seconds) to wait before giving up on resolving dependencies for a container. For example, you specify two containers in a task definition with containerA having a dependency on containerB reaching a COMPLETE , SUCCESS , or HEALTHY status. If a startTimeout value is specified for containerB and it doesn't reach the desired status within that time then containerA gives up and not start. This results in the task transitioning to a STOPPED state.
> When the ECS_CONTAINER_START_TIMEOUT container agent configuration variable is used, it's enforced independently from this start timeout value.
For tasks using the Fargate launch type, the task or service requires the following platforms:
- Linux platform version 1.3.0 or later. - Windows platform version 1.0.0 or later.
For tasks using the EC2 launch type, your container instances require at least version 1.26.0 of the container agent to use a container start timeout value. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see [Updating the Amazon ECS Container Agent](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html) in the *Amazon Elastic Container Service Developer Guide* . If you're using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the ecs-init package. If your container instances are launched from version 20190301 or later, then they contain the required versions of the container agent and ecs-init . For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-starttimeout

property stopTimeout

readonly stopTimeout?: number;

Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own.
For tasks using the Fargate launch type, the task or service requires the following platforms:
- Linux platform version 1.3.0 or later. - Windows platform version 1.0.0 or later.
The max stop timeout value is 120 seconds and if the parameter is not specified, the default value of 30 seconds is used.
For tasks that use the EC2 launch type, if the stopTimeout parameter isn't specified, the value set for the Amazon ECS container agent configuration variable ECS_CONTAINER_STOP_TIMEOUT is used. If neither the stopTimeout parameter or the ECS_CONTAINER_STOP_TIMEOUT agent configuration variable are set, then the default values of 30 seconds for Linux containers and 30 seconds on Windows containers are used. Your container instances require at least version 1.26.0 of the container agent to use a container stop timeout value. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see [Updating the Amazon ECS Container Agent](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html) in the *Amazon Elastic Container Service Developer Guide* . If you're using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the ecs-init package. If your container instances are launched from version 20190301 or later, then they contain the required versions of the container agent and ecs-init . For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-stoptimeout

property systemControls

readonly systemControls?:
    | Array<CfnTaskDefinition.SystemControlProperty | cdk.IResolvable>
    | cdk.IResolvable;

A list of namespaced kernel parameters to set in the container. This parameter maps to Sysctls in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the --sysctl option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) .
> We don't recommended that you specify network-related systemControls parameters for multiple containers in a single task that also uses either the awsvpc or host network modes. For tasks that use the awsvpc network mode, the container that's started last determines which systemControls parameters take effect. For tasks that use the host network mode, it changes the container instance's namespaced kernel parameters as well as the containers.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-systemcontrols

property ulimits

readonly ulimits?:
    | Array<CfnTaskDefinition.UlimitProperty | cdk.IResolvable>
    | cdk.IResolvable;

A list of ulimits to set in the container. This parameter maps to Ulimits in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the --ulimit option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/) . Valid naming values are displayed in the [Ulimit](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_Ulimit.html) data type. This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'
> This parameter is not supported for Windows containers.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-ulimits

property user

readonly user?: string;

The user to use inside the container. This parameter maps to User in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the --user option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) .
> When running tasks using the host network mode, don't run containers using the root user (UID 0). We recommend using a non-root user for better security.
You can specify the user using the following formats. If specifying a UID or GID, you must specify it as a positive integer.
- user - user:group - uid - uid:gid - user:gid - uid:group
> This parameter is not supported for Windows containers.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-user

property volumesFrom

readonly volumesFrom?:
    | Array<CfnTaskDefinition.VolumeFromProperty | cdk.IResolvable>
    | cdk.IResolvable;

Data volumes to mount from another container. This parameter maps to VolumesFrom in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the --volumes-from option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-volumesfrom

property workingDirectory

readonly workingDirectory?: string;

The working directory to run commands inside the container in. This parameter maps to WorkingDir in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the --workdir option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-workingdirectory

interface ContainerDependencyProperty

interface ContainerDependencyProperty {}

The ContainerDependency property specifies the dependencies defined for container startup and shutdown. A container can contain multiple dependencies. When a dependency is defined for container startup, for container shutdown it is reversed.
Your Amazon ECS container instances require at least version 1.26.0 of the container agent to enable container dependencies. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see [Updating the Amazon ECS Container Agent](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html) in the *Amazon Elastic Container Service Developer Guide* . If you are using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the ecs-init package. If your container instances are launched from version 20190301 or later, then they contain the required versions of the container agent and ecs-init . For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) in the *Amazon Elastic Container Service Developer Guide* .
> For tasks using the Fargate launch type, this parameter requires that the task or service uses platform version 1.3.0 or later.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdependency.html

property condition

readonly condition?: string;

The dependency condition of the container. The following are the available conditions and their behavior:
- START - This condition emulates the behavior of links and volumes today. It validates that a dependent container is started before permitting other containers to start. - COMPLETE - This condition validates that a dependent container runs to completion (exits) before permitting other containers to start. This can be useful for nonessential containers that run a script and then exit. This condition can't be set on an essential container. - SUCCESS - This condition is the same as COMPLETE , but it also requires that the container exits with a zero status. This condition can't be set on an essential container. - HEALTHY - This condition validates that the dependent container passes its Docker health check before permitting other containers to start. This requires that the dependent container has health checks configured. This condition is confirmed only at task startup.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdependency.html#cfn-ecs-taskdefinition-containerdependency-condition

property containerName

readonly containerName?: string;

The name of a container.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdependency.html#cfn-ecs-taskdefinition-containerdependency-containername

interface DeviceProperty

interface DeviceProperty {}

The Device property specifies an object representing a container instance host device.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-device.html

property containerPath

readonly containerPath?: string;

The path inside the container at which to expose the host device.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-device.html#cfn-ecs-taskdefinition-device-containerpath

property hostPath

readonly hostPath?: string;

The path for the device on the host container instance.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-device.html#cfn-ecs-taskdefinition-device-hostpath

property permissions

readonly permissions?: string[];

The explicit permissions to provide to the container for the device. By default, the container has permissions for read , write , and mknod for the device.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-device.html#cfn-ecs-taskdefinition-device-permissions

interface DockerVolumeConfigurationProperty

interface DockerVolumeConfigurationProperty {}

The DockerVolumeConfiguration property specifies a Docker volume configuration and is used when you use Docker volumes. Docker volumes are only supported when you are using the EC2 launch type. Windows containers only support the use of the local driver. To use bind mounts, specify a host instead.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-dockervolumeconfiguration.html

property autoprovision

readonly autoprovision?: boolean | cdk.IResolvable;

If this value is true , the Docker volume is created if it doesn't already exist.
> This field is only used if the scope is shared .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-dockervolumeconfiguration.html#cfn-ecs-taskdefinition-dockervolumeconfiguration-autoprovision

property driver

readonly driver?: string;

