CfnDaemonTaskDefinition

class aws_cdk.aws_ecs.CfnDaemonTaskDefinition(scope, id, *, container_definitions=None, cpu=None, execution_role_arn=None, family=None, memory=None, tags=None, task_role_arn=None, volumes=None)

Bases: CfnResource

The details of a daemon task definition.

A daemon task definition is a template that describes the containers that form a daemon. Daemons deploy cross-cutting software agents independently across your Amazon ECS infrastructure.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-daemontaskdefinition.html
CloudformationResource:: AWS::ECS::DaemonTaskDefinition
ExampleMetadata:: fixture=_generated

Example:

from aws_cdk import CfnTag
# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_ecs as ecs

cfn_daemon_task_definition = ecs.CfnDaemonTaskDefinition(self, "MyCfnDaemonTaskDefinition",
    container_definitions=[ecs.CfnDaemonTaskDefinition.DaemonContainerDefinitionProperty(
        image="image",
        name="name",

        # the properties below are optional
        command=["command"],
        cpu=123,
        depends_on=[ecs.CfnDaemonTaskDefinition.ContainerDependencyProperty(
            condition="condition",
            container_name="containerName"
        )],
        entry_point=["entryPoint"],
        environment=[ecs.CfnDaemonTaskDefinition.KeyValuePairProperty(
            name="name",
            value="value"
        )],
        environment_files=[ecs.CfnDaemonTaskDefinition.EnvironmentFileProperty(
            type="type",
            value="value"
        )],
        essential=False,
        firelens_configuration=ecs.CfnDaemonTaskDefinition.FirelensConfigurationProperty(
            options={
                "options_key": "options"
            },
            type="type"
        ),
        health_check=ecs.CfnDaemonTaskDefinition.HealthCheckProperty(
            command=["command"],
            interval=123,
            retries=123,
            start_period=123,
            timeout=123
        ),
        interactive=False,
        linux_parameters=ecs.CfnDaemonTaskDefinition.LinuxParametersProperty(
            capabilities=ecs.CfnDaemonTaskDefinition.KernelCapabilitiesProperty(
                add=["add"],
                drop=["drop"]
            ),
            devices=[ecs.CfnDaemonTaskDefinition.DeviceProperty(
                container_path="containerPath",
                host_path="hostPath",
                permissions=["permissions"]
            )],
            init_process_enabled=False,
            tmpfs=[ecs.CfnDaemonTaskDefinition.TmpfsProperty(
                size=123,

                # the properties below are optional
                container_path="containerPath",
                mount_options=["mountOptions"]
            )]
        ),
        log_configuration=ecs.CfnDaemonTaskDefinition.LogConfigurationProperty(
            log_driver="logDriver",

            # the properties below are optional
            options={
                "options_key": "options"
            },
            secret_options=[ecs.CfnDaemonTaskDefinition.SecretProperty(
                name="name",
                value_from="valueFrom"
            )]
        ),
        memory=123,
        memory_reservation=123,
        mount_points=[ecs.CfnDaemonTaskDefinition.MountPointProperty(
            container_path="containerPath",
            read_only=False,
            source_volume="sourceVolume"
        )],
        privileged=False,
        pseudo_terminal=False,
        readonly_root_filesystem=False,
        repository_credentials=ecs.CfnDaemonTaskDefinition.RepositoryCredentialsProperty(
            credentials_parameter="credentialsParameter"
        ),
        restart_policy=ecs.CfnDaemonTaskDefinition.RestartPolicyProperty(
            enabled=False,
            ignored_exit_codes=[123],
            restart_attempt_period=123
        ),
        secrets=[ecs.CfnDaemonTaskDefinition.SecretProperty(
            name="name",
            value_from="valueFrom"
        )],
        start_timeout=123,
        stop_timeout=123,
        system_controls=[ecs.CfnDaemonTaskDefinition.SystemControlProperty(
            namespace="namespace",
            value="value"
        )],
        ulimits=[ecs.CfnDaemonTaskDefinition.UlimitProperty(
            hard_limit=123,
            name="name",
            soft_limit=123
        )],
        user="user",
        working_directory="workingDirectory"
    )],
    cpu="cpu",
    execution_role_arn="executionRoleArn",
    family="family",
    memory="memory",
    tags=[CfnTag(
        key="key",
        value="value"
    )],
    task_role_arn="taskRoleArn",
    volumes=[ecs.CfnDaemonTaskDefinition.VolumeProperty(
        host=ecs.CfnDaemonTaskDefinition.HostVolumePropertiesProperty(
            source_path="sourcePath"
        ),
        name="name"
    )]
)

Create a new AWS::ECS::DaemonTaskDefinition.

Parameters:

scope (Construct) – Scope in which this resource is defined.
id (str) – Construct identifier for this resource (unique in its scope).
container_definitions (Union[IResolvable, Sequence[Union[IResolvable, DaemonContainerDefinitionProperty, Dict[str, Any]]], None]) – A list of container definitions in JSON format that describe the containers that make up the daemon task.
cpu (Optional[str]) – The number of CPU units used by the daemon task.
execution_role_arn (Optional[str]) – The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make Amazon Web Services API calls on your behalf.
family (Optional[str]) – The name of a family that this daemon task definition is registered to.
memory (Optional[str]) – The amount of memory (in MiB) used by the daemon task.
tags (Optional[Sequence[Union[CfnTag, Dict[str, Any]]]])
task_role_arn (Optional[str]) – The short name or full Amazon Resource Name (ARN) of the IAM role that grants containers in the daemon task permission to call Amazon Web Services APIs on your behalf.
volumes (Union[IResolvable, Sequence[Union[IResolvable, VolumeProperty, Dict[str, Any]]], None]) – The list of data volume definitions for the daemon task.

