tessl/golang-github-com-pulumi-pulumi-aws-sdk-v7
A Pulumi provider SDK for creating and managing Amazon Web Services (AWS) cloud resources in Go, providing strongly-typed resource classes and data sources for all major AWS services.
ecs.mddocs/reference/compute/
ECS Package
Package ecs provides resources and data sources for Amazon ECS (Elastic Container Service).
Import
import "github.com/pulumi/pulumi-aws/sdk/v7/go/aws/ecs"Resource Constructors
func NewCluster(ctx *pulumi.Context, name string, args *ClusterArgs, opts ...pulumi.ResourceOption) (*Cluster, error)
func NewClusterCapacityProviders(ctx *pulumi.Context, name string, args *ClusterCapacityProvidersArgs, opts ...pulumi.ResourceOption) (*ClusterCapacityProviders, error)
func NewCapacityProvider(ctx *pulumi.Context, name string, args *CapacityProviderArgs, opts ...pulumi.ResourceOption) (*CapacityProvider, error)
func NewTaskDefinition(ctx *pulumi.Context, name string, args *TaskDefinitionArgs, opts ...pulumi.ResourceOption) (*TaskDefinition, error)
func NewService(ctx *pulumi.Context, name string, args *ServiceArgs, opts ...pulumi.ResourceOption) (*Service, error)
func NewTaskSet(ctx *pulumi.Context, name string, args *TaskSetArgs, opts ...pulumi.ResourceOption) (*TaskSet, error)
func NewAccountSettingDefault(ctx *pulumi.Context, name string, args *AccountSettingDefaultArgs, opts ...pulumi.ResourceOption) (*AccountSettingDefault, error)
func NewExpressGatewayService(ctx *pulumi.Context, name string, args *ExpressGatewayServiceArgs, opts ...pulumi.ResourceOption) (*ExpressGatewayService, error)
func NewTag(ctx *pulumi.Context, name string, args *TagArgs, opts ...pulumi.ResourceOption) (*Tag, error)Data Sources
func LookupTaskDefinition(ctx *pulumi.Context, args *LookupTaskDefinitionArgs, opts ...pulumi.InvokeOption) (*LookupTaskDefinitionResult, error)
func GetCluster(ctx *pulumi.Context, args *GetClusterArgs, opts ...pulumi.InvokeOption) (*GetClusterResult, error)
func GetClusters(ctx *pulumi.Context, args *GetClustersArgs, opts ...pulumi.InvokeOption) (*GetClustersResult, error)
func GetCapacityProvider(ctx *pulumi.Context, args *GetCapacityProviderArgs, opts ...pulumi.InvokeOption) (*GetCapacityProviderResult, error)
func GetClusterCapacityProviders(ctx *pulumi.Context, args *GetClusterCapacityProvidersArgs, opts ...pulumi.InvokeOption) (*GetClusterCapacityProvidersResult, error)
func GetContainerDefinition(ctx *pulumi.Context, args *GetContainerDefinitionArgs, opts ...pulumi.InvokeOption) (*GetContainerDefinitionResult, error)
func GetService(ctx *pulumi.Context, args *GetServiceArgs, opts ...pulumi.InvokeOption) (*GetServiceResult, error)
func GetTaskDefinition(ctx *pulumi.Context, args *GetTaskDefinitionArgs, opts ...pulumi.InvokeOption) (*GetTaskDefinitionResult, error)
func GetTaskExecution(ctx *pulumi.Context, args *GetTaskExecutionArgs, opts ...pulumi.InvokeOption) (*GetTaskExecutionResult, error)
func GetTaskSet(ctx *pulumi.Context, args *GetTaskSetArgs, opts ...pulumi.InvokeOption) (*GetTaskSetResult, error)
func GetAccountSettingDefault(ctx *pulumi.Context, args *GetAccountSettingDefaultArgs, opts ...pulumi.InvokeOption) (*GetAccountSettingDefaultResult, error)Cluster
Cluster
type Cluster struct {
pulumi.CustomResourceState
// ARN that identifies the cluster.