The Docker volume driver to use. The driver value must match the driver name provided by Docker because it is used for task placement. If the driver was installed using the Docker plugin CLI, use docker plugin ls to retrieve the driver name from your container instance. If the driver was installed using another method, use Docker plugin discovery to retrieve the driver name. For more information, see [Docker plugin discovery](https://docs.aws.amazon.com/https://docs.docker.com/engine/extend/plugin_api/#plugin-discovery) . This parameter maps to Driver in the [Create a volume](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/VolumeCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the xxdriver option to [docker volume create](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/commandline/volume_create/) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-dockervolumeconfiguration.html#cfn-ecs-taskdefinition-dockervolumeconfiguration-driver

property driverOpts

readonly driverOpts?:
    | {
          [key: string]: string;
      }
    | cdk.IResolvable;

A map of Docker driver-specific options passed through. This parameter maps to DriverOpts in the [Create a volume](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/VolumeCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the xxopt option to [docker volume create](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/commandline/volume_create/) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-dockervolumeconfiguration.html#cfn-ecs-taskdefinition-dockervolumeconfiguration-driveropts

property labels

readonly labels?:
    | {
          [key: string]: string;
      }
    | cdk.IResolvable;

Custom metadata to add to your Docker volume. This parameter maps to Labels in the [Create a volume](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/VolumeCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the xxlabel option to [docker volume create](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/commandline/volume_create/) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-dockervolumeconfiguration.html#cfn-ecs-taskdefinition-dockervolumeconfiguration-labels

property scope

readonly scope?: string;

The scope for the Docker volume that determines its lifecycle. Docker volumes that are scoped to a task are automatically provisioned when the task starts and destroyed when the task stops. Docker volumes that are scoped as shared persist after the task stops.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-dockervolumeconfiguration.html#cfn-ecs-taskdefinition-dockervolumeconfiguration-scope

interface EFSVolumeConfigurationProperty

interface EFSVolumeConfigurationProperty {}

This parameter is specified when you're using an Amazon Elastic File System file system for task storage. For more information, see [Amazon EFS volumes](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/efs-volumes.html) in the *Amazon Elastic Container Service Developer Guide* .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-efsvolumeconfiguration.html

property authorizationConfig

readonly authorizationConfig?:
    | CfnTaskDefinition.AuthorizationConfigProperty
    | cdk.IResolvable;

The authorization configuration details for the Amazon EFS file system.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-efsvolumeconfiguration.html#cfn-ecs-taskdefinition-efsvolumeconfiguration-authorizationconfig

property filesystemId

readonly filesystemId: string;

The Amazon EFS file system ID to use.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-efsvolumeconfiguration.html#cfn-ecs-taskdefinition-efsvolumeconfiguration-filesystemid

property rootDirectory

readonly rootDirectory?: string;

The directory within the Amazon EFS file system to mount as the root directory inside the host. If this parameter is omitted, the root of the Amazon EFS volume will be used. Specifying / will have the same effect as omitting this parameter.
> If an EFS access point is specified in the authorizationConfig , the root directory parameter must either be omitted or set to / which will enforce the path set on the EFS access point.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-efsvolumeconfiguration.html#cfn-ecs-taskdefinition-efsvolumeconfiguration-rootdirectory

property transitEncryption

readonly transitEncryption?: string;

Determines whether to use encryption for Amazon EFS data in transit between the Amazon ECS host and the Amazon EFS server. Transit encryption must be turned on if Amazon EFS IAM authorization is used. If this parameter is omitted, the default value of DISABLED is used. For more information, see [Encrypting data in transit](https://docs.aws.amazon.com/efs/latest/ug/encryption-in-transit.html) in the *Amazon Elastic File System User Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-efsvolumeconfiguration.html#cfn-ecs-taskdefinition-efsvolumeconfiguration-transitencryption

property transitEncryptionPort

readonly transitEncryptionPort?: number;

The port to use when sending encrypted data between the Amazon ECS host and the Amazon EFS server. If you do not specify a transit encryption port, it will use the port selection strategy that the Amazon EFS mount helper uses. For more information, see [EFS mount helper](https://docs.aws.amazon.com/efs/latest/ug/efs-mount-helper.html) in the *Amazon Elastic File System User Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-efsvolumeconfiguration.html#cfn-ecs-taskdefinition-efsvolumeconfiguration-transitencryptionport

interface EnvironmentFileProperty

interface EnvironmentFileProperty {}

A list of files containing the environment variables to pass to a container. You can specify up to ten environment files. The file must have a .env file extension. Each line in an environment file should contain an environment variable in VARIABLE=VALUE format. Lines beginning with # are treated as comments and are ignored. For more information about the environment variable file syntax, see [Declare default environment variables in file](https://docs.aws.amazon.com/https://docs.docker.com/compose/env-file/) .
If there are environment variables specified using the environment parameter in a container definition, they take precedence over the variables contained within an environment file. If multiple environment files are specified that contain the same variable, they're processed from the top down. We recommend that you use unique variable names. For more information, see [Specifying environment variables](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/taskdef-envfiles.html) in the *Amazon Elastic Container Service Developer Guide* .
This parameter is only supported for tasks hosted on Fargate using the following platform versions:
- Linux platform version 1.4.0 or later. - Windows platform version 1.0.0 or later.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-environmentfile.html

property type

readonly type?: string;

The file type to use. The only supported value is s3 .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-environmentfile.html#cfn-ecs-taskdefinition-environmentfile-type

property value

readonly value?: string;

The Amazon Resource Name (ARN) of the Amazon S3 object containing the environment variable file.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-environmentfile.html#cfn-ecs-taskdefinition-environmentfile-value

interface EphemeralStorageProperty

interface EphemeralStorageProperty {}

The amount of ephemeral storage to allocate for the task. This parameter is used to expand the total amount of ephemeral storage available, beyond the default amount, for tasks hosted on AWS Fargate . For more information, see [Fargate task storage](https://docs.aws.amazon.com/AmazonECS/latest/userguide/using_data_volumes.html) in the *Amazon ECS User Guide for AWS Fargate* .
> For tasks using the Fargate launch type, the task requires the following platforms: > > - Linux platform version 1.4.0 or later. > - Windows platform version 1.0.0 or later.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-ephemeralstorage.html

property sizeInGiB

readonly sizeInGiB?: number;

The total amount, in GiB, of ephemeral storage to set for the task. The minimum supported value is 21 GiB and the maximum supported value is 200 GiB.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-ephemeralstorage.html#cfn-ecs-taskdefinition-ephemeralstorage-sizeingib

interface FirelensConfigurationProperty

interface FirelensConfigurationProperty {}

The FireLens configuration for the container. This is used to specify and configure a log router for container logs. For more information, see [Custom log routing](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html) in the *Amazon Elastic Container Service Developer Guide* .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-firelensconfiguration.html

property options

readonly options?:
    | {
          [key: string]: string;
      }
    | cdk.IResolvable;

