AWS::ECS::Service
The AWS::ECS::Service resource creates an Amazon Elastic Container Service (Amazon ECS) service
that runs and maintains the requested number of tasks and associated load balancers.
Important
The stack update fails if you change any properties that require replacement and at least one Amazon
ECS Service Connect ServiceConnectService is configured. This is because
Amazon CloudFormation creates the replacement service first, but each
ServiceConnectService must have a name that is unique in the namespace.
Note
Starting April 15, 2023, Amazon; will not onboard new customers to Amazon Elastic Inference (EI), and will help current customers migrate their workloads to options that offer better price and performance. After April 15, 2023, new customers will not be able to launch instances with Amazon EI accelerators in Amazon SageMaker, Amazon ECS, or Amazon EC2. However, customers who have used Amazon EI at least once during the past 30-day period are considered current customers and will be able to continue using the service.
Syntax
To declare this entity in your Amazon CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::ECS::Service", "Properties" : { "CapacityProviderStrategy" :[ CapacityProviderStrategyItem, ... ], "Cluster" :String, "DeploymentConfiguration" :DeploymentConfiguration, "DeploymentController" :DeploymentController, "DesiredCount" :Integer, "EnableECSManagedTags" :Boolean, "EnableExecuteCommand" :Boolean, "HealthCheckGracePeriodSeconds" :Integer, "LaunchType" :String, "LoadBalancers" :[ LoadBalancer, ... ], "NetworkConfiguration" :NetworkConfiguration, "PlacementConstraints" :[ PlacementConstraint, ... ], "PlacementStrategies" :[ PlacementStrategy, ... ], "PlatformVersion" :String, "PropagateTags" :String, "Role" :String, "SchedulingStrategy" :String, "ServiceConnectConfiguration" :ServiceConnectConfiguration, "ServiceName" :String, "ServiceRegistries" :[ ServiceRegistry, ... ], "Tags" :[ Tag, ... ], "TaskDefinition" :String} }
YAML
Type: AWS::ECS::Service Properties: CapacityProviderStrategy:- CapacityProviderStrategyItemCluster:StringDeploymentConfiguration:DeploymentConfigurationDeploymentController:DeploymentControllerDesiredCount:IntegerEnableECSManagedTags:BooleanEnableExecuteCommand:BooleanHealthCheckGracePeriodSeconds:IntegerLaunchType:StringLoadBalancers:- LoadBalancerNetworkConfiguration:NetworkConfigurationPlacementConstraints:- PlacementConstraintPlacementStrategies:- PlacementStrategyPlatformVersion:StringPropagateTags:StringRole:StringSchedulingStrategy:StringServiceConnectConfiguration:ServiceConnectConfigurationServiceName:StringServiceRegistries:- ServiceRegistryTags:- TagTaskDefinition:String
Properties
CapacityProviderStrategy-
The capacity provider strategy to use for the service.
If a
capacityProviderStrategyis specified, thelaunchTypeparameter must be omitted. If nocapacityProviderStrategyorlaunchTypeis specified, thedefaultCapacityProviderStrategyfor the cluster is used.A capacity provider strategy may contain a maximum of 6 capacity providers.
Required: No
Type: List of CapacityProviderStrategyItem
Update requires: No interruption
Cluster-
The short name or full Amazon Resource Name (ARN) of the cluster that you run your service on. If you do not specify a cluster, the default cluster is assumed.
Required: No
Type: String
Update requires: Replacement
DeploymentConfiguration-
Optional deployment parameters that control how many tasks run during the deployment and the ordering of stopping and starting tasks.
Required: No
Type: DeploymentConfiguration
Update requires: No interruption
DeploymentController-
The deployment controller to use for the service. If no deployment controller is specified, the default value of
ECSis used.Required: No
Type: DeploymentController
Update requires: Replacement
DesiredCount-
The number of instantiations of the specified task definition to place and keep running in your service.
For new services, if a desired count is not specified, a default value of
1is used. When using theDAEMONscheduling strategy, the desired count is not required.For existing services, if a desired count is not specified, it is omitted from the operation.
Required: Conditional
Type: Integer
Update requires: No interruption
EnableECSManagedTags-
Specifies whether to turn on Amazon ECS managed tags for the tasks within the service. For more information, see Tagging your Amazon ECS resources in the Amazon Elastic Container Service Developer Guide.
