Try Spotterregister a task definition in ecs
| "added in version" 1.0.0 of community.aws"
Authors: Mark Chance (@Java1Guy), Alina Buzachis (@alinabuzachis)
Install with ansible-galaxy collection install community.aws:==5.1.0
collections:
- name: community.aws
version: 5.1.0Registers or deregisters task definitions in the Amazon Web Services (AWS) EC2 Container Service (ECS).
- name: Create task definition
community.aws.ecs_taskdefinition:
containers:
- name: simple-app
cpu: 10
essential: true
image: "httpd:2.4"
memory: 300
mountPoints:
- containerPath: /usr/local/apache2/htdocs
sourceVolume: my-vol
portMappings:
- containerPort: 80
hostPort: 80
logConfiguration:
logDriver: awslogs
options:
awslogs-group: /ecs/test-cluster-taskdef
awslogs-region: us-west-2
awslogs-stream-prefix: ecs
- name: busybox
command:
- >
/bin/sh -c "while true; do echo '<html><head><title>Amazon ECS Sample App</title></head><body><div><h1>Amazon ECS Sample App</h1><h2>Congratulations!
</h2><p>Your application is now running on a container in Amazon ECS.</p>' > top; /bin/date > date ; echo '</div></body></html>' > bottom;
cat top date bottom > /usr/local/apache2/htdocs/index.html ; sleep 1; done"
cpu: 10
entryPoint:
- sh
- "-c"
essential: false
image: busybox
memory: 200
volumesFrom:
- sourceContainer: simple-app
volumes:
- name: my-vol
family: test-cluster-taskdef
state: present
register: task_output
- name: Create task definition
community.aws.ecs_taskdefinition:
family: nginx
containers:
- name: nginx
essential: true
image: "nginx"
portMappings:
- containerPort: 8080
hostPort: 8080
cpu: 512
memory: 1024
state: present
- name: Create task definition
community.aws.ecs_taskdefinition:
family: nginx
containers:
- name: nginx
essential: true
image: "nginx"
portMappings:
- containerPort: 8080
hostPort: 8080
launch_type: FARGATE
cpu: 512
memory: 1024
state: present
network_mode: awsvpc
- name: Create task definition
community.aws.ecs_taskdefinition:
family: nginx
containers:
- name: nginx
essential: true
image: "nginx"
portMappings:
- containerPort: 8080
hostPort: 8080
cpu: 512
memory: 1024
dependsOn:
- containerName: "simple-app"
condition: "start"
# Create Task Definition with Environment Variables and Secrets
- name: Create task definition
community.aws.ecs_taskdefinition:
family: nginx
containers:
- name: nginx
essential: true
image: "nginx"
environment:
- name: "PORT"
value: "8080"
secrets:
# For variables stored in Secrets Manager
- name: "NGINX_HOST"
valueFrom: "arn:aws:secretsmanager:us-west-2:123456789012:secret:nginx/NGINX_HOST"
# For variables stored in Parameter Store
- name: "API_KEY"
valueFrom: "arn:aws:ssm:us-west-2:123456789012:parameter/nginx/API_KEY"
launch_type: FARGATE
cpu: 512
memory: 1GB
state: present
network_mode: awsvpc
# Create Task Definition with health check
- name: Create task definition
community.aws.ecs_taskdefinition:
family: nginx
containers:
- name: nginx
essential: true
image: "nginx"
portMappings:
- containerPort: 8080
hostPort: 8080
cpu: 512
memory: 1024
healthCheck:
command:
- CMD-SHELL
- /app/healthcheck.py
interval: 60
retries: 3
startPeriod: 15
timeout: 15
state: present
arn:
description:
- The ARN of the task description to delete.
required: false
type: str
cpu:
description:
- The number of cpu units used by the task. If I(launch_type=EC2), this field is optional
and any value can be used.
- If I(launch_type=FARGATE), this field is required and you must use one of C(256),
C(512), C(1024), C(2048), C(4096).
required: false
type: str
state:
choices:
- present
- absent
description:
- State whether the task definition should exist or be deleted.
required: true
type: str
family:
description:
- A Name that would be given to the task definition.
required: false
type: str
memory:
description:
- The amount (in MiB) of memory used by the task. If I(launch_type=EC2), this field
is optional and any value can be used.