The options to use when configuring the log router. This field is optional and can be used to add additional metadata, such as the task, task definition, cluster, and container instance details to the log event.
If specified, valid option keys are:
- enable-ecs-log-metadata , which can be true or false - config-file-type , which can be s3 or file - config-file-value , which is either an S3 ARN or a file path
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-firelensconfiguration.html#cfn-ecs-taskdefinition-firelensconfiguration-options

property type

readonly type?: string;

The log router to use. The valid values are fluentd or fluentbit .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-firelensconfiguration.html#cfn-ecs-taskdefinition-firelensconfiguration-type

interface HealthCheckProperty

interface HealthCheckProperty {}

The HealthCheck property specifies an object representing a container health check. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image (such as those specified in a parent image or from the image's Dockerfile). This configuration maps to the HEALTHCHECK parameter of [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/) .
> The Amazon ECS container agent only monitors and reports on the health checks specified in the task definition. Amazon ECS does not monitor Docker health checks that are embedded in a container image and not specified in the container definition. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image.
If a task is run manually, and not as part of a service, the task will continue its lifecycle regardless of its health status. For tasks that are part of a service, if the task reports as unhealthy then the task will be stopped and the service scheduler will replace it.
The following are notes about container health check support:
- Container health checks require version 1.17.0 or greater of the Amazon ECS container agent. For more information, see [Updating the Amazon ECS Container Agent](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html) . - Container health checks are supported for Fargate tasks if you are using platform version 1.1.0 or greater. For more information, see [AWS Fargate Platform Versions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html) . - Container health checks are not supported for tasks that are part of a service that is configured to use a Classic Load Balancer.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-healthcheck.html

property command

readonly command?: string[];

A string array representing the command that the container runs to determine if it is healthy. The string array must start with CMD to run the command arguments directly, or CMD-SHELL to run the command with the container's default shell.
When you use the AWS Management Console JSON panel, the AWS Command Line Interface , or the APIs, enclose the list of commands in double quotes and brackets.
[ "CMD-SHELL", "curl -f http://localhost/ || exit 1" ]
You don't include the double quotes and brackets when you use the AWS Management Console.
CMD-SHELL, curl -f http://localhost/ || exit 1
An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see HealthCheck in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-healthcheck.html#cfn-ecs-taskdefinition-healthcheck-command

property interval

readonly interval?: number;

The time period in seconds between each health check execution. You may specify between 5 and 300 seconds. The default value is 30 seconds.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-healthcheck.html#cfn-ecs-taskdefinition-healthcheck-interval

property retries

readonly retries?: number;

The number of times to retry a failed health check before the container is considered unhealthy. You may specify between 1 and 10 retries. The default value is 3.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-healthcheck.html#cfn-ecs-taskdefinition-healthcheck-retries

property startPeriod

readonly startPeriod?: number;

The optional grace period to provide containers time to bootstrap before failed health checks count towards the maximum number of retries. You can specify between 0 and 300 seconds. By default, the startPeriod is off.
> If a health check succeeds within the startPeriod , then the container is considered healthy and any subsequent failures count toward the maximum number of retries.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-healthcheck.html#cfn-ecs-taskdefinition-healthcheck-startperiod

property timeout

readonly timeout?: number;

The time period in seconds to wait for a health check to succeed before it is considered a failure. You may specify between 2 and 60 seconds. The default value is 5.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-healthcheck.html#cfn-ecs-taskdefinition-healthcheck-timeout

interface HostEntryProperty

interface HostEntryProperty {}

The HostEntry property specifies a hostname and an IP address that are added to the /etc/hosts file of a container through the extraHosts parameter of its ContainerDefinition resource.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-hostentry.html

property hostname

readonly hostname?: string;

The hostname to use in the /etc/hosts entry.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-hostentry.html#cfn-ecs-taskdefinition-hostentry-hostname

property ipAddress

readonly ipAddress?: string;

The IP address to use in the /etc/hosts entry.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-hostentry.html#cfn-ecs-taskdefinition-hostentry-ipaddress

interface HostVolumePropertiesProperty

interface HostVolumePropertiesProperty {}

The HostVolumeProperties property specifies details on a container instance bind mount host volume.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-hostvolumeproperties.html

property sourcePath

readonly sourcePath?: string;

When the host parameter is used, specify a sourcePath to declare the path on the host container instance that's presented to the container. If this parameter is empty, then the Docker daemon has assigned a host path for you. If the host parameter contains a sourcePath file location, then the data volume persists at the specified location on the host container instance until you delete it manually. If the sourcePath value doesn't exist on the host container instance, the Docker daemon creates it. If the location does exist, the contents of the source path folder are exported.
If you're using the Fargate launch type, the sourcePath parameter is not supported.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-hostvolumeproperties.html#cfn-ecs-taskdefinition-hostvolumeproperties-sourcepath

interface InferenceAcceleratorProperty

interface InferenceAcceleratorProperty {}

Details on an Elastic Inference accelerator. For more information, see [Working with Amazon Elastic Inference on Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-inference.html) in the *Amazon Elastic Container Service Developer Guide* .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-inferenceaccelerator.html

property deviceName

readonly deviceName?: string;

The Elastic Inference accelerator device name. The deviceName must also be referenced in a container definition as a [ResourceRequirement](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ResourceRequirement.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-inferenceaccelerator.html#cfn-ecs-taskdefinition-inferenceaccelerator-devicename

property deviceType

readonly deviceType?: string;

The Elastic Inference accelerator type to use.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-inferenceaccelerator.html#cfn-ecs-taskdefinition-inferenceaccelerator-devicetype

interface KernelCapabilitiesProperty

interface KernelCapabilitiesProperty {}

The KernelCapabilities property specifies the Linux capabilities for the container that are added to or dropped from the default configuration that is provided by Docker. For more information on the default capabilities and the non-default available capabilities, see [Runtime privilege and Linux capabilities](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities) in the *Docker run reference* . For more detailed information on these Linux capabilities, see the [capabilities(7)](https://docs.aws.amazon.com/http://man7.org/linux/man-pages/man7/capabilities.7.html) Linux manual page.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-kernelcapabilities.html

property add

readonly add?: string[];

The Linux capabilities for the container that have been added to the default configuration provided by Docker. This parameter maps to CapAdd in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the --cap-add option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) .
> Tasks launched on AWS Fargate only support adding the SYS_PTRACE kernel capability.
Valid values: "ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" | "FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" | "LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" | "NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" | "SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" | "SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT" | "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" | "SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-kernelcapabilities.html#cfn-ecs-taskdefinition-kernelcapabilities-add

property drop

readonly drop?: string[];