Required: No
Type: Boolean
Update requires: No interruption
EnableExecuteCommand-
Determines whether the execute command functionality is turned on for the service. If
true, the execute command functionality is turned on for all containers in tasks as part of the service.Required: No
Type: Boolean
Update requires: No interruption
HealthCheckGracePeriodSeconds-
The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing target health checks after a task has first started. This is only used when your service is configured to use a load balancer. If your service has a load balancer defined and you don't specify a health check grace period value, the default value of
0is used.If you do not use an Elastic Load Balancing, we recommend that you use the
startPeriodin the task definition health check parameters. For more information, see Health check.If your service's tasks take a while to start and respond to Elastic Load Balancing health checks, you can specify a health check grace period of up to 2,147,483,647 seconds (about 69 years). During that time, the Amazon ECS service scheduler ignores health check status. This grace period can prevent the service scheduler from marking tasks as unhealthy and stopping them before they have time to come up.
Required: No
Type: Integer
Update requires: No interruption
LaunchType-
The launch type on which to run your service. For more information, see Amazon ECS Launch Types in the Amazon Elastic Container Service Developer Guide.
Required: No
Type: String
Allowed values:
EC2 | EXTERNAL | FARGATEUpdate requires: Replacement
LoadBalancers-
A list of load balancer objects to associate with the service. If you specify the
Roleproperty,LoadBalancersmust be specified as well. For information about the number of load balancers that you can specify per service, see Service Load Balancing in the Amazon Elastic Container Service Developer Guide.Required: No
Type: List of LoadBalancer
Update requires: No interruption
NetworkConfiguration-
The network configuration for the service. This parameter is required for task definitions that use the
awsvpcnetwork mode to receive their own elastic network interface, and it is not supported for other network modes. For more information, see Task Networking in the Amazon Elastic Container Service Developer Guide.Required: Conditional
Type: NetworkConfiguration
Update requires: No interruption
PlacementConstraints-
An array of placement constraint objects to use for tasks in your service. You can specify a maximum of 10 constraints for each task. This limit includes constraints in the task definition and those specified at runtime.
Required: No
Type: List of PlacementConstraint
Update requires: No interruption
PlacementStrategies-
The placement strategy objects to use for tasks in your service. You can specify a maximum of 5 strategy rules for each service.
Required: No
Type: List of PlacementStrategy
Update requires: No interruption
PlatformVersion-
The platform version that your tasks in the service are running on. A platform version is specified only for tasks using the Fargate launch type. If one isn't specified, the
LATESTplatform version is used. For more information, see Amazon Fargate platform versions in the Amazon Elastic Container Service Developer Guide.Required: No
Type: String
Update requires: No interruption
PropagateTags-
Specifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags aren't propagated. Tags can only be propagated to the task during task creation. To add tags to a task after task creation, use the TagResource API action.
Required: No
Type: String
Allowed values:
NONE | SERVICE | TASK_DEFINITIONUpdate requires: No interruption
Role-
The name or full Amazon Resource Name (ARN) of the IAM role that allows Amazon ECS to make calls to your load balancer on your behalf. This parameter is only permitted if you are using a load balancer with your service and your task definition doesn't use the
awsvpcnetwork mode. If you specify theroleparameter, you must also specify a load balancer object with theloadBalancersparameter.Important
If your account has already created the Amazon ECS service-linked role, that role is used for your service unless you specify a role here. The service-linked role is required if your task definition uses the
awsvpcnetwork mode or if the service is configured to use service discovery, an external deployment controller, multiple target groups, or Elastic Inference accelerators in which case you don't specify a role here. For more information, see Using service-linked roles for Amazon ECS in the Amazon Elastic Container Service Developer Guide.If your specified role has a path other than
/, then you must either specify the full role ARN (this is recommended) or prefix the role name with the path. For example, if a role with the namebarhas a path of/foo/then you would specify/foo/baras the role name. For more information, see Friendly names and paths in the IAM User Guide.Required: No
Type: String
Update requires: Replacement
SchedulingStrategy-
The scheduling strategy to use for the service. For more information, see Services.