Methods

add_deletion_override(path)

Syntactic sugar for addOverride(path, undefined).

Parameters:: path (str) – The path of the value to delete.
Return type:: None

add_dependency(target)

Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.

This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope.

Parameters:: target (CfnResource)
Return type:: None

add_depends_on(target)

(deprecated) Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.

Parameters:: target (CfnResource)
Deprecated:: use addDependency
Stability:: deprecated
Return type:: None

add_metadata(key, value)

Add a value to the CloudFormation Resource Metadata.

Parameters:

key (str)
value (Any)

See:

Return type:

None

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html

Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.

add_override(path, value)

Adds an override to the synthesized CloudFormation resource.

To add a property override, either use addPropertyOverride or prefix path with “Properties.” (i.e. Properties.TopicName).

If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path.

To include a literal . in the property name, prefix with a \. In most programming languages you will need to write this as "\\." because the \ itself will need to be escaped.

For example:

cfn_resource.add_override("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes", ["myattribute"])
cfn_resource.add_override("Properties.GlobalSecondaryIndexes.1.ProjectionType", "INCLUDE")

would add the overrides Example:

"Properties": {
  "GlobalSecondaryIndexes": [
    {
      "Projection": {
        "NonKeyAttributes": [ "myattribute" ]
        ...
      }
      ...
    },
    {
      "ProjectionType": "INCLUDE"
      ...
    },
  ]
  ...
}

The value argument to addOverride will not be processed or translated in any way. Pass raw JSON values in here with the correct capitalization for CloudFormation. If you pass CDK classes or structs, they will be rendered with lowercased key names, and CloudFormation will reject the template.

Parameters:

path (str) –
- The path of the property, you can use dot notation to override values in complex types. Any intermediate keys will be created as needed.
value (Any) –
- The value. Could be primitive or complex.

Return type:

None

add_property_deletion_override(property_path)

Adds an override that deletes the value of a property from the resource definition.

Parameters:: property_path (str) – The path to the property.
Return type:: None

add_property_override(property_path, value)

Adds an override to a resource property.

Syntactic sugar for addOverride("Properties.<...>", value).

Parameters:

property_path (str) – The path of the property.
value (Any) – The value.

Return type:

None

apply_removal_policy(policy=None, *, apply_to_update_replace_policy=None, default=None)

Sets the deletion policy of the resource based on the removal policy specified.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN). In some cases, a snapshot can be taken of the resource prior to deletion (RemovalPolicy.SNAPSHOT). A list of resources that support this policy can be found in the following link:

Parameters:

policy (Optional[RemovalPolicy])
apply_to_update_replace_policy (Optional[bool]) – Apply the same deletion policy to the resource’s “UpdateReplacePolicy”. Default: true
default (Optional[RemovalPolicy]) – The default policy to apply in case the removal policy is not defined. Default: - Default value is resource specific. To determine the default value for a resource, please consult that specific resource’s documentation.

See:

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options

Return type:

None

cfn_property_name(cdk_property_name)

Parameters:: cdk_property_name (str)
Return type:: Optional[str]

get_att(attribute_name, type_hint=None)

Returns a token for an runtime attribute of this resource.

Ideally, use generated attribute accessors (e.g. resource.arn), but this can be used for future compatibility in case there is no generated attribute.

Parameters:

attribute_name (str) – The name of the attribute.
type_hint (Optional[ResolutionTypeHint])

Return type:

Reference

get_metadata(key)

Retrieve a value value from the CloudFormation Resource Metadata.

Parameters:: key (str)
See:
Return type:: Any

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html

Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.

inspect(inspector)

Examines the CloudFormation resource and discloses attributes.

Parameters:: inspector (TreeInspector) – tree inspector to collect and process attributes.
Return type:: None

obtain_dependencies()

Retrieves an array of resources this resource depends on.

This assembles dependencies on resources across stacks (including nested stacks) automatically.

Return type:: List[Union[Stack, CfnResource]]

obtain_resource_dependencies()

Get a shallow copy of dependencies between this resource and other resources in the same stack.

Return type:: List[CfnResource]

override_logical_id(new_logical_id)

Overrides the auto-generated logical ID with a specific ID.

Parameters:: new_logical_id (str) – The new logical ID to use for this stack element.
Return type:: None

remove_dependency(target)

Indicates that this resource no longer depends on another resource.

This can be used for resources across stacks (including nested stacks) and the dependency will automatically be removed from the relevant scope.

Parameters:: target (CfnResource)
Return type:: None

replace_dependency(target, new_target)

Replaces one dependency with another.

Parameters:

target (CfnResource) – The dependency to replace.
new_target (CfnResource) – The new dependency to add.

Return type:

None

to_string()

Returns a string representation of this construct.

Return type:: str
Returns:: a string representation of this resource

with_(*mixins)

Applies one or more mixins to this construct.

Mixins are applied in order. The list of constructs is captured at the start of the call, so constructs added by a mixin will not be visited. Use multiple with() calls if subsequent mixins should apply to added constructs.