The Linux capabilities for the container that have been removed from the default configuration provided by Docker. This parameter maps to CapDrop in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the --cap-drop option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) .
Valid values: "ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" | "FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" | "LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" | "NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" | "SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" | "SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT" | "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" | "SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-kernelcapabilities.html#cfn-ecs-taskdefinition-kernelcapabilities-drop

interface KeyValuePairProperty

interface KeyValuePairProperty {}

A key-value pair object.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-keyvaluepair.html

property name

readonly name?: string;

The name of the key-value pair. For environment variables, this is the name of the environment variable.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-keyvaluepair.html#cfn-ecs-taskdefinition-keyvaluepair-name

property value

readonly value?: string;

The value of the key-value pair. For environment variables, this is the value of the environment variable.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-keyvaluepair.html#cfn-ecs-taskdefinition-keyvaluepair-value

interface LinuxParametersProperty

interface LinuxParametersProperty {}

The Linux-specific options that are applied to the container, such as Linux [KernelCapabilities](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_KernelCapabilities.html) .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-linuxparameters.html

property capabilities

readonly capabilities?:
    | CfnTaskDefinition.KernelCapabilitiesProperty
    | cdk.IResolvable;

The Linux capabilities for the container that are added to or dropped from the default configuration provided by Docker.
> For tasks that use the Fargate launch type, capabilities is supported for all platform versions but the add parameter is only supported if using platform version 1.4.0 or later.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-linuxparameters.html#cfn-ecs-taskdefinition-linuxparameters-capabilities

property devices

readonly devices?:
    | Array<CfnTaskDefinition.DeviceProperty | cdk.IResolvable>
    | cdk.IResolvable;

Any host devices to expose to the container. This parameter maps to Devices in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the --device option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) .
> If you're using tasks that use the Fargate launch type, the devices parameter isn't supported.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-linuxparameters.html#cfn-ecs-taskdefinition-linuxparameters-devices

property initProcessEnabled

readonly initProcessEnabled?: boolean | cdk.IResolvable;

Run an init process inside the container that forwards signals and reaps processes. This parameter maps to the --init option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) . This parameter requires version 1.25 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-linuxparameters.html#cfn-ecs-taskdefinition-linuxparameters-initprocessenabled

property maxSwap

readonly maxSwap?: number;

The total amount of swap memory (in MiB) a container can use. This parameter will be translated to the --memory-swap option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) where the value would be the sum of the container memory plus the maxSwap value.
If a maxSwap value of 0 is specified, the container will not use swap. Accepted values are 0 or any positive integer. If the maxSwap parameter is omitted, the container will use the swap configuration for the container instance it is running on. A maxSwap value must be set for the swappiness parameter to be used.
> If you're using tasks that use the Fargate launch type, the maxSwap parameter isn't supported. > > If you're using tasks on Amazon Linux 2023 the swappiness parameter isn't supported.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-linuxparameters.html#cfn-ecs-taskdefinition-linuxparameters-maxswap

property sharedMemorySize

readonly sharedMemorySize?: number;

The value for the size (in MiB) of the /dev/shm volume. This parameter maps to the --shm-size option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) .
> If you are using tasks that use the Fargate launch type, the sharedMemorySize parameter is not supported.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-linuxparameters.html#cfn-ecs-taskdefinition-linuxparameters-sharedmemorysize

property swappiness

readonly swappiness?: number;

This allows you to tune a container's memory swappiness behavior. A swappiness value of 0 will cause swapping to not happen unless absolutely necessary. A swappiness value of 100 will cause pages to be swapped very aggressively. Accepted values are whole numbers between 0 and 100 . If the swappiness parameter is not specified, a default value of 60 is used. If a value is not specified for maxSwap then this parameter is ignored. This parameter maps to the --memory-swappiness option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) .
> If you're using tasks that use the Fargate launch type, the swappiness parameter isn't supported. > > If you're using tasks on Amazon Linux 2023 the swappiness parameter isn't supported.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-linuxparameters.html#cfn-ecs-taskdefinition-linuxparameters-swappiness

property tmpfs

readonly tmpfs?:
    | Array<CfnTaskDefinition.TmpfsProperty | cdk.IResolvable>
    | cdk.IResolvable;

The container path, mount options, and size (in MiB) of the tmpfs mount. This parameter maps to the --tmpfs option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) .
> If you're using tasks that use the Fargate launch type, the tmpfs parameter isn't supported.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-linuxparameters.html#cfn-ecs-taskdefinition-linuxparameters-tmpfs

interface LogConfigurationProperty

interface LogConfigurationProperty {}

The LogConfiguration property specifies log configuration options to send to a custom log driver for the container.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-logconfiguration.html

property logDriver

readonly logDriver: string;

The log driver to use for the container.
For tasks on AWS Fargate , the supported log drivers are awslogs , splunk , and awsfirelens .
For tasks hosted on Amazon EC2 instances, the supported log drivers are awslogs , fluentd , gelf , json-file , journald , logentries , syslog , splunk , and awsfirelens .
For more information about using the awslogs log driver, see [Using the awslogs log driver](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html) in the *Amazon Elastic Container Service Developer Guide* .
For more information about using the awsfirelens log driver, see [Custom log routing](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html) in the *Amazon Elastic Container Service Developer Guide* .
> If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's [available on GitHub](https://docs.aws.amazon.com/https://github.com/aws/amazon-ecs-agent) and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-logconfiguration.html#cfn-ecs-taskdefinition-logconfiguration-logdriver

property options

readonly options?:
    | {
          [key: string]: string;
      }
    | cdk.IResolvable;

The configuration options to send to the log driver. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinitions-logconfiguration.html#cfn-ecs-taskdefinition-containerdefinition-logconfiguration-options

property secretOptions

readonly secretOptions?:
    | Array<CfnTaskDefinition.SecretProperty | cdk.IResolvable>
    | cdk.IResolvable;

The secrets to pass to the log configuration. For more information, see [Specifying sensitive data](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-logconfiguration.html#cfn-ecs-taskdefinition-logconfiguration-secretoptions

interface MountPointProperty

interface MountPointProperty {}

The details for a volume mount point that's used in a container definition.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-mountpoint.html

property containerPath

readonly containerPath?: string;

The path on the container to mount the host volume at.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-mountpoint.html#cfn-ecs-taskdefinition-mountpoint-containerpath

property readOnly

readonly readOnly?: boolean | cdk.IResolvable;

If this value is true , the container has read-only access to the volume. If this value is false , then the container can write to the volume. The default value is false .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-mountpoint.html#cfn-ecs-taskdefinition-mountpoint-readonly

property sourceVolume

readonly sourceVolume?: string;

The name of the volume to mount. Must be a volume name referenced in the name parameter of task definition volume .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-mountpoint.html#cfn-ecs-taskdefinition-mountpoint-sourcevolume

interface PortMappingProperty

interface PortMappingProperty {}

The PortMapping property specifies a port mapping. Port mappings allow containers to access ports on the host container instance to send or receive traffic. Port mappings are specified as part of the container definition.
If you are using containers in a task with the awsvpc or host network mode, exposed ports should be specified using containerPort . The hostPort can be left blank or it must be the same value as the containerPort .
After a task reaches the RUNNING status, manual and automatic host and container port assignments are visible in the networkBindings section of [DescribeTasks](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DescribeTasks.html) API responses.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-portmapping.html

property appProtocol

readonly appProtocol?: string;