Arn pulumi.StringOutput `pulumi:"arn"`
// Execute command configuration for the cluster.
Configuration ClusterConfigurationPtrOutput `pulumi:"configuration"`
// Cluster name. Up to 255 letters, numbers, hyphens, and underscores.
Name pulumi.StringOutput `pulumi:"name"`
Region pulumi.StringOutput `pulumi:"region"`
// Default Service Connect namespace.
ServiceConnectDefaults ClusterServiceConnectDefaultsPtrOutput `pulumi:"serviceConnectDefaults"`
// Cluster settings (e.g., containerInsights enabled/disabled).
Settings ClusterSettingArrayOutput `pulumi:"settings"`
Tags pulumi.StringMapOutput `pulumi:"tags"`
TagsAll pulumi.StringMapOutput `pulumi:"tagsAll"`
}ClusterArgs
type ClusterArgs struct {
Configuration ClusterConfigurationPtrInput
Name pulumi.StringPtrInput
Region pulumi.StringPtrInput
ServiceConnectDefaults ClusterServiceConnectDefaultsPtrInput
// Configuration blocks with cluster settings.
// Use to enable CloudWatch Container Insights:
// Settings: ecs.ClusterSettingArray{
// &ecs.ClusterSettingArgs{Name: pulumi.String("containerInsights"), Value: pulumi.String("enabled")},
// }
Settings ClusterSettingArrayInput
Tags pulumi.StringMapInput
}Usage Example
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/ecs"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cluster, err := ecs.NewCluster(ctx, "main", &ecs.ClusterArgs{
Name: pulumi.String("production"),
Settings: ecs.ClusterSettingArray{
&ecs.ClusterSettingArgs{
Name: pulumi.String("containerInsights"),
Value: pulumi.String("enabled"),
},
},
Tags: pulumi.StringMap{
"Environment": pulumi.String("production"),
},
})
if err != nil {
return err
}
ctx.Export("clusterArn", cluster.Arn)
return nil
})
}Task Definition
TaskDefinition
type TaskDefinition struct {
pulumi.CustomResourceState
// Full ARN of the Task Definition (family:revision).
Arn pulumi.StringOutput `pulumi:"arn"`
// ARN with the trailing revision removed. Useful when always wanting the latest.
ArnWithoutRevision pulumi.StringOutput `pulumi:"arnWithoutRevision"`
// Valid JSON document of container definitions. See ECS Container Definition documentation.
ContainerDefinitions pulumi.StringOutput `pulumi:"containerDefinitions"`
// Number of CPU units. Required for FARGATE compatibility.
Cpu pulumi.StringPtrOutput `pulumi:"cpu"`
EnableFaultInjection pulumi.BoolOutput `pulumi:"enableFaultInjection"`
EphemeralStorage TaskDefinitionEphemeralStoragePtrOutput `pulumi:"ephemeralStorage"`
// Task execution role ARN (used by the ECS container agent and Docker daemon).
ExecutionRoleArn pulumi.StringPtrOutput `pulumi:"executionRoleArn"`
// Unique name for the task definition family.
Family pulumi.StringOutput `pulumi:"family"`
// IPC resource namespace. Valid: host, task, none.
IpcMode pulumi.StringPtrOutput `pulumi:"ipcMode"`
// Amount of memory in MiB. Required for FARGATE compatibility.
Memory pulumi.StringPtrOutput `pulumi:"memory"`
// Docker networking mode. Valid: awsvpc, bridge, host, none.
NetworkMode pulumi.StringOutput `pulumi:"networkMode"`
PidMode pulumi.StringPtrOutput `pulumi:"pidMode"`
PlacementConstraints TaskDefinitionPlacementConstraintArrayOutput `pulumi:"placementConstraints"`
ProxyConfiguration TaskDefinitionProxyConfigurationPtrOutput `pulumi:"proxyConfiguration"`
Region pulumi.StringOutput `pulumi:"region"`
// Launch types required. Valid: EC2, EXTERNAL, FARGATE, MANAGED_INSTANCES.