There are two service scheduler strategies available:
-
REPLICA-The replica scheduling strategy places and maintains the desired number of tasks across your cluster. By default, the service scheduler spreads tasks across Availability Zones. You can use task placement strategies and constraints to customize task placement decisions. This scheduler strategy is required if the service uses theCODE_DEPLOYorEXTERNALdeployment controller types. -
DAEMON-The daemon scheduling strategy deploys exactly one task on each active container instance that meets all of the task placement constraints that you specify in your cluster. The service scheduler also evaluates the task placement constraints for running tasks and will stop tasks that don't meet the placement constraints. When you're using this strategy, you don't need to specify a desired number of tasks, a task placement strategy, or use Service Auto Scaling policies.Note
Tasks using the Fargate launch type or the
CODE_DEPLOYorEXTERNALdeployment controller types don't support theDAEMONscheduling strategy.
Required: No
Type: String
Allowed values:
DAEMON | REPLICAUpdate requires: Replacement
-
ServiceConnectConfiguration-
The configuration for this service to discover and connect to services, and be discovered by, and connected from, other services within a namespace.
Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see Service Connect in the Amazon Elastic Container Service Developer Guide.
Required: No
Type: ServiceConnectConfiguration
Update requires: No interruption
ServiceName-
The name of your service. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. Service names must be unique within a cluster, but you can have similarly named services in multiple clusters within a Region or across multiple Regions.
Important
The stack update fails if you change any properties that require replacement and the
ServiceNameis configured. This is because Amazon CloudFormation creates the replacement service first, but eachServiceNamemust be unique in the cluster.Required: No
Type: String
Update requires: Replacement
ServiceRegistries-
The details of the service discovery registry to associate with this service. For more information, see Service discovery.
Note
Each service may be associated with one service registry. Multiple service registries for each service isn't supported.
Required: No
Type: List of ServiceRegistry
Update requires: No interruption
Tags-
The metadata that you apply to the service to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. When a service is deleted, the tags are deleted as well.
The following basic restrictions apply to tags:
-
Maximum number of tags per resource - 50
-
For each resource, each tag key must be unique, and each tag key can have only one value.
-
Maximum key length - 128 Unicode characters in UTF-8
-
Maximum value length - 256 Unicode characters in UTF-8
-
If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.
-
Tag keys and values are case-sensitive.
-
Do not use
aws:,AWS:, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.
Required: No
Type: List of Tag
Maximum:
50Update requires: No interruption
-
TaskDefinition-
The
familyandrevision(family:revision) or full ARN of the task definition to run in your service. If arevisionisn't specified, the latestACTIVErevision is used.A task definition must be specified if the service uses either the
ECSorCODE_DEPLOYdeployment controllers.For more information about deployment types, see Amazon ECS deployment types.
Required: No
Type: String
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Reffunction, Refreturns the Amazon Resource Name (ARN).
In the following example, the Ref function returns the ARN of the MyECSService
service, such as arn:aws:ecs:us-west-2:123456789012:service/sample-webapp.
{ "Ref": "MyECSService" }
For more information about using the Reffunction, see Ref.
Fn::GetAtt
The Fn::GetAttintrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAttintrinsic function, see Fn::GetAtt.
Examples
Define a basic service
The following example defines a service with a desired count of 1 that uses a cluster and task
definition that are declared elsewhere in the same template.
JSON
"ECSService": { "Type": "AWS::ECS::Service", "Properties" : { "Cluster": { "Ref": "ECSCluster" }, "DesiredCount": 1, "TaskDefinition" : { "Ref": "ECSTaskDefinition" } } }
YAML
ECSService: Type: AWS::ECS::Service Properties: Cluster: Ref: "ECSCluster" DesiredCount: 1 TaskDefinition: Ref: "ECSTaskDefinition"
Associate an Application Load Balancer with a service
The following example associates an Application Load Balancer with an Amazon ECS service by referencing an
AWS::ElasticLoadBalancingV2::TargetGroup resource.
Note
The Amazon ECS service requires an explicit dependency on the Application Load Balancer listener rule and the Application Load Balancer listener. This prevents the service from starting before the listener is ready.