- If I(launch_type=FARGATE), this field is required and is limited by the CPU.
required: false
type: str
region:
aliases:
- aws_region
- ec2_region
description:
- The AWS region to use.
- For global services such as IAM, Route53 and CloudFront, I(region) is ignored.
- The C(AWS_REGION) or C(EC2_REGION) environment variables may also be used.
- See the Amazon AWS documentation for more information U(http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region).
- The C(ec2_region) alias has been deprecated and will be removed in a release after
2024-12-01
- Support for the C(EC2_REGION) environment variable has been deprecated and will
be removed in a release after 2024-12-01.
type: str
profile:
aliases:
- aws_profile
description:
- A named AWS profile to use for authentication.
- See the AWS documentation for more information about named profiles U(https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html).
- The C(AWS_PROFILE) environment variable may also be used.
- The I(profile) option is mutually exclusive with the I(aws_access_key), I(aws_secret_key)
and I(security_token) options.
type: str
volumes:
description:
- A list of names of volumes to be attached.
elements: dict
required: false
suboptions:
name:
description: The name of the volume.
required: true
type: str
type: list
revision:
description:
- A revision number for the task definition.
required: false
type: int
access_key:
aliases:
- aws_access_key_id
- aws_access_key
- ec2_access_key
description:
- AWS access key ID.
- See the AWS documentation for more information about access tokens U(https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys).
- The C(AWS_ACCESS_KEY_ID), C(AWS_ACCESS_KEY) or C(EC2_ACCESS_KEY) environment variables
may also be used in decreasing order of preference.
- The I(aws_access_key) and I(profile) options are mutually exclusive.
- The I(aws_access_key_id) alias was added in release 5.1.0 for consistency with the
AWS botocore SDK.
- The I(ec2_access_key) alias has been deprecated and will be removed in a release
after 2024-12-01.
- Support for the C(EC2_ACCESS_KEY) environment variable has been deprecated and will
be removed in a release after 2024-12-01.
type: str
aws_config:
description:
- A dictionary to modify the botocore configuration.
- Parameters can be found in the AWS documentation U(https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config).
type: dict
containers:
description:
- A list of containers definitions.
- See U(https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ecs.html)
for a complete list of parameters.
elements: dict
required: true
suboptions:
command:
description: The command that is passed to the container. If there are multiple
arguments, each argument is a separated string in the array.
elements: str
required: false
type: list
cpu:
description: The number of cpu units reserved for the container.
required: false
type: int
dependsOn:
description:
- The dependencies defined for container startup and shutdown.
- When a dependency is defined for container startup, for container shutdown it
is reversed.
elements: dict
required: false
suboptions:
condition:
choices:
- start
- complete
- success
- healthy
description: The dependency condition of the container.
required: true
type: str
containerName:
description: The name of a container.
required: true
type: str
type: list
disableNetworking:
description: When this parameter is C(True), networking is disabled within the
container.
required: false
type: bool
dnsSearchDomains:
description:
- A list of DNS search domains that are presented to the container.
- This parameter is not supported for Windows containers.
elements: str
required: false
type: list
dnsServers:
description:
- A list of DNS servers that are presented to the container.
- This parameter is not supported for Windows containers.
elements: str
required: false
type: list
dockerLabels:
description: A key/value map of labels to add to the container.
required: false
type: dict
dockerSecurityOptions:
description:
- A list of strings to provide custom labels for SELinux and AppArmor multi-level
security systems.
- This parameter is not supported for Windows containers.
elements: str
required: false
type: list
entryPoint:
description: The entry point that is passed to the container.
required: false
type: str
environment:
description: The environment variables to pass to a container.
elements: dict
required: false
suboptions:
name:
description: The name of the key-value pair.
required: false
type: str
value:
description: The value of the key-value pair.
required: false
type: str
type: list
environmentFiles:
description: A list of files containing the environment variables to pass to a
container.
elements: dict
required: false
suboptions:
type:
description: The file type to use. The only supported value is C(s3).
required: false
type: str
value:
description: The Amazon Resource Name (ARN) of the Amazon S3 object containing
the environment variable file.
required: false
type: str
type: list
essential:
description:
- If I(essential=True), and the container fails or stops for any reason, all other
containers that are part of the task are stopped.
required: false
type: bool
extraHosts:
description:
- A list of hostnames and IP address mappings to append to the /etc/hosts file
on the container.