RequiresCompatibilities pulumi.StringArrayOutput `pulumi:"requiresCompatibilities"`
// Task revision number in the family.
Revision pulumi.IntOutput `pulumi:"revision"`
RuntimePlatform TaskDefinitionRuntimePlatformPtrOutput `pulumi:"runtimePlatform"`
// Retain old revision when resource is destroyed. Default: false.
SkipDestroy pulumi.BoolPtrOutput `pulumi:"skipDestroy"`
Tags pulumi.StringMapOutput `pulumi:"tags"`
TagsAll pulumi.StringMapOutput `pulumi:"tagsAll"`
// IAM role ARN allowing the task to make calls to other AWS services.
TaskRoleArn pulumi.StringPtrOutput `pulumi:"taskRoleArn"`
// Track latest ACTIVE task definition on AWS, not just the one stored in state. Default: false.
TrackLatest pulumi.BoolPtrOutput `pulumi:"trackLatest"`
Volumes TaskDefinitionVolumeArrayOutput `pulumi:"volumes"`
}Usage Example
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/ecs"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
containerDefs, _ := json.Marshal([]map[string]interface{}{
{
"name": "app",
"image": "nginx:latest",
"cpu": 256,
"memory": 512,
"essential": true,
"portMappings": []map[string]interface{}{
{
"containerPort": 80,
"hostPort": 80,
"protocol": "tcp",
},
},
"logConfiguration": map[string]interface{}{
"logDriver": "awslogs",
"options": map[string]string{
"awslogs-group": "/ecs/app",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "ecs",
},
},
},
})
td, err := ecs.NewTaskDefinition(ctx, "app", &ecs.TaskDefinitionArgs{
Family: pulumi.String("app"),
Cpu: pulumi.String("256"),
Memory: pulumi.String("512"),
NetworkMode: pulumi.String("awsvpc"),
RequiresCompatibilities: pulumi.StringArray{pulumi.String("FARGATE")},
ExecutionRoleArn: pulumi.String("arn:aws:iam::123456789012:role/ecsTaskExecutionRole"),
ContainerDefinitions: pulumi.String(string(containerDefs)),
RuntimePlatform: &ecs.TaskDefinitionRuntimePlatformArgs{
OperatingSystemFamily: pulumi.String("LINUX"),
CpuArchitecture: pulumi.String("X86_64"),
},
})
if err != nil {
return err
}
ctx.Export("taskDefinitionArn", td.Arn)
return nil
})
}Service
Service
type Service struct {
pulumi.CustomResourceState
Alarms ServiceAlarmsPtrOutput `pulumi:"alarms"`
Arn pulumi.StringOutput `pulumi:"arn"`
// ECS automatic AZ rebalancing. Valid: ENABLED, DISABLED.
AvailabilityZoneRebalancing pulumi.StringOutput `pulumi:"availabilityZoneRebalancing"`
// Capacity provider strategies. Updating requires forceNewDeployment=true. Conflicts with LaunchType.
CapacityProviderStrategies ServiceCapacityProviderStrategyArrayOutput `pulumi:"capacityProviderStrategies"`
// ARN of the ECS cluster.
Cluster pulumi.StringOutput `pulumi:"cluster"`
DeploymentCircuitBreaker ServiceDeploymentCircuitBreakerPtrOutput `pulumi:"deploymentCircuitBreaker"`
DeploymentConfiguration ServiceDeploymentConfigurationOutput `pulumi:"deploymentConfiguration"`
DeploymentController ServiceDeploymentControllerPtrOutput `pulumi:"deploymentController"`
// Max running tasks percentage during deployment (not valid for DAEMON strategy).
DeploymentMaximumPercent pulumi.IntPtrOutput `pulumi:"deploymentMaximumPercent"`
// Min healthy running tasks percentage during deployment.
DeploymentMinimumHealthyPercent pulumi.IntPtrOutput `pulumi:"deploymentMinimumHealthyPercent"`
// Number of task instances to run. Default 0. Not used with DAEMON scheduling.