Parameters:: mixins (IMixin)
Return type:: IConstruct

Attributes

CFN_RESOURCE_TYPE_NAME = 'AWS::ECS::DaemonTaskDefinition'

attr_daemon_task_definition_arn

DaemonTaskDefinitionArn

Type:: cloudformationAttribute

cdk_tag_manager: Tag Manager which manages the tags for this resource.

cfn_options: Options for this resource, such as condition, update policy etc.

cfn_resource_type: AWS resource type.

container_definitions: A list of container definitions in JSON format that describe the containers that make up the daemon task.

cpu: The number of CPU units used by the daemon task.

creation_stack

return:

the stack trace of the point where this Resource was created from, sourced from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most node +internal+ entries filtered.

daemon_task_definition_ref: A reference to a DaemonTaskDefinition resource.

env

execution_role_arn: The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make Amazon Web Services API calls on your behalf.

family: The name of a family that this daemon task definition is registered to.

logical_id

The logical ID for this CloudFormation stack element.

The logical ID of the element is calculated from the path of the resource node in the construct tree.

To override this value, use overrideLogicalId(newLogicalId).

Returns:

the logical ID as a stringified token. This value will only get resolved during synthesis.

memory: The amount of memory (in MiB) used by the daemon task.

node: The tree node.

ref

Return a string that will be resolved to a CloudFormation { Ref } for this element.

If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through Lazy.any({ produce: resource.ref }).

stack

The stack in which this element is defined.

CfnElements must be defined within a stack scope (directly or indirectly).

tags

task_role_arn: The short name or full Amazon Resource Name (ARN) of the IAM role that grants containers in the daemon task permission to call Amazon Web Services APIs on your behalf.

volumes: The list of data volume definitions for the daemon task.

Static Methods

classmethod arn_for_daemon_task_definition(resource)

Parameters:: resource (IDaemonTaskDefinitionRef)
Return type:: str

classmethod is_cfn_daemon_task_definition(x)

Checks whether the given object is a CfnDaemonTaskDefinition.

Parameters:: x (Any)
Return type:: bool

classmethod is_cfn_element(x)

Returns true if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of instanceof to allow stack elements from different versions of this library to be included in the same stack.

Parameters:: x (Any)
Return type:: bool
Returns:: The construct as a stack element or undefined if it is not a stack element.

classmethod is_cfn_resource(x)

Check whether the given object is a CfnResource.

Parameters:: x (Any)
Return type:: bool

classmethod is_construct(x)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

Parameters:: x (Any) – Any object.
Return type:: bool
Returns:: true if x is an object created from a class which extends Construct.

ContainerDependencyProperty

class CfnDaemonTaskDefinition.ContainerDependencyProperty(*, condition=None, container_name=None)

Bases: object

The dependencies defined for container startup and shutdown.

A container can contain multiple dependencies. When a dependency is defined for container startup, for container shutdown it is reversed. Your Amazon ECS container instances require at least version 1.26.0 of the container agent to use container dependencies. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see Updating the Amazon ECS Container Agent in the Amazon Elastic Container Service Developer Guide. If you’re using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the ecs-init package. If your container instances are launched from version 20190301 or later, then they contain the required versions of the container agent and ecs-init. For more information, see Amazon ECS-optimized Linux AMI in the Amazon Elastic Container Service Developer Guide. For tasks that use the Fargate launch type, the task or service requires the following platforms:

Linux platform version 1.3.0 or later.
Windows platform version 1.0.0 or later.

For more information about how to create a container dependency, see Container dependency in the Amazon Elastic Container Service Developer Guide.

Parameters:

condition (Optional[str]) – The dependency condition of the container. The following are the available conditions and their behavior: - START - This condition emulates the behavior of links and volumes today. It validates that a dependent container is started before permitting other containers to start. - COMPLETE - This condition validates that a dependent container runs to completion (exits) before permitting other containers to start. This can be useful for nonessential containers that run a script and then exit. This condition can’t be set on an essential container. - SUCCESS - This condition is the same as COMPLETE, but it also requires that the container exits with a zero status. This condition can’t be set on an essential container. - HEALTHY - This condition validates that the dependent container passes its Docker health check before permitting other containers to start. This requires that the dependent container has health checks configured. This condition is confirmed only at task startup.
container_name (Optional[str]) – The name of a container.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-containerdependency.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_ecs as ecs

container_dependency_property = ecs.CfnDaemonTaskDefinition.ContainerDependencyProperty(
    condition="condition",
    container_name="containerName"
)

Attributes

condition

The dependency condition of the container.

The following are the available conditions and their behavior:

START - This condition emulates the behavior of links and volumes today. It validates that a dependent container is started before permitting other containers to start.
COMPLETE - This condition validates that a dependent container runs to completion (exits) before permitting other containers to start. This can be useful for nonessential containers that run a script and then exit. This condition can’t be set on an essential container.
SUCCESS - This condition is the same as COMPLETE, but it also requires that the container exits with a zero status. This condition can’t be set on an essential container.
HEALTHY - This condition validates that the dependent container passes its Docker health check before permitting other containers to start. This requires that the dependent container has health checks configured. This condition is confirmed only at task startup.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-containerdependency.html#cfn-ecs-daemontaskdefinition-containerdependency-condition

container_name

The name of a container.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-containerdependency.html#cfn-ecs-daemontaskdefinition-containerdependency-containername

DaemonContainerDefinitionProperty

class CfnDaemonTaskDefinition.DaemonContainerDefinitionProperty(*, image, name, command=None, cpu=None, depends_on=None, entry_point=None, environment=None, environment_files=None, essential=None, firelens_configuration=None, health_check=None, interactive=None, linux_parameters=None, log_configuration=None, memory=None, memory_reservation=None, mount_points=None, privileged=None, pseudo_terminal=None, readonly_root_filesystem=None, repository_credentials=None, restart_policy=None, secrets=None, start_timeout=None, stop_timeout=None, system_controls=None, ulimits=None, user=None, working_directory=None)

Bases: object

A container definition for a daemon task.