The application protocol that's used for the port mapping. This parameter only applies to Service Connect. We recommend that you set this parameter to be consistent with the protocol that your application uses. If you set this parameter, Amazon ECS adds protocol-specific connection handling to the Service Connect proxy. If you set this parameter, Amazon ECS adds protocol-specific telemetry in the Amazon ECS console and CloudWatch.
If you don't set a value for this parameter, then TCP is used. However, Amazon ECS doesn't add protocol-specific telemetry for TCP.
Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-portmapping.html#cfn-ecs-taskdefinition-portmapping-appprotocol

property containerPort

readonly containerPort?: number;

The port number on the container that's bound to the user-specified or automatically assigned host port.
If you use containers in a task with the awsvpc or host network mode, specify the exposed ports using containerPort .
If you use containers in a task with the bridge network mode and you specify a container port and not a host port, your container automatically receives a host port in the ephemeral port range. For more information, see hostPort . Port mappings that are automatically assigned in this way do not count toward the 100 reserved ports limit of a container instance.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-portmapping.html#cfn-ecs-taskdefinition-portmapping-containerport

property containerPortRange

readonly containerPortRange?: string;

The port number range on the container that's bound to the dynamically mapped host port range.
The following rules apply when you specify a containerPortRange :
- You must use either the bridge network mode or the awsvpc network mode. - This parameter is available for both the EC2 and AWS Fargate launch types. - This parameter is available for both the Linux and Windows operating systems. - The container instance must have at least version 1.67.0 of the container agent and at least version 1.67.0-1 of the ecs-init package - You can specify a maximum of 100 port ranges per container. - You do not specify a hostPortRange . The value of the hostPortRange is set as follows:
- For containers in a task with the awsvpc network mode, the hostPort is set to the same value as the containerPort . This is a static mapping strategy. - For containers in a task with the bridge network mode, the Amazon ECS agent finds open host ports from the default ephemeral range and passes it to docker to bind them to the container ports. - The containerPortRange valid values are between 1 and 65535. - A port can only be included in one port mapping per container. - You cannot specify overlapping port ranges. - The first port in the range must be less than last port in the range. - Docker recommends that you turn off the docker-proxy in the Docker daemon config file when you have a large number of ports.
For more information, see [Issue #11185](https://docs.aws.amazon.com/https://github.com/moby/moby/issues/11185) on the Github website.
For information about how to turn off the docker-proxy in the Docker daemon config file, see [Docker daemon](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/bootstrap_container_instance.html#bootstrap_docker_daemon) in the *Amazon ECS Developer Guide* .
You can call [DescribeTasks](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DescribeTasks.html) to view the hostPortRange which are the host ports that are bound to the container ports.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-portmapping.html#cfn-ecs-taskdefinition-portmapping-containerportrange

property hostPort

readonly hostPort?: number;

The port number on the container instance to reserve for your container.
If you specify a containerPortRange , leave this field empty and the value of the hostPort is set as follows:
- For containers in a task with the awsvpc network mode, the hostPort is set to the same value as the containerPort . This is a static mapping strategy. - For containers in a task with the bridge network mode, the Amazon ECS agent finds open ports on the host and automatically binds them to the container ports. This is a dynamic mapping strategy.
If you use containers in a task with the awsvpc or host network mode, the hostPort can either be left blank or set to the same value as the containerPort .
If you use containers in a task with the bridge network mode, you can specify a non-reserved host port for your container port mapping, or you can omit the hostPort (or set it to 0 ) while specifying a containerPort and your container automatically receives a port in the ephemeral port range for your container instance operating system and Docker version.
The default ephemeral port range for Docker version 1.6.0 and later is listed on the instance under /proc/sys/net/ipv4/ip_local_port_range . If this kernel parameter is unavailable, the default ephemeral port range from 49153 through 65535 is used. Do not attempt to specify a host port in the ephemeral port range as these are reserved for automatic assignment. In general, ports below 32768 are outside of the ephemeral port range.
The default reserved ports are 22 for SSH, the Docker ports 2375 and 2376, and the Amazon ECS container agent ports 51678-51680. Any host port that was previously specified in a running task is also reserved while the task is running. That is, after a task stops, the host port is released. The current reserved ports are displayed in the remainingResources of [DescribeContainerInstances](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DescribeContainerInstances.html) output. A container instance can have up to 100 reserved ports at a time. This number includes the default reserved ports. Automatically assigned ports aren't included in the 100 reserved ports quota.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-portmapping.html#cfn-ecs-taskdefinition-portmapping-hostport

property name

readonly name?: string;

The name that's used for the port mapping. This parameter only applies to Service Connect. This parameter is the name that you use in the serviceConnectConfiguration of a service. The name can include up to 64 characters. The characters can include lowercase letters, numbers, underscores (_), and hyphens (-). The name can't start with a hyphen.
For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-portmapping.html#cfn-ecs-taskdefinition-portmapping-name

property protocol

readonly protocol?: string;

The protocol used for the port mapping. Valid values are tcp and udp . The default is tcp .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-portmapping.html#cfn-ecs-taskdefinition-portmapping-protocol

interface ProxyConfigurationProperty

interface ProxyConfigurationProperty {}

The configuration details for the App Mesh proxy.
For tasks that use the EC2 launch type, the container instances require at least version 1.26.0 of the container agent and at least version 1.26.0-1 of the ecs-init package to use a proxy configuration. If your container instances are launched from the Amazon ECS optimized AMI version 20190301 or later, then they contain the required versions of the container agent and ecs-init . For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html)
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-proxyconfiguration.html

property containerName

readonly containerName: string;

The name of the container that will serve as the App Mesh proxy.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-proxyconfiguration.html#cfn-ecs-taskdefinition-proxyconfiguration-containername

property proxyConfigurationProperties

readonly proxyConfigurationProperties?:
    | Array<CfnTaskDefinition.KeyValuePairProperty | cdk.IResolvable>
    | cdk.IResolvable;