DesiredCount pulumi.IntPtrOutput `pulumi:"desiredCount"`
EnableEcsManagedTags pulumi.BoolPtrOutput `pulumi:"enableEcsManagedTags"`
// Enable ECS Exec for tasks within this service.
EnableExecuteCommand pulumi.BoolPtrOutput `pulumi:"enableExecuteCommand"`
// Delete service even if not scaled down to zero. Only for REPLICA strategy.
ForceDelete pulumi.BoolPtrOutput `pulumi:"forceDelete"`
// Force a new task deployment. Also configure Triggers when using this.
ForceNewDeployment pulumi.BoolPtrOutput `pulumi:"forceNewDeployment"`
HealthCheckGracePeriodSeconds pulumi.IntPtrOutput `pulumi:"healthCheckGracePeriodSeconds"`
IamRole pulumi.StringOutput `pulumi:"iamRole"`
// EC2, FARGATE, or EXTERNAL. Default: EC2. Conflicts with CapacityProviderStrategies.
LaunchType pulumi.StringOutput `pulumi:"launchType"`
LoadBalancers ServiceLoadBalancerArrayOutput `pulumi:"loadBalancers"`
// Service name. Up to 255 letters, numbers, hyphens, and underscores.
Name pulumi.StringOutput `pulumi:"name"`
// Required for awsvpc network mode tasks.
NetworkConfiguration ServiceNetworkConfigurationPtrOutput `pulumi:"networkConfiguration"`
// Ordered placement strategy. Max 5 blocks.
OrderedPlacementStrategies ServiceOrderedPlacementStrategyArrayOutput `pulumi:"orderedPlacementStrategies"`
// Placement constraints. Max 10.
PlacementConstraints ServicePlacementConstraintArrayOutput `pulumi:"placementConstraints"`
// Platform version for Fargate. Default: LATEST.
PlatformVersion pulumi.StringOutput `pulumi:"platformVersion"`
PropagateTags pulumi.StringPtrOutput `pulumi:"propagateTags"`
Region pulumi.StringOutput `pulumi:"region"`
// REPLICA or DAEMON. Default: REPLICA.
SchedulingStrategy pulumi.StringPtrOutput `pulumi:"schedulingStrategy"`
ServiceConnectConfiguration ServiceServiceConnectConfigurationPtrOutput `pulumi:"serviceConnectConfiguration"`
ServiceRegistries ServiceServiceRegistriesPtrOutput `pulumi:"serviceRegistries"`
SigintRollback pulumi.BoolPtrOutput `pulumi:"sigintRollback"`
Tags pulumi.StringMapOutput `pulumi:"tags"`
TagsAll pulumi.StringMapOutput `pulumi:"tagsAll"`
// Family and revision (family:revision) or full ARN of the task definition.
TaskDefinition pulumi.StringPtrOutput `pulumi:"taskDefinition"`
// Triggers a redeployment when changed. Use with forceNewDeployment=true.