JSON
"ECSService" : { "Type": "AWS::ECS::Service", "DependsOn": [ "Listener" ], "Properties": { "Role": { "Ref": "ECSServiceRole" }, "TaskDefinition": { "Ref": "ECSTaskDefinition" }, "DesiredCount": "1", "LoadBalancers": [ { "TargetGroupArn": { "Ref": "TargetGroup" }, "ContainerPort": "80", "ContainerName": "sample-app" } ], "Cluster": { "Ref": "ECSCluster" } } }
YAML
ECSService: Type: AWS::ECS::Service DependsOn: - Listener Properties: Role: Ref: ECSServiceRole TaskDefinition: Ref: ECSTaskDefinition DesiredCount: 1 LoadBalancers: - TargetGroupArn: Ref: TargetGroup ContainerPort: 80 ContainerName: sample-app Cluster: Ref: ECSCluster
Define a service with a health check grace period
The following example defines a service with a parameter that enables users to specify how many seconds that the Amazon ECS service scheduler should ignore unhealthy Elastic Load Balancing target health checks after a task has first started.
JSON
{ "AWSTemplateFormatVersion" : "2010-09-09", "Description" : "Creating ECS service", "Parameters": { "AppName": { "Type":"String", "Description": "Name of app requiring ELB exposure", "Default": "simple-app" }, "AppContainerPort": { "Type":"Number", "Description": "Container port of app requiring ELB exposure", "Default": "80" }, "AppHostPort": { "Type":"Number", "Description": "Host port of app requiring ELB exposure", "Default": "80" }, "ServiceName": { "Type": "String" }, "LoadBalancerName": { "Type": "String" }, "HealthCheckGracePeriodSeconds": { "Type": "String" } }, "Resources": { "ECSCluster": { "Type": "AWS::ECS::Cluster" }, "taskdefinition": { "Type": "AWS::ECS::TaskDefinition", "Properties" : { "ContainerDefinitions" : [ { "Name": {"Ref": "AppName"}, "MountPoints": [ { "SourceVolume": "my-vol", "ContainerPath": "/var/www/my-vol" } ], "Image":"amazon/amazon-ecs-sample", "Cpu": "10", "PortMappings":[ { "ContainerPort": {"Ref":"AppContainerPort"}, "HostPort": {"Ref":"AppHostPort"} } ], "EntryPoint": [ "/usr/sbin/apache2", "-D", "FOREGROUND" ], "Memory":"500", "Essential": "true" }, { "Name": "busybox", "Image": "busybox", "Cpu": "10", "EntryPoint": [ "sh", "-c" ], "Memory": "500", "Command": [ "/bin/sh -c \"while true; do /bin/date > /var/www/my-vol/date; sleep 1; done\"" ], "Essential" : "false", "VolumesFrom": [ { "SourceContainer": {"Ref":"AppName"} } ] } ], "Volumes": [ { "Host": { "SourcePath": "/var/lib/docker/vfs/dir/" }, "Name": "my-vol" } ] } }, "ECSService": { "Type": "AWS::ECS::Service", "Properties" : { "Cluster": {"Ref": "ECSCluster"}, "DeploymentConfiguration": { "MaximumPercent": 200, "MinimumHealthyPercent": 100 }, "DesiredCount": 0, "HealthCheckGracePeriodSeconds": {"Ref": "HealthCheckGracePeriodSeconds"}, "LoadBalancers": [{ "ContainerName": {"Ref" : "AppName"}, "ContainerPort": {"Ref":"AppContainerPort"}, "LoadBalancerName": {"Ref": "elb"} }], "PlacementStrategies": [{ "Type" : "binpack", "Field": "memory" }, { "Type": "spread", "Field": "host" }], "PlacementConstraints": [{ "Type": "memberOf", "Expression": "attribute:ecs.availability-zone != us-east-1d" }, { "Type": "distinctInstance" }], "TaskDefinition" : {"Ref":"taskdefinition"}, "ServiceName": {"Ref": "ServiceName"}, "Role": {"Ref": "Role"} } }, "elb": { "Type": "AWS::ElasticLoadBalancing::LoadBalancer", "Properties": { "LoadBalancerName": {"Ref": "LoadBalancerName"}, "Listeners": [{ "InstancePort": {"Ref": "AppHostPort"}, "LoadBalancerPort": "80", "Protocol": "HTTP" }], "Subnets": [{"Ref":"Subnet1"}] }, "DependsOn": "GatewayAttachment" }, "VPC": { "Type": "AWS::EC2::VPC", "Properties": { "CidrBlock": "10.0.0.0/24" } }, "Subnet1": { "Type": "AWS::EC2::Subnet", "Properties": { "VpcId": { "Ref": "VPC" }, "CidrBlock": "10.0.0.0/25" } }, "InternetGateway": { "Type": "AWS::EC2::InternetGateway" }, "GatewayAttachment": { "Type": "AWS::EC2::VPCGatewayAttachment", "Properties": { "InternetGatewayId": {"Ref": "InternetGateway"}, "VpcId": {"Ref": "VPC"} } }, "Role": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2008-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": "ecs.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }, "ManagedPolicyArns": ["arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole"] } } }, "Outputs" : { "Cluster": { "Value": {"Ref" : "ECSCluster"} } } }