- This parameter is not supported for Windows containers or tasks that use I(network_mode=awsvpc).
elements: dict
required: false
suboptions:
hostname:
description: The hostname to use in the /etc/hosts entry.
required: false
type: str
ipAddress:
description: The IP address to use in the /etc/hosts entry.
required: false
type: str
type: list
healthCheck:
description: The health check command and associated configuration parameters
for the container.
required: false
suboptions:
command:
description:
- A string array representing the command that the container runs to determine
if it is healthy.
- 'The string array must start with CMD to run the command arguments directly,
or CMD-SHELL to run the command with the container''s default shell.
'
- An exit code of 0 indicates success, and non-zero exit code indicates failure.
elements: str
required: false
type: list
interval:
default: 30
description:
- The time period in seconds between each health check execution.
- You may specify between 5 and 300 seconds. The default value is 30 seconds.
required: false
type: int
retries:
default: 3
description:
- The number of times to retry a failed health check before the container
is considered unhealthy.
- You may specify between 1 and 10 retries. The default value is 3.
required: false
type: int
startPeriod:
description:
- 'The optional grace period to provide containers time to bootstrap before
failed health checks count towards the maximum number of retries.
'
- You can specify between 0 and 300 seconds. By default, the startPeriod is
disabled.
- 'Note: If a health check succeeds within the startPeriod, then the container
is considered healthy and any subsequent failures count toward the maximum
number of retries.
'
required: false
type: int
timeout:
default: 5
description:
- The time period in seconds to wait for a health check to succeed before
it is considered a failure.
- You may specify between 2 and 60 seconds. The default value is 5.
required: false
type: int
type: dict
hostname:
description:
- The hostname to use for your container.
- This parameter is not supported if I(network_mode=awsvpc).
required: false
type: str
image:
description: The image used to start a container.
required: false
type: str
interactive:
description:
- When I(interactive=True), it allows to deploy containerized applications that
require stdin or a tty to be allocated.
required: false
type: bool
links:
description:
- Allows containers to communicate with each other without the need for port mappings.
- This parameter is only supported if I(network_mode=bridge).
elements: str
required: false
type: list
linuxParameters:
description: Linux-specific modifications that are applied to the container, such
as Linux kernel capabilities.
required: false
suboptions:
capabilities:
description:
- The Linux capabilities for the container that are added to or dropped from
the default configuration provided by Docker.
required: false
suboptions:
add:
choices:
- ALL
- AUDIT_CONTROL
- AUDIT_WRITE
- BLOCK_SUSPEND
- CHOWN
- DAC_OVERRIDE
- DAC_READ_SEARCH
- FOWNER
- FSETID
- IPC_LOCK
- IPC_OWNER
- KILL
- LEASE
- LINUX_IMMUTABLE
- MAC_ADMIN
- MAC_OVERRIDE
- MKNOD
- NET_ADMIN
- NET_BIND_SERVICE
- NET_BROADCAST
- NET_RAW
- SETFCAP
- SETGID
- SETPCAP
- SETUID
- SYS_ADMIN
- SYS_BOOT
- SYS_CHROOT
- SYS_MODULE
- SYS_NICE
- SYS_PACCT
- SYS_PTRACE
- SYS_RAWIO
- SYS_RESOURCE
- SYS_TIME
- SYS_TTY_CONFIG
- SYSLOG
- WAKE_ALARM
description:
- The Linux capabilities for the container that have been added to the
default configuration provided by Docker.