Triggers pulumi.StringMapOutput `pulumi:"triggers"`
VolumeConfiguration ServiceVolumeConfigurationPtrOutput `pulumi:"volumeConfiguration"`
VpcLatticeConfigurations ServiceVpcLatticeConfigurationArrayOutput `pulumi:"vpcLatticeConfigurations"`
}Usage Example
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/ecs"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
svc, err := ecs.NewService(ctx, "app-service", &ecs.ServiceArgs{
Name: pulumi.String("app-service"),
Cluster: pulumi.String("arn:aws:ecs:us-east-1:123456789012:cluster/production"),
TaskDefinition: pulumi.String("app:5"),
DesiredCount: pulumi.Int(3),
LaunchType: pulumi.String("FARGATE"),
NetworkConfiguration: &ecs.ServiceNetworkConfigurationArgs{
Subnets: pulumi.StringArray{
pulumi.String("subnet-0a1b2c3d4e5f6EXAM"),
pulumi.String("subnet-0b2c3d4e5f6a7EXAM"),
},
SecurityGroups: pulumi.StringArray{
pulumi.String("sg-0a1b2c3d4e5f6EXAM"),
},
AssignPublicIp: pulumi.Bool(false),
},
DeploymentCircuitBreaker: &ecs.ServiceDeploymentCircuitBreakerArgs{
Enable: pulumi.Bool(true),
Rollback: pulumi.Bool(true),
},
DeploymentConfiguration: &ecs.ServiceDeploymentConfigurationArgs{
MaximumPercent: pulumi.Int(200),
MinimumHealthyPercent: pulumi.Int(100),
},
LoadBalancers: ecs.ServiceLoadBalancerArray{
&ecs.ServiceLoadBalancerArgs{
TargetGroupArn: pulumi.String("arn:aws:elasticloadbalancing:us-east-1:123456789012:targetgroup/app/abcdefgh"),
ContainerName: pulumi.String("app"),
ContainerPort: pulumi.Int(80),
},
},
Tags: pulumi.StringMap{
"Environment": pulumi.String("production"),
},
})
if err != nil {
return err
}
ctx.Export("serviceArn", svc.Arn)
return nil
})
}Capacity Provider
CapacityProvider
type CapacityProvider struct {
pulumi.CustomResourceState
// ARN that identifies the capacity provider.
Arn pulumi.StringOutput `pulumi:"arn"`
// Configuration for Auto Scaling Group provider. Exactly one of AutoScalingGroupProvider
// or ManagedInstancesProvider must be specified.
AutoScalingGroupProvider CapacityProviderAutoScalingGroupProviderPtrOutput `pulumi:"autoScalingGroupProvider"`
// ECS cluster name. Required when using ManagedInstancesProvider. Must not be set
// when using AutoScalingGroupProvider.
Cluster pulumi.StringPtrOutput `pulumi:"cluster"`
// Configuration for the managed instances provider. Exactly one of AutoScalingGroupProvider
// or ManagedInstancesProvider must be specified.
ManagedInstancesProvider CapacityProviderManagedInstancesProviderPtrOutput `pulumi:"managedInstancesProvider"`
Name pulumi.StringOutput `pulumi:"name"`
Region pulumi.StringOutput `pulumi:"region"`
Tags pulumi.StringMapOutput `pulumi:"tags"`
TagsAll pulumi.StringMapOutput `pulumi:"tagsAll"`
}Note: Associating an ECS Capacity Provider to an Auto Scaling Group automatically adds the
AmazonECSManagedtag to that ASG. Include this tag in yourautoscaling.Groupresource configuration to prevent the provider from removing it.
Usage Example
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/autoscaling"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/ecs"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Auto Scaling Group (must have AmazonECSManaged tag)
asg, err := autoscaling.NewGroup(ctx, "ecs-asg", &autoscaling.GroupArgs{
MaxSize: pulumi.Int(10),
MinSize: pulumi.Int(0),
DesiredCapacity: pulumi.Int(2),
LaunchTemplate: &autoscaling.GroupLaunchTemplateArgs{
Id: pulumi.String("lt-0a1b2c3d4e5f6EXAM"),
Version: pulumi.String("$Latest"),