Daemon container definitions describe the containers that run as part of a daemon task on container instances managed by capacity providers.

Parameters:

image (str) – The image used to start the container. This string is passed directly to the Docker daemon. Images in the Docker Hub registry are available by default. Other repositories are specified with either repository-url/image:tag or repository-url/image@digest.
name (str) – The name of the container. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed.
command (Optional[Sequence[str]]) – The command that’s passed to the container.
cpu (Union[int, float, None]) – The number of cpu units reserved for the container.
depends_on (Union[IResolvable, Sequence[Union[IResolvable, ContainerDependencyProperty, Dict[str, Any]]], None]) – The dependencies defined for container startup and shutdown. A container can contain multiple dependencies on other containers in a task definition.
entry_point (Optional[Sequence[str]]) – The entry point that’s passed to the container.
environment (Union[IResolvable, Sequence[Union[IResolvable, KeyValuePairProperty, Dict[str, Any]]], None]) – The environment variables to pass to a container.
environment_files (Union[IResolvable, Sequence[Union[IResolvable, EnvironmentFileProperty, Dict[str, Any]]], None]) – A list of files containing the environment variables to pass to a container.
essential (Union[bool, IResolvable, None]) – If the essential parameter of a container is marked as true, and that container fails or stops for any reason, all other containers that are part of the task are stopped.
firelens_configuration (Union[IResolvable, FirelensConfigurationProperty, Dict[str, Any], None]) – The FireLens configuration for the container. This is used to specify and configure a log router for container logs. For more information, see Custom log routing in the Amazon Elastic Container Service Developer Guide.
health_check (Union[IResolvable, HealthCheckProperty, Dict[str, Any], None]) –
An object representing a container health check. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image (such as those specified in a parent image or from the image’s Dockerfile). This configuration maps to the HEALTHCHECK parameter of docker run. The Amazon ECS container agent only monitors and reports on the health checks specified in the task definition. Amazon ECS does not monitor Docker health checks that are embedded in a container image and not specified in the container definition. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image. You can view the health status of both individual containers and a task with the DescribeTasks API operation or when viewing the task details in the console. The health check is designed to make sure that your containers survive agent restarts, upgrades, or temporary unavailability. Amazon ECS performs health checks on containers with the default that launched the container instance or the task. The following describes the possible healthStatus values for a container: - HEALTHY-The container health check has passed successfully. - UNHEALTHY-The container health check has failed. - UNKNOWN-The container health check is being evaluated, there’s no container health check defined, or Amazon ECS doesn’t have the health status of the container. The following describes the possible healthStatus values based on the container health checker status of essential containers in the task with the following priority order (high to low): - UNHEALTHY-One or more essential containers have failed their health check. - UNKNOWN-Any essential container running within the task is in an UNKNOWN state and no other essential containers have an UNHEALTHY state. - HEALTHY-All essential containers within the task have passed their health checks. Consider the following task health example with 2 containers. - If Container1 is UNHEALTHY and Container2 is UNKNOWN, the task health is UNHEALTHY. - If Container1 is UNHEALTHY and Container2 is HEALTHY, the task health is UNHEALTHY. - If Container1 is HEALTHY and Container2 is UNKNOWN, the task health is UNKNOWN. - If Container1 is HEALTHY and Container2 is HEALTHY, the task health is HEALTHY. Consider the following task health example with 3 containers. - If Container1 is UNHEALTHY and Container2 is UNKNOWN, and Container3 is UNKNOWN, the task health is UNHEALTHY. - If Container1 is UNHEALTHY and Container2 is UNKNOWN, and Container3 is HEALTHY, the task health is UNHEALTHY. - If Container1 is UNHEALTHY and Container2 is HEALTHY, and Container3 is HEALTHY, the task health is UNHEALTHY. - If Container1 is HEALTHY and Container2 is UNKNOWN, and Container3 is HEALTHY, the task health is UNKNOWN. - If Container1 is HEALTHY and Container2 is UNKNOWN, and Container3 is UNKNOWN, the task health is UNKNOWN. - If Container1 is HEALTHY and Container2 is HEALTHY, and Container3 is HEALTHY, the task health is HEALTHY. If a task is run manually, and not as part of a service, the task will continue its lifecycle regardless of its health status. For tasks that are part of a service, if the task reports as unhealthy then the task will be stopped and the service scheduler will replace it. When a container health check fails for a task that is part of a service, the following process occurs: 1. The task is marked as UNHEALTHY. 1. The unhealthy task will be stopped, and during the stopping process, it will go through the following states: - DEACTIVATING - In this state, Amazon ECS performs additional steps before stopping the task. For example, for tasks that are part of services configured to use Elastic Load Balancing target groups, target groups will be deregistered in this state. - STOPPING - The task is in the process of being stopped. - DEPROVISIONING - Resources associated with the task are being cleaned up. - STOPPED - The task has been completely stopped. 1. After the old task stops, a new task will be launched to ensure service operation, and the new task will go through the following lifecycle: - PROVISIONING - Resources required for the task are being provisioned. - PENDING - The task is waiting to be placed on a container instance. - ACTIVATING - In this state, Amazon ECS pulls container images, creates containers, configures task networking, registers load balancer target groups, and configures service discovery status. - RUNNING - The task is running and performing its work. For more detailed information about task lifecycle states, see Task lifecycle in the Amazon Elastic Container Service Developer Guide. The following are notes about container health check support: - If the Amazon ECS container agent becomes disconnected from the Amazon ECS service, this won’t cause a container to transition to an UNHEALTHY status. This is by design, to ensure that containers remain running during agent restarts or temporary unavailability. The health check status is the “last heard from” response from the Amazon ECS agent, so if the container was considered HEALTHY prior to the disconnect, that status will remain until the agent reconnects and another health check occurs. There are no assumptions made about the status of the container health checks. - Container health checks require version 1.17.0 or greater of the Amazon ECS container agent. For more information, see Updating the Amazon ECS container agent. - Container health checks are supported for Fargate tasks if you’re using platform version 1.1.0 or greater. For more information, see platform versions. - Container health checks aren’t supported for tasks that are part of a service that’s configured to use a Classic Load Balancer. For an example of how to specify a task definition with multiple containers where container dependency is specified, see Container dependency in the Amazon Elastic Container Service Developer Guide.
interactive (Union[bool, IResolvable, None]) – When this parameter is true, you can deploy containerized applications that require stdin or a tty to be allocated.
linux_parameters (Union[IResolvable, LinuxParametersProperty, Dict[str, Any], None]) – The Linux-specific options that are applied to the container, such as Linux KernelCapabilities.
log_configuration (Union[IResolvable, LogConfigurationProperty, Dict[str, Any], None]) – The log configuration for the container. This parameter maps to LogConfig in the docker container create command and the --log-driver option to docker run. By default, containers use the same logging driver that the Docker daemon uses. However, the container might use a different logging driver than the Docker daemon by specifying a log driver configuration in the container definition. Understand the following when specifying a log configuration for your containers. - Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon. Additional log drivers may be available in future releases of the Amazon ECS container agent. For tasks on FARGATElong, the supported log drivers are awslogs, splunk, and awsfirelens. For tasks hosted on Amazon EC2 instances, the supported log drivers are awslogs, fluentd, gelf, json-file, journald,``syslog``, splunk, and awsfirelens. - This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. - For tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must register the available logging drivers with the ECS_AVAILABLE_LOGGING_DRIVERS environment variable before containers placed on that instance can use these log configuration options. For more information, see Amazon ECS container agent configuration in the Amazon Elastic Container Service Developer Guide. - For tasks that are on FARGATElong, because you don’t have access to the underlying infrastructure your tasks are hosted on, any additional software needed must be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to.
memory (Union[int, float, None]) – The amount (in MiB) of memory to present to the container. If the container attempts to exceed the memory specified here, the container is killed.
memory_reservation (Union[int, float, None]) – The soft limit (in MiB) of memory to reserve for the container.
mount_points (Union[IResolvable, Sequence[Union[IResolvable, MountPointProperty, Dict[str, Any]]], None]) – The mount points for data volumes in your container.
privileged (Union[bool, IResolvable, None]) – When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user).
pseudo_terminal (Union[bool, IResolvable, None]) – When this parameter is true, a TTY is allocated.
readonly_root_filesystem (Union[bool, IResolvable, None]) – When this parameter is true, the container is given read-only access to its root file system.
repository_credentials (Union[IResolvable, RepositoryCredentialsProperty, Dict[str, Any], None]) – The repository credentials for private registry authentication.
restart_policy (Union[IResolvable, RestartPolicyProperty, Dict[str, Any], None])
secrets (Union[IResolvable, Sequence[Union[IResolvable, SecretProperty, Dict[str, Any]]], None]) – The secrets to pass to the container.
start_timeout (Union[int, float, None]) – Time duration (in seconds) to wait before giving up on resolving dependencies for a container.
stop_timeout (Union[int, float, None]) – Time duration (in seconds) to wait before the container is forcefully killed if it doesn’t exit normally on its own.
system_controls (Union[IResolvable, Sequence[Union[IResolvable, SystemControlProperty, Dict[str, Any]]], None]) – A list of namespaced kernel parameters to set in the container.
ulimits (Union[IResolvable, Sequence[Union[IResolvable, UlimitProperty, Dict[str, Any]]], None]) – A list of ulimits to set in the container.
user (Optional[str]) – The user to use inside the container.
working_directory (Optional[str]) – The working directory to run commands inside the container in.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-daemoncontainerdefinition.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_ecs as ecs