- If I(launch_type=FARGATE), this parameter is not supported.
elements: str
required: false
type: list
drop:
choices:
- ALL
- AUDIT_CONTROL
- AUDIT_WRITE
- BLOCK_SUSPEND
- CHOWN
- DAC_OVERRIDE
- DAC_READ_SEARCH
- FOWNER
- FSETID
- IPC_LOCK
- IPC_OWNER
- KILL
- LEASE
- LINUX_IMMUTABLE
- MAC_ADMIN
- MAC_OVERRIDE
- MKNOD
- NET_ADMIN
- NET_BIND_SERVICE
- NET_BROADCAST
- NET_RAW
- SETFCAP
- SETGID
- SETPCAP
- SETUID
- SYS_ADMIN
- SYS_BOOT
- SYS_CHROOT
- SYS_MODULE
- SYS_NICE
- SYS_PACCT
- SYS_PTRACE
- SYS_RAWIO
- SYS_RESOURCE
- SYS_TIME
- SYS_TTY_CONFIG
- SYSLOG
- WAKE_ALARM
description:
- The Linux capabilities for the container that have been removed from
the default configuration provided by Docker.
elements: str
required: false
type: list
type: dict
devices:
description:
- Any host devices to expose to the container.
- If I(launch_type=FARGATE), this parameter is not supported.
elements: dict
required: false
suboptions:
containerPath:
description: The path inside the container at which to expose the host
device.
required: false
type: str
hostPath:
description: The path for the device on the host container instance.
required: true
type: str
permissions:
description: The explicit permissions to provide to the container for
the device.
elements: str
required: false
type: list
type: list
initProcessEnabled:
description: Run an init process inside the container that forwards signals
and reaps processes.
required: false
type: bool
maxSwap:
description:
- The total amount of swap memory (in MiB) a container can use.
- If I(launch_type=FARGATE), this parameter is not supported.
required: false
type: int
sharedMemorySize:
description:
- The value for the size (in MiB) of the /dev/shm volume.
- If I(launch_type=FARGATE), this parameter is not supported.
required: false
type: int
swappiness:
description:
- This allows you to tune a container's memory swappiness behavior.
- If I(launch_type=FARGATE), this parameter is not supported.
required: false
type: int
tmpfs:
description:
- The container path, mount options, and size (in MiB) of the tmpfs mount.
- If I(launch_type=FARGATE), this parameter is not supported.
elements: dict
required: false
suboptions:
containerPath:
description: The absolute file path where the tmpfs volume is to be mounted.
required: true
type: str
mountOptions:
choices:
- defaults
- ro
- rw
- suid
- nosuid
- dev
- nodev
- exec
- noexec
- sync
- async
- dirsync
- remount
- mand
- nomand
- atime
- noatime
- diratime
- nodiratime
- bind
- rbind
- unbindable
- runbindable
- private
- rprivate
- shared
- rshared
- slave
- rslave
- relatime
- norelatime
- strictatime
- nostrictatime
- mode
- uid
- gid
- nr_inodes
- nr_blocks
- mpol
description: The list of tmpfs volume mount options.
elements: str
required: false
type: list
size:
description: The size (in MiB) of the tmpfs volume.
required: true
type: int
type: list
type: dict
logConfiguration:
description: The log configuration specification for the container.
required: false
suboptions:
logDriver:
description:
- The log driver to use for the container.
- For tasks on AWS Fargate, the supported log drivers are C(awslogs), C(splunk),
and C(awsfirelens).
- For tasks hosted on Amazon EC2 instances, the supported log drivers are
C(awslogs), C(fluentd), C(gelf), C(json-file), C(journald), C(logentries),
C(syslog), C(splunk), and C(awsfirelens).
required: false
type: str
type: dict
memory:
description: The amount (in MiB) of memory to present to the container.
required: false
type: int
memoryReservation:
description: The soft limit (in MiB) of memory to reserve for the container.
required: false
type: int
mountPoints:
description: The mount points for data volumes in your container.
elements: dict
required: false
suboptions:
containerPath:
description: The path on the container to mount the host volume at.
required: false
type: str
readOnly:
default: false
description:
- If this value is C(True), the container has read-only access to the volume.
