EcsContainerDefinitionProps

class aws_cdk.aws_batch.EcsContainerDefinitionProps(*, cpu, image, memory, command=None, enable_execute_command=None, environment=None, execution_role=None, job_role=None, linux_parameters=None, logging=None, readonly_root_filesystem=None, secrets=None, user=None, volumes=None)

Bases: object

Props to configure an EcsContainerDefinition.

Parameters:

  • cpu (Union[int, float]) – The number of vCPUs reserved for the container. Each vCPU is equivalent to 1,024 CPU shares. For containers running on EC2 resources, you must specify at least one vCPU.

  • image (ContainerImage) – The image that this container will run.

  • memory (Size) – The memory hard limit present to the container. If your container attempts to exceed the memory specified, the container is terminated. You must specify at least 4 MiB of memory for a job.

  • command (Optional[Sequence[str]]) – The command that’s passed to the container. Default: - no command

  • enable_execute_command (Optional[bool]) – Determines whether execute command functionality is turned on for this task. If true, execute command functionality is turned on all the containers in the task. This allows you to use ECS Exec to access containers interactively. When enabled, a job role with required SSM permissions will be created automatically if no job role is provided. If a job role is alreadyprovided, the required permissions will be added to it. Default: undefined - AWS Batch default is false

  • environment (Optional[Mapping[str, str]]) – The environment variables to pass to a container. Cannot start with AWS_BATCH. We don’t recommend using plaintext environment variables for sensitive information, such as credential data. Default: - no environment variables

  • execution_role (Optional[IRole]) – The role used by Amazon ECS container and AWS Fargate agents to make AWS API calls on your behalf. Default: - a Role will be created

  • job_role (Optional[IRole]) – The role that the container can assume. Default: - no job role

  • linux_parameters (Optional[LinuxParameters]) – Linux-specific modifications that are applied to the container, such as details for device mappings. Default: none

  • logging (Optional[LogDriver]) – The loging configuration for this Job. Default: - the log configuration of the Docker daemon

  • readonly_root_filesystem (Optional[bool]) – Gives the container readonly access to its root filesystem. Default: false

  • secrets (Optional[Mapping[str, Secret]]) – A map from environment variable names to the secrets for the container. Allows your job definitions to reference the secret by the environment variable name defined in this property. Default: - no secrets

  • user (Optional[str]) – The user name to use inside the container. Default: - no user

  • volumes (Optional[Sequence[EcsVolume]]) – The volumes to mount to this container. Automatically added to the job definition. Default: - no volumes

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
import aws_cdk as cdk
from aws_cdk import aws_batch as batch
from aws_cdk import aws_ecs as ecs
from aws_cdk import aws_iam as iam

# container_image: ecs.ContainerImage
# ecs_volume: batch.EcsVolume
# linux_parameters: batch.LinuxParameters
# log_driver: ecs.LogDriver
# role: iam.Role
# secret: batch.Secret
# size: cdk.Size

ecs_container_definition_props = batch.EcsContainerDefinitionProps(
    cpu=123,
    image=container_image,
    memory=size,

    # the properties below are optional
    command=["command"],
    enable_execute_command=False,
    environment={
        "environment_key": "environment"
    },
    execution_role=role,
    job_role=role,
    linux_parameters=linux_parameters,
    logging=log_driver,
    readonly_root_filesystem=False,
    secrets={
        "secrets_key": secret
    },
    user="user",
    volumes=[ecs_volume]
)

Attributes

command

The command that’s passed to the container.

Default:

  • no command

See:

https://docs.docker.com/engine/reference/builder/#cmd

cpu

The number of vCPUs reserved for the container.

Each vCPU is equivalent to 1,024 CPU shares. For containers running on EC2 resources, you must specify at least one vCPU.

enable_execute_command

Determines whether execute command functionality is turned on for this task.

If true, execute command functionality is turned on all the containers in the task.

This allows you to use ECS Exec to access containers interactively. When enabled, a job role with required SSM permissions will be created automatically if no job role is provided. If a job role is alreadyprovided, the required permissions will be added to it.

Default:

undefined - AWS Batch default is false

See:

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-exec.html

environment

The environment variables to pass to a container.

Cannot start with AWS_BATCH. We don’t recommend using plaintext environment variables for sensitive information, such as credential data.

Default:

  • no environment variables

execution_role

The role used by Amazon ECS container and AWS Fargate agents to make AWS API calls on your behalf.

Default:

  • a Role will be created

See:

https://docs.aws.amazon.com/batch/latest/userguide/execution-IAM-role.html

image

The image that this container will run.

job_role

The role that the container can assume.

Default:

  • no job role

See:

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html

linux_parameters

Linux-specific modifications that are applied to the container, such as details for device mappings.

Default:

none

logging

The loging configuration for this Job.

Default:

  • the log configuration of the Docker daemon

memory

The memory hard limit present to the container.

If your container attempts to exceed the memory specified, the container is terminated. You must specify at least 4 MiB of memory for a job.

readonly_root_filesystem

Gives the container readonly access to its root filesystem.

Default:

false

secrets

A map from environment variable names to the secrets for the container.

Allows your job definitions to reference the secret by the environment variable name defined in this property.

Default:

  • no secrets

See:

https://docs.aws.amazon.com/batch/latest/userguide/specifying-sensitive-data.html

user

The user name to use inside the container.

Default:

  • no user

volumes

The volumes to mount to this container.

Automatically added to the job definition.

Default:

  • no volumes