daemon_container_definition_property = ecs.CfnDaemonTaskDefinition.DaemonContainerDefinitionProperty(
    image="image",
    name="name",

    # the properties below are optional
    command=["command"],
    cpu=123,
    depends_on=[ecs.CfnDaemonTaskDefinition.ContainerDependencyProperty(
        condition="condition",
        container_name="containerName"
    )],
    entry_point=["entryPoint"],
    environment=[ecs.CfnDaemonTaskDefinition.KeyValuePairProperty(
        name="name",
        value="value"
    )],
    environment_files=[ecs.CfnDaemonTaskDefinition.EnvironmentFileProperty(
        type="type",
        value="value"
    )],
    essential=False,
    firelens_configuration=ecs.CfnDaemonTaskDefinition.FirelensConfigurationProperty(
        options={
            "options_key": "options"
        },
        type="type"
    ),
    health_check=ecs.CfnDaemonTaskDefinition.HealthCheckProperty(
        command=["command"],
        interval=123,
        retries=123,
        start_period=123,
        timeout=123
    ),
    interactive=False,
    linux_parameters=ecs.CfnDaemonTaskDefinition.LinuxParametersProperty(
        capabilities=ecs.CfnDaemonTaskDefinition.KernelCapabilitiesProperty(
            add=["add"],
            drop=["drop"]
        ),
        devices=[ecs.CfnDaemonTaskDefinition.DeviceProperty(
            container_path="containerPath",
            host_path="hostPath",
            permissions=["permissions"]
        )],
        init_process_enabled=False,
        tmpfs=[ecs.CfnDaemonTaskDefinition.TmpfsProperty(
            size=123,