- If this value is C(False), then the container can write to the volume.
required: false
type: bool
sourceVolume:
description: The name of the volume to mount.
required: false
type: str
type: list
name:
description: The name of a container.
required: false
type: str
options:
description: The configuration options to send to the log driver.
required: false
type: str
portMappings:
description: The list of port mappings for the container.
elements: dict
required: false
suboptions:
containerPort:
description: The port number on the container that is bound to the user-specified
or automatically assigned host port.
required: false
type: int
hostPort:
description: The port number on the container instance to reserve for your
container.
required: false
type: int
protocol:
choices:
- tcp
- udp
default: tcp
description: The protocol used for the port mapping.
required: false
type: str
type: list
privileged:
description: When this parameter is C(True), the container is given elevated privileges
on the host container instance.
required: false
type: bool
pseudoTerminal:
description: When this parameter is C(True), a TTY is allocated.
required: false
type: bool
readonlyRootFilesystem:
description: When this parameter is C(True), the container is given read-only
access to its root file system.
required: false
type: bool
repositoryCredentials:
description: The private repository authentication credentials to use.
required: false
suboptions:
credentialsParameter:
description:
- The Amazon Resource Name (ARN) of the secret containing the private repository
credentials.
required: true
type: str
type: dict
resourceRequirements:
description:
- The type and amount of a resource to assign to a container.
- The only supported resources are C(GPU) and C(InferenceAccelerator).
elements: dict
required: false
suboptions:
type:
choices:
- GPU
- InferenceAccelerator
description: The type of resource to assign to a container.
type: str
value:
description: The value for the specified resource type.
type: str
type: list
secretOptions:
description: The secrets to pass to the log configuration.
elements: dict
required: false
suboptions:
name:
description: The name of the secret.
required: false
type: str
valueFrom:
description: The secret to expose to the container.
required: false
type: str
type: list
secrets:
description: The secrets to pass to the container.
elements: dict
required: false
suboptions:
name:
description: The value to set as the environment variable on the container.
required: true
type: str
size:
description: The secret to expose to the container.
required: true
type: str
type: list
startTimeout:
description: Time duration (in seconds) to wait before giving up on resolving
dependencies for a container.
required: false
type: int
stopTimeout:
description: Time duration (in seconds) to wait before the container is forcefully
killed if it doesn't exit normally on its own.
required: false
type: int
systemControls:
description: A list of namespaced kernel parameters to set in the container.
elements: dict
required: false
suboptions:
namespace:
description: The namespaced kernel parameter to set a C(value) for.
type: str
value:
description: The value for the namespaced kernel parameter that's specified
in C(namespace).
type: str
type: list
ulimits:
description:
- A list of ulimits to set in the container.
- This parameter is not supported for Windows containers.
elements: dict
required: false
suboptions:
hardLimit:
description: The hard limit for the ulimit type.
required: false
type: int
name:
choices:
- core
- cpu
- data
- fsize
- locks
- memlock
- msgqueue
- nice
- nofile
- nproc
- rss
- rtprio
- rttime
- sigpending
- stack
description: The type of the ulimit.
required: false
type: str
softLimit:
description: The soft limit for the ulimit type.
required: false
type: int
type: list
user:
description:
- The user to use inside the container.
- This parameter is not supported for Windows containers.
required: false
type: str
volumesFrom:
description: Data volumes to mount from another container.
elements: dict
required: false
suboptions:
readOnly:
default: false
description:
- If this value is C(True), the container has read-only access to the volume.
- If this value is C(False), then the container can write to the volume.
required: false
type: bool
sourceContainer:
description:
- The name of another container within the same task definition from which
to mount volumes.
required: false
type: str
type: list
workingDirectory:
description: The working directory in which to run commands inside the container.
required: false
type: str
type: list
secret_key:
aliases:
- aws_secret_access_key
- aws_secret_key
- ec2_secret_key
description:
- AWS secret access key.
- See the AWS documentation for more information about access tokens U(https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys).
- The C(AWS_SECRET_ACCESS_KEY), C(AWS_SECRET_KEY), or C(EC2_SECRET_KEY) environment
variables may also be used in decreasing order of preference.
- The I(secret_key) and I(profile) options are mutually exclusive.