The set of network configuration parameters to provide the Container Network Interface (CNI) plugin, specified as key-value pairs.
- IgnoredUID - (Required) The user ID (UID) of the proxy container as defined by the user parameter in a container definition. This is used to ensure the proxy ignores its own traffic. If IgnoredGID is specified, this field can be empty. - IgnoredGID - (Required) The group ID (GID) of the proxy container as defined by the user parameter in a container definition. This is used to ensure the proxy ignores its own traffic. If IgnoredUID is specified, this field can be empty. - AppPorts - (Required) The list of ports that the application uses. Network traffic to these ports is forwarded to the ProxyIngressPort and ProxyEgressPort . - ProxyIngressPort - (Required) Specifies the port that incoming traffic to the AppPorts is directed to. - ProxyEgressPort - (Required) Specifies the port that outgoing traffic from the AppPorts is directed to. - EgressIgnoredPorts - (Required) The egress traffic going to the specified ports is ignored and not redirected to the ProxyEgressPort . It can be an empty list. - EgressIgnoredIPs - (Required) The egress traffic going to the specified IP addresses is ignored and not redirected to the ProxyEgressPort . It can be an empty list.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-proxyconfiguration.html#cfn-ecs-taskdefinition-proxyconfiguration-proxyconfigurationproperties

property type

readonly type?: string;

The proxy type. The only supported value is APPMESH .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-proxyconfiguration.html#cfn-ecs-taskdefinition-proxyconfiguration-type

interface RepositoryCredentialsProperty

interface RepositoryCredentialsProperty {}

The repository credentials for private registry authentication.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-repositorycredentials.html

property credentialsParameter

readonly credentialsParameter?: string;

The Amazon Resource Name (ARN) of the secret containing the private repository credentials.
> When you use the Amazon ECS API, AWS CLI , or AWS SDK, if the secret exists in the same Region as the task that you're launching then you can use either the full ARN or the name of the secret. When you use the AWS Management Console, you must specify the full ARN of the secret.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-repositorycredentials.html#cfn-ecs-taskdefinition-repositorycredentials-credentialsparameter

interface ResourceRequirementProperty

interface ResourceRequirementProperty {}

The type and amount of a resource to assign to a container. The supported resource types are GPUs and Elastic Inference accelerators. For more information, see [Working with GPUs on Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-gpu.html) or [Working with Amazon Elastic Inference on Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-inference.html) in the *Amazon Elastic Container Service Developer Guide*
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-resourcerequirement.html

property type

readonly type: string;

The type of resource to assign to a container. The supported values are GPU or InferenceAccelerator .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-resourcerequirement.html#cfn-ecs-taskdefinition-resourcerequirement-type

property value

readonly value: string;

The value for the specified resource type.
If the GPU type is used, the value is the number of physical GPUs the Amazon ECS container agent reserves for the container. The number of GPUs that's reserved for all containers in a task can't exceed the number of available GPUs on the container instance that the task is launched on.
If the InferenceAccelerator type is used, the value matches the deviceName for an [InferenceAccelerator](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_InferenceAccelerator.html) specified in a task definition.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-resourcerequirement.html#cfn-ecs-taskdefinition-resourcerequirement-value

interface RuntimePlatformProperty

interface RuntimePlatformProperty {}

Information about the platform for the Amazon ECS service or task.
For more information about RuntimePlatform , see [RuntimePlatform](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#runtime-platform) in the *Amazon Elastic Container Service Developer Guide* .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-runtimeplatform.html

property cpuArchitecture

readonly cpuArchitecture?: string;

The CPU architecture.
You can run your Linux tasks on an ARM-based platform by setting the value to ARM64 . This option is available for tasks that run on Linux Amazon EC2 instance or Linux containers on Fargate.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-runtimeplatform.html#cfn-ecs-taskdefinition-runtimeplatform-cpuarchitecture

property operatingSystemFamily

readonly operatingSystemFamily?: string;

The operating system.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-runtimeplatform.html#cfn-ecs-taskdefinition-runtimeplatform-operatingsystemfamily

interface SecretProperty

interface SecretProperty {}

An object representing the secret to expose to your container. Secrets can be exposed to a container in the following ways:
- To inject sensitive data into your containers as environment variables, use the secrets container definition parameter. - To reference sensitive information in the log configuration of a container, use the secretOptions container definition parameter.
For more information, see [Specifying sensitive data](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html) in the *Amazon Elastic Container Service Developer Guide* .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-secret.html

property name

readonly name: string;

The name of the secret.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-secret.html#cfn-ecs-taskdefinition-secret-name

property valueFrom

readonly valueFrom: string;

The secret to expose to the container. The supported values are either the full ARN of the AWS Secrets Manager secret or the full ARN of the parameter in the SSM Parameter Store.
For information about the require AWS Identity and Access Management permissions, see [Required IAM permissions for Amazon ECS secrets](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data-secrets.html#secrets-iam) (for Secrets Manager) or [Required IAM permissions for Amazon ECS secrets](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data-parameters.html) (for Systems Manager Parameter store) in the *Amazon Elastic Container Service Developer Guide* .
> If the SSM Parameter Store parameter exists in the same Region as the task you're launching, then you can use either the full ARN or name of the parameter. If the parameter exists in a different Region, then the full ARN must be specified.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-secret.html#cfn-ecs-taskdefinition-secret-valuefrom

interface SystemControlProperty

interface SystemControlProperty {}

A list of namespaced kernel parameters to set in the container. This parameter maps to Sysctls in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the --sysctl option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) .
We don't recommend that you specify network-related systemControls parameters for multiple containers in a single task. This task also uses either the awsvpc or host network mode. It does it for the following reasons.
- For tasks that use the awsvpc network mode, if you set systemControls for any container, it applies to all containers in the task. If you set different systemControls for multiple containers in a single task, the container that's started last determines which systemControls take effect. - For tasks that use the host network mode, the systemControls parameter applies to the container instance's kernel parameter and that of all containers of any tasks running on that container instance.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-systemcontrol.html

property namespace

readonly namespace?: string;

The namespaced kernel parameter to set a value for.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-systemcontrol.html#cfn-ecs-taskdefinition-systemcontrol-namespace

property value

readonly value?: string;

The value for the namespaced kernel parameter that's specified in namespace .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-systemcontrol.html#cfn-ecs-taskdefinition-systemcontrol-value

interface TaskDefinitionPlacementConstraintProperty

interface TaskDefinitionPlacementConstraintProperty {}

The constraint on task placement in the task definition. For more information, see [Task placement constraints](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-constraints.html) in the *Amazon Elastic Container Service Developer Guide* .
> Task placement constraints aren't supported for tasks run on AWS Fargate .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-taskdefinitionplacementconstraint.html

property expression

readonly expression?: string;

A cluster query language expression to apply to the constraint. For more information, see [Cluster query language](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-query-language.html) in the *Amazon Elastic Container Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-taskdefinitionplacementconstraint.html#cfn-ecs-taskdefinition-taskdefinitionplacementconstraint-expression

property type

readonly type: string;

The type of constraint. The MemberOf constraint restricts selection to be from a group of valid candidates.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-taskdefinitionplacementconstraint.html#cfn-ecs-taskdefinition-taskdefinitionplacementconstraint-type

interface TmpfsProperty

interface TmpfsProperty {}

The container path, mount options, and size of the tmpfs mount.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-tmpfs.html

property containerPath

readonly containerPath?: string;