            # the properties below are optional
            container_path="containerPath",
            mount_options=["mountOptions"]
        )]
    ),
    log_configuration=ecs.CfnDaemonTaskDefinition.LogConfigurationProperty(
        log_driver="logDriver",

        # the properties below are optional
        options={
            "options_key": "options"
        },
        secret_options=[ecs.CfnDaemonTaskDefinition.SecretProperty(
            name="name",
            value_from="valueFrom"
        )]
    ),
    memory=123,
    memory_reservation=123,
    mount_points=[ecs.CfnDaemonTaskDefinition.MountPointProperty(
        container_path="containerPath",
        read_only=False,
        source_volume="sourceVolume"
    )],
    privileged=False,
    pseudo_terminal=False,
    readonly_root_filesystem=False,
    repository_credentials=ecs.CfnDaemonTaskDefinition.RepositoryCredentialsProperty(
        credentials_parameter="credentialsParameter"
    ),
    restart_policy=ecs.CfnDaemonTaskDefinition.RestartPolicyProperty(
        enabled=False,
        ignored_exit_codes=[123],
        restart_attempt_period=123
    ),
    secrets=[ecs.CfnDaemonTaskDefinition.SecretProperty(
        name="name",
        value_from="valueFrom"
    )],
    start_timeout=123,
    stop_timeout=123,
    system_controls=[ecs.CfnDaemonTaskDefinition.SystemControlProperty(
        namespace="namespace",
        value="value"
    )],
    ulimits=[ecs.CfnDaemonTaskDefinition.UlimitProperty(
        hard_limit=123,
        name="name",
        soft_limit=123
    )],
    user="user",
    working_directory="workingDirectory"
)

Attributes

command

The command that’s passed to the container.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-daemoncontainerdefinition.html#cfn-ecs-daemontaskdefinition-daemoncontainerdefinition-command

cpu

The number of cpu units reserved for the container.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-daemoncontainerdefinition.html#cfn-ecs-daemontaskdefinition-daemoncontainerdefinition-cpu

depends_on

The dependencies defined for container startup and shutdown.

A container can contain multiple dependencies on other containers in a task definition.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-daemoncontainerdefinition.html#cfn-ecs-daemontaskdefinition-daemoncontainerdefinition-dependson

entry_point

The entry point that’s passed to the container.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-daemoncontainerdefinition.html#cfn-ecs-daemontaskdefinition-daemoncontainerdefinition-entrypoint

environment

The environment variables to pass to a container.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-daemoncontainerdefinition.html#cfn-ecs-daemontaskdefinition-daemoncontainerdefinition-environment

environment_files

A list of files containing the environment variables to pass to a container.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-daemoncontainerdefinition.html#cfn-ecs-daemontaskdefinition-daemoncontainerdefinition-environmentfiles

essential

If the essential parameter of a container is marked as true, and that container fails or stops for any reason, all other containers that are part of the task are stopped.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-daemoncontainerdefinition.html#cfn-ecs-daemontaskdefinition-daemoncontainerdefinition-essential

firelens_configuration

The FireLens configuration for the container.

This is used to specify and configure a log router for container logs. For more information, see Custom log routing in the Amazon Elastic Container Service Developer Guide.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-daemoncontainerdefinition.html#cfn-ecs-daemontaskdefinition-daemoncontainerdefinition-firelensconfiguration

health_check

An object representing a container health check.

Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image (such as those specified in a parent image or from the image’s Dockerfile). This configuration maps to the HEALTHCHECK parameter of docker run. The Amazon ECS container agent only monitors and reports on the health checks specified in the task definition. Amazon ECS does not monitor Docker health checks that are embedded in a container image and not specified in the container definition. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image. You can view the health status of both individual containers and a task with the DescribeTasks API operation or when viewing the task details in the console. The health check is designed to make sure that your containers survive agent restarts, upgrades, or temporary unavailability. Amazon ECS performs health checks on containers with the default that launched the container instance or the task. The following describes the possible healthStatus values for a container:

HEALTHY-The container health check has passed successfully.
UNHEALTHY-The container health check has failed.
UNKNOWN-The container health check is being evaluated, there’s no container health check defined, or Amazon ECS doesn’t have the health status of the container.

The following describes the possible healthStatus values based on the container health checker status of essential containers in the task with the following priority order (high to low):

UNHEALTHY-One or more essential containers have failed their health check.
UNKNOWN-Any essential container running within the task is in an UNKNOWN state and no other essential containers have an UNHEALTHY state.
HEALTHY-All essential containers within the task have passed their health checks.

Consider the following task health example with 2 containers.

If Container1 is UNHEALTHY and Container2 is UNKNOWN, the task health is UNHEALTHY.
If Container1 is UNHEALTHY and Container2 is HEALTHY, the task health is UNHEALTHY.
If Container1 is HEALTHY and Container2 is UNKNOWN, the task health is UNKNOWN.
If Container1 is HEALTHY and Container2 is HEALTHY, the task health is HEALTHY.

Consider the following task health example with 3 containers.