- The I(aws_secret_access_key) alias was added in release 5.1.0 for consistency with
the AWS botocore SDK.
- The I(ec2_secret_key) alias has been deprecated and will be removed in a release
after 2024-12-01.
- Support for the C(EC2_SECRET_KEY) environment variable has been deprecated and will
be removed in a release after 2024-12-01.
type: str
launch_type:
choices:
- EC2
- FARGATE
description:
- The launch type on which to run your task.
required: false
type: str
endpoint_url:
aliases:
- ec2_url
- aws_endpoint_url
- s3_url
description:
- URL to connect to instead of the default AWS endpoints. While this can be used
to connection to other AWS-compatible services the amazon.aws and community.aws
collections are only tested against AWS.
- The C(AWS_URL) or C(EC2_URL) environment variables may also be used, in decreasing
order of preference.
- The I(ec2_url) and I(s3_url) aliases have been deprecated and will be removed in
a release after 2024-12-01.
- Support for the C(EC2_URL) environment variable has been deprecated and will be
removed in a release after 2024-12-01.
type: str
force_create:
default: false
description:
- Always create new task definition.
required: false
type: bool
network_mode:
choices:
- default
- bridge
- host
- none
- awsvpc
default: bridge
description:
- The Docker networking mode to use for the containers in the task.
- Windows containers must use I(network_mode=default), which will utilize docker NAT
networking.
- Setting I(network_mode=default) for a Linux container will use C(bridge) mode.
required: false
type: str
aws_ca_bundle:
description:
- The location of a CA Bundle to use when validating SSL certificates.
- The C(AWS_CA_BUNDLE) environment variable may also be used.
type: path
session_token:
aliases:
- aws_session_token
- security_token
- aws_security_token
- access_token
description:
- AWS STS session token for use with temporary credentials.
- See the AWS documentation for more information about access tokens U(https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys).
- The C(AWS_SESSION_TOKEN), C(AWS_SECURITY_TOKEN) or C(EC2_SECURITY_TOKEN) environment
variables may also be used in decreasing order of preference.
- The I(security_token) and I(profile) options are mutually exclusive.
- Aliases I(aws_session_token) and I(session_token) were added in release 3.2.0, with
the parameter being renamed from I(security_token) to I(session_token) in release
6.0.0.
- The I(security_token), I(aws_security_token), and I(access_token) aliases have been
deprecated and will be removed in a release after 2024-12-01.
- Support for the C(EC2_SECRET_KEY) and C(AWS_SECURITY_TOKEN) environment variables
has been deprecated and will be removed in a release after 2024-12-01.
type: str
task_role_arn:
default: ''
description:
- The Amazon Resource Name (ARN) of the IAM role that containers in this task can
assume. All containers in this task are granted the permissions that are specified
in this role.
required: false
type: str
validate_certs:
default: true
description:
- When set to C(false), SSL certificates will not be validated for communication with
the AWS APIs.
- Setting I(validate_certs=false) is strongly discouraged, as an alternative, consider
setting I(aws_ca_bundle) instead.
type: bool
execution_role_arn:
default: ''
description:
- The Amazon Resource Name (ARN) of the task execution role that the Amazon ECS container
agent and the Docker daemon can assume.
required: false
type: str
placement_constraints:
description:
- Placement constraint objects to use for the task.
- You can specify a maximum of 10 constraints per task.
- Task placement constraints are not supported for tasks run on Fargate.
elements: dict
required: false
suboptions:
expression:
description: A cluster query language expression to apply to the constraint.
type: str
type:
description: The type of constraint.
type: str
type: list
version_added: 2.1.0
version_added_collection: community.aws
debug_botocore_endpoint_logs:
default: false
description:
- Use a C(botocore.endpoint) logger to parse the unique (rather than total) C("resource:action")
API calls made during a task, outputing the set to the resource_actions key in the
task results. Use the C(aws_resource_action) callback to output to total list made
during a playbook.
- The C(ANSIBLE_DEBUG_BOTOCORE_LOGS) environment variable may also be used.
type: bool
taskdefinition: description: a reflection of the input parameters returned: always type: dict