},
Tags: autoscaling.GroupTagArray{
&autoscaling.GroupTagArgs{
Key: pulumi.String("AmazonECSManaged"),
Value: pulumi.String("true"),
PropagateAtLaunch: pulumi.Bool(true),
},
},
})
if err != nil {
return err
}
// ECS Capacity Provider
cp, err := ecs.NewCapacityProvider(ctx, "cp", &ecs.CapacityProviderArgs{
Name: pulumi.String("my-capacity-provider"),
AutoScalingGroupProvider: &ecs.CapacityProviderAutoScalingGroupProviderArgs{
AutoScalingGroupArn: asg.Arn,
ManagedScaling: &ecs.CapacityProviderAutoScalingGroupProviderManagedScalingArgs{
MaximumScalingStepSize: pulumi.Int(1000),
MinimumScalingStepSize: pulumi.Int(1),
Status: pulumi.String("ENABLED"),
TargetCapacity: pulumi.Int(10),
},
ManagedTerminationProtection: pulumi.String("ENABLED"),
},
})
if err != nil {
return err
}
// Attach capacity provider to cluster
cluster, err := ecs.NewCluster(ctx, "main", &ecs.ClusterArgs{
Name: pulumi.String("production"),
})
if err != nil {
return err
}
_, err = ecs.NewClusterCapacityProviders(ctx, "main-cap", &ecs.ClusterCapacityProvidersArgs{
ClusterName: cluster.Name,
CapacityProviders: pulumi.StringArray{
cp.Name,
},
DefaultCapacityProviderStrategies: ecs.ClusterCapacityProvidersDefaultCapacityProviderStrategyArray{
&ecs.ClusterCapacityProvidersDefaultCapacityProviderStrategyArgs{
Base: pulumi.Int(1),
Weight: pulumi.Int(100),
CapacityProvider: cp.Name,
},
},
})
return err
})
}Data Sources
LookupTaskDefinition
func LookupTaskDefinition(ctx *pulumi.Context, args *LookupTaskDefinitionArgs, opts ...pulumi.InvokeOption) (*LookupTaskDefinitionResult, error)
type LookupTaskDefinitionArgs struct {
Region *string `pulumi:"region"`
// Family for latest ACTIVE revision, family:revision for a specific revision,
// or full task definition ARN.
TaskDefinition string `pulumi:"taskDefinition"`
}Usage Example
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/ecs"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Look up the latest revision of a task definition family
td, err := ecs.LookupTaskDefinition(ctx, &ecs.LookupTaskDefinitionArgs{
TaskDefinition: "app",
}, nil)
if err != nil {
return err
}
// Use in a service
_, err = ecs.NewService(ctx, "app-service", &ecs.ServiceArgs{
Name: pulumi.String("app-service"),
Cluster: pulumi.String("arn:aws:ecs:us-east-1:123456789012:cluster/production"),
TaskDefinition: pulumi.String(td.Arn),
DesiredCount: pulumi.Int(2),
LaunchType: pulumi.String("FARGATE"),
NetworkConfiguration: &ecs.ServiceNetworkConfigurationArgs{
Subnets: pulumi.StringArray{
pulumi.String("subnet-0a1b2c3d4e5f6EXAM"),
},
AssignPublicIp: pulumi.Bool(false),
},
})
return err
})
}GetCluster
func GetCluster(ctx *pulumi.Context, args *GetClusterArgs, opts ...pulumi.InvokeOption) (*GetClusterResult, error)Retrieve information about an ECS cluster by name.
GetContainerDefinition
func GetContainerDefinition(ctx *pulumi.Context, args *GetContainerDefinitionArgs, opts ...pulumi.InvokeOption) (*GetContainerDefinitionResult, error)Retrieve information about a specific container within a task definition. Useful for getting the image digest or other attributes of an already-deployed container.
GetTaskExecution
func GetTaskExecution(ctx *pulumi.Context, args *GetTaskExecutionArgs, opts ...pulumi.InvokeOption) (*GetTaskExecutionResult, error)Run an ECS task and retrieve the results. Can be used to run one-off tasks (such as database migrations) as part of a Pulumi deployment.