If Container1 is UNHEALTHY and Container2 is UNKNOWN, and Container3 is UNKNOWN, the task health is UNHEALTHY.
If Container1 is UNHEALTHY and Container2 is UNKNOWN, and Container3 is HEALTHY, the task health is UNHEALTHY.
If Container1 is UNHEALTHY and Container2 is HEALTHY, and Container3 is HEALTHY, the task health is UNHEALTHY.
If Container1 is HEALTHY and Container2 is UNKNOWN, and Container3 is HEALTHY, the task health is UNKNOWN.
If Container1 is HEALTHY and Container2 is UNKNOWN, and Container3 is UNKNOWN, the task health is UNKNOWN.
If Container1 is HEALTHY and Container2 is HEALTHY, and Container3 is HEALTHY, the task health is HEALTHY.

If a task is run manually, and not as part of a service, the task will continue its lifecycle regardless of its health status. For tasks that are part of a service, if the task reports as unhealthy then the task will be stopped and the service scheduler will replace it. When a container health check fails for a task that is part of a service, the following process occurs:

The task is marked as UNHEALTHY.
The unhealthy task will be stopped, and during the stopping process, it will go through the following states:

DEACTIVATING - In this state, Amazon ECS performs additional steps before stopping the task. For example, for tasks that are part of services configured to use Elastic Load Balancing target groups, target groups will be deregistered in this state.
STOPPING - The task is in the process of being stopped.
DEPROVISIONING - Resources associated with the task are being cleaned up.
STOPPED - The task has been completely stopped.

After the old task stops, a new task will be launched to ensure service operation, and the new task will go through the following lifecycle:

PROVISIONING - Resources required for the task are being provisioned.
PENDING - The task is waiting to be placed on a container instance.
ACTIVATING - In this state, Amazon ECS pulls container images, creates containers, configures task networking, registers load balancer target groups, and configures service discovery status.
RUNNING - The task is running and performing its work.

For more detailed information about task lifecycle states, see Task lifecycle in the Amazon Elastic Container Service Developer Guide. The following are notes about container health check support:

If the Amazon ECS container agent becomes disconnected from the Amazon ECS service, this won’t cause a container to transition to an UNHEALTHY status. This is by design, to ensure that containers remain running during agent restarts or temporary unavailability. The health check status is the “last heard from” response from the Amazon ECS agent, so if the container was considered HEALTHY prior to the disconnect, that status will remain until the agent reconnects and another health check occurs. There are no assumptions made about the status of the container health checks.
Container health checks require version 1.17.0 or greater of the Amazon ECS container agent. For more information, see Updating the Amazon ECS container agent.
Container health checks are supported for Fargate tasks if you’re using platform version 1.1.0 or greater. For more information, see platform versions.
Container health checks aren’t supported for tasks that are part of a service that’s configured to use a Classic Load Balancer.

For an example of how to specify a task definition with multiple containers where container dependency is specified, see Container dependency in the Amazon Elastic Container Service Developer Guide.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-daemoncontainerdefinition.html#cfn-ecs-daemontaskdefinition-daemoncontainerdefinition-healthcheck

image

The image used to start the container.

This string is passed directly to the Docker daemon. Images in the Docker Hub registry are available by default. Other repositories are specified with either repository-url/image:tag or repository-url/image@digest.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-daemoncontainerdefinition.html#cfn-ecs-daemontaskdefinition-daemoncontainerdefinition-image

interactive

When this parameter is true, you can deploy containerized applications that require stdin or a tty to be allocated.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-daemoncontainerdefinition.html#cfn-ecs-daemontaskdefinition-daemoncontainerdefinition-interactive

linux_parameters

The Linux-specific options that are applied to the container, such as Linux KernelCapabilities.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-daemoncontainerdefinition.html#cfn-ecs-daemontaskdefinition-daemoncontainerdefinition-linuxparameters

log_configuration

The log configuration for the container.

This parameter maps to LogConfig in the docker container create command and the --log-driver option to docker run. By default, containers use the same logging driver that the Docker daemon uses. However, the container might use a different logging driver than the Docker daemon by specifying a log driver configuration in the container definition. Understand the following when specifying a log configuration for your containers.

Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon. Additional log drivers may be available in future releases of the Amazon ECS container agent. For tasks on FARGATElong, the supported log drivers are awslogs, splunk, and awsfirelens. For tasks hosted on Amazon EC2 instances, the supported log drivers are awslogs, fluentd, gelf, json-file, journald,``syslog``, splunk, and awsfirelens.
This parameter requires version 1.18 of the Docker Remote API or greater on your container instance.
For tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must register the available logging drivers with the ECS_AVAILABLE_LOGGING_DRIVERS environment variable before containers placed on that instance can use these log configuration options. For more information, see Amazon ECS container agent configuration in the Amazon Elastic Container Service Developer Guide.
For tasks that are on FARGATElong, because you don’t have access to the underlying infrastructure your tasks are hosted on, any additional software needed must be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-daemoncontainerdefinition.html#cfn-ecs-daemontaskdefinition-daemoncontainerdefinition-logconfiguration

memory

The amount (in MiB) of memory to present to the container.

If the container attempts to exceed the memory specified here, the container is killed.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-daemoncontainerdefinition.html#cfn-ecs-daemontaskdefinition-daemoncontainerdefinition-memory

memory_reservation

The soft limit (in MiB) of memory to reserve for the container.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-daemoncontainerdefinition.html#cfn-ecs-daemontaskdefinition-daemoncontainerdefinition-memoryreservation

mount_points

The mount points for data volumes in your container.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-daemoncontainerdefinition.html#cfn-ecs-daemontaskdefinition-daemoncontainerdefinition-mountpoints

name

The name of the container.

Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-daemoncontainerdefinition.html#cfn-ecs-daemontaskdefinition-daemoncontainerdefinition-name

privileged

When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user).