YAML
AWSTemplateFormatVersion: 2010-09-09 Description: Creating ECS service Parameters: AppName: Type: String Description: Name of app requiring ELB exposure Default: simple-app AppContainerPort: Type: Number Description: Container port of app requiring ELB exposure Default: '80' AppHostPort: Type: Number Description: Host port of app requiring ELB exposure Default: '80' ServiceName: Type: String LoadBalancerName: Type: String HealthCheckGracePeriodSeconds: Type: String Resources: cluster: Type: AWS::ECS::Cluster taskdefinition: Type: AWS::ECS::TaskDefinition Properties: ContainerDefinitions: - Name: !Ref AppName MountPoints: - SourceVolume: my-vol ContainerPath: /var/www/my-vol Image: amazon/amazon-ecs-sample Cpu: '10' PortMappings: - ContainerPort: !Ref AppContainerPort HostPort: !Ref AppHostPort EntryPoint: - /usr/sbin/apache2 - '-D' - FOREGROUND Memory: '500' Essential: true - Name: busybox Image: busybox Cpu: '10' EntryPoint: - sh - '-c' Memory: '500' Command: - >- /bin/sh -c "while true; do /bin/date > /var/www/my-vol/date; sleep 1; done" Essential: false VolumesFrom: - SourceContainer: !Ref AppName Volumes: - Host: SourcePath: /var/lib/docker/vfs/dir/ Name: my-vol service: Type: AWS::ECS::Service Properties: Cluster: !Ref cluster DeploymentConfiguration: MaximumPercent: 200 MinimumHealthyPercent: 100 DesiredCount: 0 HealthCheckGracePeriodSeconds: !Ref HealthCheckGracePeriodSeconds LoadBalancers: - ContainerName: !Ref AppName ContainerPort: !Ref AppContainerPort LoadBalancerName: !Ref elb PlacementStrategies: - Type: binpack Field: memory - Type: spread Field: host PlacementConstraints: - Type: memberOf Expression: 'attribute:ecs.availability-zone != us-east-1d' - Type: distinctInstance TaskDefinition: !Ref taskdefinition ServiceName: !Ref ServiceName Role: !Ref Role elb: Type: AWS::ElasticLoadBalancing::LoadBalancer Properties: LoadBalancerName: !Ref LoadBalancerName Listeners: - InstancePort: !Ref AppHostPort LoadBalancerPort: '80' Protocol: HTTP Subnets: - !Ref Subnet1 DependsOn: GatewayAttachment VPC: Type: AWS::EC2::VPC Properties: CidrBlock: 10.0.0.0/24 Subnet1: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC CidrBlock: 10.0.0.0/25 InternetGateway: Type: AWS::EC2::InternetGateway GatewayAttachment: Type: AWS::EC2::VPCGatewayAttachment Properties: InternetGatewayId: !Ref InternetGateway VpcId: !Ref VPC Role: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: 2008-10-17 Statement: - Sid: '' Effect: Allow Principal: Service: ecs.amazonaws.com Action: 'sts:AssumeRole' ManagedPolicyArns: - 'arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole' Outputs: Cluster: Value: !Ref cluster
Define a service with ECS Exec enabled
The following example defines a service with ECS Exec enabled. For more information, see Using ECS Exec for debugging in the Amazon ECS Developer Guide.
JSON
"ECSService": { "Type": "AWS::ECS::Service", "Properties" : { "Cluster": { "Ref": "ECSCluster" }, "DesiredCount": 1, "TaskDefinition" : { "Ref": "ECSTaskDefinition" }, "EnableExecuteCommand": "true" } }
YAML
ECSService: Type: AWS::ECS::Service Properties: Cluster: Ref: "ECSCluster" DesiredCount: 1 TaskDefinition: Ref: "ECSTaskDefinition" EnableExecuteCommand: true