Complete Fargate Service Example
package main
import (
"encoding/json"
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/cloudwatch"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/ec2"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/ecs"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// ECS Cluster
cluster, err := ecs.NewCluster(ctx, "cluster", &ecs.ClusterArgs{
Name: pulumi.String("fargate-cluster"),
Settings: ecs.ClusterSettingArray{
&ecs.ClusterSettingArgs{
Name: pulumi.String("containerInsights"),
Value: pulumi.String("enabled"),
},
},
})
if err != nil {
return err
}
// Task Execution Role
execRolePolicy, _ := json.Marshal(map[string]interface{}{
"Version": "2012-10-17",
"Statement": []map[string]interface{}{
{
"Effect": "Allow",
"Principal": map[string]string{"Service": "ecs-tasks.amazonaws.com"},
"Action": "sts:AssumeRole",
},
},
})
execRole, err := iam.NewRole(ctx, "exec-role", &iam.RoleArgs{
AssumeRolePolicy: pulumi.String(string(execRolePolicy)),
})
if err != nil {
return err
}
_, err = iam.NewRolePolicyAttachment(ctx, "exec-role-policy", &iam.RolePolicyAttachmentArgs{
Role: execRole.Name,
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"),
})
if err != nil {
return err
}
// CloudWatch Log Group
logGroup, err := cloudwatch.NewLogGroup(ctx, "app-logs", &cloudwatch.LogGroupArgs{
Name: pulumi.String("/ecs/app"),
RetentionInDays: pulumi.Int(7),
})
if err != nil {
return err
}
// Task Definition
containerDefs := logGroup.Name.ApplyT(func(lgName string) (string, error) {
defs, err := json.Marshal([]map[string]interface{}{
{
"name": "app",
"image": "nginx:latest",
"cpu": 256,
"memory": 512,
"essential": true,
"portMappings": []map[string]interface{}{
{"containerPort": 80, "protocol": "tcp"},
},
"logConfiguration": map[string]interface{}{
"logDriver": "awslogs",
"options": map[string]string{
"awslogs-group": fmt.Sprintf("/ecs/app"),
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "ecs",
},
},
},
})
return string(defs), err
}).(pulumi.StringOutput)
td, err := ecs.NewTaskDefinition(ctx, "app-td", &ecs.TaskDefinitionArgs{
Family: pulumi.String("app"),
Cpu: pulumi.String("256"),
Memory: pulumi.String("512"),
NetworkMode: pulumi.String("awsvpc"),
RequiresCompatibilities: pulumi.StringArray{pulumi.String("FARGATE")},
ExecutionRoleArn: execRole.Arn,
ContainerDefinitions: containerDefs,
})
if err != nil {
return err
}
// Security Group
sg, err := ec2.NewSecurityGroup(ctx, "app-sg", &ec2.SecurityGroupArgs{
VpcId: pulumi.String("vpc-0a1b2c3d4e5f6EXAM"),
Description: pulumi.String("ECS task security group"),
Ingress: ec2.SecurityGroupIngressArray{
&ec2.SecurityGroupIngressArgs{
Protocol: pulumi.String("tcp"),
FromPort: pulumi.Int(80),
ToPort: pulumi.Int(80),
CidrBlocks: pulumi.StringArray{pulumi.String("0.0.0.0/0")},
},
},
Egress: ec2.SecurityGroupEgressArray{
&ec2.SecurityGroupEgressArgs{
Protocol: pulumi.String("-1"),
FromPort: pulumi.Int(0),
ToPort: pulumi.Int(0),
CidrBlocks: pulumi.StringArray{pulumi.String("0.0.0.0/0")},
},
},
})
if err != nil {
return err
}
// ECS Service
svc, err := ecs.NewService(ctx, "app-svc", &ecs.ServiceArgs{
Name: pulumi.String("app-service"),
Cluster: cluster.Arn,
TaskDefinition: td.Arn,
DesiredCount: pulumi.Int(2),
LaunchType: pulumi.String("FARGATE"),
NetworkConfiguration: &ecs.ServiceNetworkConfigurationArgs{
Subnets: pulumi.StringArray{
pulumi.String("subnet-0a1b2c3d4e5f6EXAM"),
},
SecurityGroups: pulumi.StringArray{sg.ID()},
AssignPublicIp: pulumi.Bool(false),
},
DeploymentCircuitBreaker: &ecs.ServiceDeploymentCircuitBreakerArgs{
Enable: pulumi.Bool(true),
Rollback: pulumi.Bool(true),
},
})
if err != nil {
return err
}
ctx.Export("clusterArn", cluster.Arn)
ctx.Export("serviceArn", svc.Arn)
ctx.Export("taskDefinitionArn", td.Arn)
return nil
})
}Install with Tessl CLI
npx tessl i tessl/golang-github-com-pulumi-pulumi-aws-sdk-v7docs