The absolute file path where the tmpfs volume is to be mounted.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-tmpfs.html#cfn-ecs-taskdefinition-tmpfs-containerpath

property mountOptions

readonly mountOptions?: string[];

The list of tmpfs volume mount options.
Valid values: "defaults" | "ro" | "rw" | "suid" | "nosuid" | "dev" | "nodev" | "exec" | "noexec" | "sync" | "async" | "dirsync" | "remount" | "mand" | "nomand" | "atime" | "noatime" | "diratime" | "nodiratime" | "bind" | "rbind" | "unbindable" | "runbindable" | "private" | "rprivate" | "shared" | "rshared" | "slave" | "rslave" | "relatime" | "norelatime" | "strictatime" | "nostrictatime" | "mode" | "uid" | "gid" | "nr_inodes" | "nr_blocks" | "mpol"
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-tmpfs.html#cfn-ecs-taskdefinition-tmpfs-mountoptions

property size

readonly size: number;

The maximum size (in MiB) of the tmpfs volume.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-tmpfs.html#cfn-ecs-taskdefinition-tmpfs-size

interface UlimitProperty

interface UlimitProperty {}

The ulimit settings to pass to the container.
Amazon ECS tasks hosted on AWS Fargate use the default resource limit values set by the operating system with the exception of the nofile resource limit parameter which AWS Fargate overrides. The nofile resource limit sets a restriction on the number of open files that a container can use. The default nofile soft limit is 1024 and the default hard limit is 4096 .
You can specify the ulimit settings for a container in a task definition.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-ulimit.html

property hardLimit

readonly hardLimit: number;

The hard limit for the ulimit type.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-ulimit.html#cfn-ecs-taskdefinition-ulimit-hardlimit

property name

readonly name: string;

The type of the ulimit .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-ulimit.html#cfn-ecs-taskdefinition-ulimit-name

property softLimit

readonly softLimit: number;

The soft limit for the ulimit type.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-ulimit.html#cfn-ecs-taskdefinition-ulimit-softlimit

interface VolumeFromProperty

interface VolumeFromProperty {}

Details on a data volume from another container in the same task definition.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-volumefrom.html

property readOnly

readonly readOnly?: boolean | cdk.IResolvable;

If this value is true , the container has read-only access to the volume. If this value is false , then the container can write to the volume. The default value is false .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-volumefrom.html#cfn-ecs-taskdefinition-volumefrom-readonly

property sourceContainer

readonly sourceContainer?: string;

The name of another container within the same task definition to mount volumes from.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-volumefrom.html#cfn-ecs-taskdefinition-volumefrom-sourcecontainer

interface VolumeProperty

interface VolumeProperty {}

The Volume property specifies a data volume used in a task definition. For tasks that use a Docker volume, specify a DockerVolumeConfiguration . For tasks that use a bind mount host volume, specify a host and optional sourcePath . For more information about host and optional sourcePath , see [Volumes](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#volumes) and [Using Data Volumes in Tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_data_volumes.html) .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-volume.html

property dockerVolumeConfiguration

readonly dockerVolumeConfiguration?:
    | CfnTaskDefinition.DockerVolumeConfigurationProperty
    | cdk.IResolvable;

This parameter is specified when you use Docker volumes.
Windows containers only support the use of the local driver. To use bind mounts, specify the host parameter instead.
> Docker volumes aren't supported by tasks run on AWS Fargate .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-volume.html#cfn-ecs-taskdefinition-volume-dockervolumeconfiguration

property efsVolumeConfiguration

readonly efsVolumeConfiguration?:
    | CfnTaskDefinition.EFSVolumeConfigurationProperty
    | cdk.IResolvable;

This parameter is specified when you use an Amazon Elastic File System file system for task storage.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-volume.html#cfn-ecs-taskdefinition-volume-efsvolumeconfiguration

property host

readonly host?: CfnTaskDefinition.HostVolumePropertiesProperty | cdk.IResolvable;

This parameter is specified when you use bind mount host volumes. The contents of the host parameter determine whether your bind mount host volume persists on the host container instance and where it's stored. If the host parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data isn't guaranteed to persist after the containers that are associated with it stop running.
Windows containers can mount whole directories on the same drive as $env:ProgramData . Windows containers can't mount directories on a different drive, and mount point can't be across drives. For example, you can mount C:\my\path:C:\my\path and D:\:D:\ , but not D:\my\path:C:\my\path or D:\:C:\my\path .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-volume.html#cfn-ecs-taskdefinition-volume-host

property name

readonly name?: string;

The name of the volume. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. This name is referenced in the sourceVolume parameter of container definition mountPoints .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-volume.html#cfn-ecs-taskdefinition-volume-name

namespace CfnTaskSet

namespace CfnTaskSet {}

interface AwsVpcConfigurationProperty

interface AwsVpcConfigurationProperty {}

An object representing the networking details for a task or service.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskset-awsvpcconfiguration.html

property assignPublicIp

readonly assignPublicIp?: string;

Whether the task's elastic network interface receives a public IP address. The default value is DISABLED .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskset-awsvpcconfiguration.html#cfn-ecs-taskset-awsvpcconfiguration-assignpublicip

property securityGroups

readonly securityGroups?: string[];

The IDs of the security groups associated with the task or service. If you don't specify a security group, the default security group for the VPC is used. There's a limit of 5 security groups that can be specified per AwsVpcConfiguration .
> All specified security groups must be from the same VPC.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskset-awsvpcconfiguration.html#cfn-ecs-taskset-awsvpcconfiguration-securitygroups

property subnets

readonly subnets: string[];

The IDs of the subnets associated with the task or service. There's a limit of 16 subnets that can be specified per AwsVpcConfiguration .
> All specified subnets must be from the same VPC.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskset-awsvpcconfiguration.html#cfn-ecs-taskset-awsvpcconfiguration-subnets

interface LoadBalancerProperty

interface LoadBalancerProperty {}

The load balancer configuration to use with a service or task set.
When you add, update, or remove a load balancer configuration, Amazon ECS starts a new deployment with the updated Elastic Load Balancing configuration. This causes tasks to register to and deregister from load balancers.
We recommend that you verify this on a test environment before you update the Elastic Load Balancing configuration.
A service-linked role is required for services that use multiple target groups. For more information, see [Using service-linked roles](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using-service-linked-roles.html) in the *Amazon Elastic Container Service Developer Guide* .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskset-loadbalancer.html

property containerName

readonly containerName?: string;

The name of the container (as it appears in a container definition) to associate with the load balancer.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskset-loadbalancer.html#cfn-ecs-taskset-loadbalancer-containername

property containerPort

readonly containerPort?: number;

The port on the container to associate with the load balancer. This port must correspond to a containerPort in the task definition the tasks in the service are using. For tasks that use the EC2 launch type, the container instance they're launched on must allow ingress traffic on the hostPort of the port mapping.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskset-loadbalancer.html#cfn-ecs-taskset-loadbalancer-containerport

property loadBalancerName

readonly loadBalancerName?: string;

The name of the load balancer to associate with the Amazon ECS service or task set.
A load balancer name is only specified when using a Classic Load Balancer. If you are using an Application Load Balancer or a Network Load Balancer the load balancer name parameter should be omitted.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskset-loadbalancer.html#cfn-ecs-taskset-loadbalancer-loadbalancername

property targetGroupArn

readonly targetGroupArn?: string;

The full Amazon Resource Name (ARN) of the Elastic Load Balancing target group or groups associated with a service or task set.
A target group ARN is only specified when using an Application Load Balancer or Network Load Balancer. If you're using a Classic Load Balancer, omit the target group ARN.
For services using the ECS deployment controller, you can specify one or multiple target groups. For more information, see [Registering multiple target groups with a service](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/register-multiple-targetgroups.html) in the *Amazon Elastic Container Service Developer Guide* .
For services using the CODE_DEPLOY deployment controller, you're required to define two target groups for the load balancer. For more information, see [Blue/green deployment with CodeDeploy](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-bluegreen.html) in the *Amazon Elastic Container Service Developer Guide* .
> If your service's task definition uses the awsvpc network mode, you must choose ip as the target type, not instance . Do this when creating your target groups because tasks that use the awsvpc network mode are associated with an elastic network interface, not an Amazon EC2 instance. This network mode is required for the Fargate launch type.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskset-loadbalancer.html#cfn-ecs-taskset-loadbalancer-targetgrouparn

interface NetworkConfigurationProperty

interface NetworkConfigurationProperty {}

The network configuration for a task or service.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskset-networkconfiguration.html

property awsVpcConfiguration

readonly awsVpcConfiguration?:
    | CfnTaskSet.AwsVpcConfigurationProperty
    | cdk.IResolvable;

The VPC subnets and security groups that are associated with a task.
> All specified subnets and security groups must be from the same VPC.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskset-networkconfiguration.html#cfn-ecs-taskset-networkconfiguration-awsvpcconfiguration

interface ScaleProperty

interface ScaleProperty {}

A floating-point percentage of the desired number of tasks to place and keep running in the task set.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskset-scale.html

property unit

readonly unit?: string;

The unit of measure for the scale value.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskset-scale.html#cfn-ecs-taskset-scale-unit

property value

readonly value?: number;

The value, specified as a percent total of a service's desiredCount , to scale the task set. Accepted values are numbers between 0 and 100.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskset-scale.html#cfn-ecs-taskset-scale-value

interface ServiceRegistryProperty

interface ServiceRegistryProperty {}

The details for the service registry.
Each service may be associated with one service registry. Multiple service registries for each service are not supported.
When you add, update, or remove the service registries configuration, Amazon ECS starts a new deployment. New tasks are registered and deregistered to the updated service registry configuration.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskset-serviceregistry.html

property containerName

readonly containerName?: string;

The container name value to be used for your service discovery service. It's already specified in the task definition. If the task definition that your service task specifies uses the bridge or host network mode, you must specify a containerName and containerPort combination from the task definition. If the task definition that your service task specifies uses the awsvpc network mode and a type SRV DNS record is used, you must specify either a containerName and containerPort combination or a port value. However, you can't specify both.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskset-serviceregistry.html#cfn-ecs-taskset-serviceregistry-containername

property containerPort

readonly containerPort?: number;

The port value to be used for your service discovery service. It's already specified in the task definition. If the task definition your service task specifies uses the bridge or host network mode, you must specify a containerName and containerPort combination from the task definition. If the task definition your service task specifies uses the awsvpc network mode and a type SRV DNS record is used, you must specify either a containerName and containerPort combination or a port value. However, you can't specify both.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskset-serviceregistry.html#cfn-ecs-taskset-serviceregistry-containerport

property port

readonly port?: number;

The port value used if your service discovery service specified an SRV record. This field might be used if both the awsvpc network mode and SRV records are used.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskset-serviceregistry.html#cfn-ecs-taskset-serviceregistry-port

property registryArn

readonly registryArn?: string;

The Amazon Resource Name (ARN) of the service registry. The currently supported service registry is AWS Cloud Map . For more information, see [CreateService](https://docs.aws.amazon.com/cloud-map/latest/api/API_CreateService.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskset-serviceregistry.html#cfn-ecs-taskset-serviceregistry-registryarn

Package Files (39)

Dev Dependencies (12)

Badge

To add a badge like this oneto your package's README, use the codes available below.

You may also use Shields.io to create a custom badge linking to https://www.jsdocs.io/package/@aws-cdk/aws-ecs.

Markdown

[![jsDocs.io](https://img.shields.io/badge/jsDocs.io-reference-blue)](https://www.jsdocs.io/package/@aws-cdk/aws-ecs)

HTML

<a href="https://www.jsdocs.io/package/@aws-cdk/aws-ecs"><img src="https://img.shields.io/badge/jsDocs.io-reference-blue" alt="jsDocs.io"></a>

Updated 9 months ago.
Package analyzed in 11910 ms.
Missing or incorrect documentation? Open an issue for this package.

@aws-cdk/aws-ecs

Install

Overview

Index

Functions

Classes

Interfaces

Enums

Namespaces

Functions

function isEc2Compatible

function isExternalCompatible

function isFargateCompatible

function obtainDefaultFluentBitECRImage

Classes

class AppMeshProxyConfiguration

method bind

class AsgCapacityProvider

property autoScalingGroup

property canContainersAccessInstanceRole

property capacityProviderName

property enableManagedTerminationProtection

property machineImageType

class AssetEnvironmentFile

Parameter path

Parameter options

property path

method bind

class AssetImage

Parameter directory

method bind

class AwsLogDriver

Parameter props

property logGroup

method bind

class BaseService

property cloudmapService

property cloudMapService

property cluster

property connections

property loadBalancers

property networkConfiguration

property serviceArn

property serviceName

property serviceRegistries

property taskDefinition

method associateCloudMapService

method attachToApplicationTargetGroup

method attachToClassicLB

method attachToNetworkTargetGroup

method autoScaleTaskCount

method configureAwsVpcNetworking

Deprecated

method configureAwsVpcNetworkingWithSecurityGroups

method enableCloudMap

Returns

method fromServiceArnWithCluster

See Also

method loadBalancerTarget

Example 1

method metric

method metricCpuUtilization

method metricMemoryUtilization

method registerLoadBalancerTargets

Example 1

class BottleRocketImage

method getImage

class BuiltInAttributes

property AMI_ID

property AVAILABILITY_ZONE

property INSTANCE_ID

property INSTANCE_TYPE

property OS_TYPE

class CfnCapacityProvider

Parameter scope

Parameter id

Parameter props

property autoScalingGroupProvider

property CFN_RESOURCE_TYPE_NAME

property cfnProperties