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-daemoncontainerdefinition.html#cfn-ecs-daemontaskdefinition-daemoncontainerdefinition-privileged

pseudo_terminal

When this parameter is true, a TTY is allocated.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-daemoncontainerdefinition.html#cfn-ecs-daemontaskdefinition-daemoncontainerdefinition-pseudoterminal

readonly_root_filesystem

When this parameter is true, the container is given read-only access to its root file system.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-daemoncontainerdefinition.html#cfn-ecs-daemontaskdefinition-daemoncontainerdefinition-readonlyrootfilesystem

repository_credentials

The repository credentials for private registry authentication.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-daemoncontainerdefinition.html#cfn-ecs-daemontaskdefinition-daemoncontainerdefinition-repositorycredentials

restart_policy

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-daemoncontainerdefinition.html#cfn-ecs-daemontaskdefinition-daemoncontainerdefinition-restartpolicy

Type:: see

secrets

The secrets to pass to the container.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-daemoncontainerdefinition.html#cfn-ecs-daemontaskdefinition-daemoncontainerdefinition-secrets

start_timeout

Time duration (in seconds) to wait before giving up on resolving dependencies for a container.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-daemoncontainerdefinition.html#cfn-ecs-daemontaskdefinition-daemoncontainerdefinition-starttimeout

stop_timeout

Time duration (in seconds) to wait before the container is forcefully killed if it doesn’t exit normally on its own.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-daemoncontainerdefinition.html#cfn-ecs-daemontaskdefinition-daemoncontainerdefinition-stoptimeout

system_controls

A list of namespaced kernel parameters to set in the container.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-daemoncontainerdefinition.html#cfn-ecs-daemontaskdefinition-daemoncontainerdefinition-systemcontrols

ulimits

A list of ulimits to set in the container.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-daemoncontainerdefinition.html#cfn-ecs-daemontaskdefinition-daemoncontainerdefinition-ulimits

user

The user to use inside the container.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-daemoncontainerdefinition.html#cfn-ecs-daemontaskdefinition-daemoncontainerdefinition-user

working_directory

The working directory to run commands inside the container in.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-daemoncontainerdefinition.html#cfn-ecs-daemontaskdefinition-daemoncontainerdefinition-workingdirectory

DeviceProperty

class CfnDaemonTaskDefinition.DeviceProperty(*, container_path=None, host_path=None, permissions=None)

Bases: object

An object representing a container instance host device.

Parameters:

container_path (Optional[str]) – The path inside the container at which to expose the host device.
host_path (Optional[str]) – The path for the device on the host container instance.
permissions (Optional[Sequence[str]]) – The explicit permissions to provide to the container for the device. By default, the container has permissions for read, write, and mknod for the device.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-device.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_ecs as ecs

device_property = ecs.CfnDaemonTaskDefinition.DeviceProperty(
    container_path="containerPath",
    host_path="hostPath",
    permissions=["permissions"]
)

Attributes

container_path

The path inside the container at which to expose the host device.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-device.html#cfn-ecs-daemontaskdefinition-device-containerpath

host_path

The path for the device on the host container instance.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-device.html#cfn-ecs-daemontaskdefinition-device-hostpath

permissions

The explicit permissions to provide to the container for the device.

By default, the container has permissions for read, write, and mknod for the device.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-device.html#cfn-ecs-daemontaskdefinition-device-permissions

EnvironmentFileProperty

class CfnDaemonTaskDefinition.EnvironmentFileProperty(*, type=None, value=None)

Bases: object

A list of files containing the environment variables to pass to a container.

You can specify up to ten environment files. The file must have a .env file extension. Each line in an environment file should contain an environment variable in VARIABLE=VALUE format. Lines beginning with # are treated as comments and are ignored. If there are environment variables specified using the environment parameter in a container definition, they take precedence over the variables contained within an environment file. If multiple environment files are specified that contain the same variable, they’re processed from the top down. We recommend that you use unique variable names. For more information, see Use a file to pass environment variables to a container in the Amazon Elastic Container Service Developer Guide. Environment variable files are objects in Amazon S3 and all Amazon S3 security considerations apply. You must use the following platforms for the Fargate launch type:

Linux platform version 1.4.0 or later.
Windows platform version 1.0.0 or later.

Consider the following when using the Fargate launch type:

The file is handled like a native Docker env-file.
There is no support for shell escape handling.
The container entry point interperts the VARIABLE values.

Parameters:

type (Optional[str]) – The file type to use. Environment files are objects in Amazon S3. The only supported value is s3.
value (Optional[str]) – The Amazon Resource Name (ARN) of the Amazon S3 object containing the environment variable file.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-environmentfile.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_ecs as ecs

environment_file_property = ecs.CfnDaemonTaskDefinition.EnvironmentFileProperty(
    type="type",
    value="value"
)

Attributes

type

The file type to use.

Environment files are objects in Amazon S3. The only supported value is s3.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-environmentfile.html#cfn-ecs-daemontaskdefinition-environmentfile-type

value

The Amazon Resource Name (ARN) of the Amazon S3 object containing the environment variable file.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-environmentfile.html#cfn-ecs-daemontaskdefinition-environmentfile-value

FirelensConfigurationProperty

class CfnDaemonTaskDefinition.FirelensConfigurationProperty(*, options=None, type=None)

Bases: object

The FireLens configuration for the container.

This is used to specify and configure a log router for container logs. For more information, see Custom log routing in the Amazon Elastic Container Service Developer Guide.

Parameters:

options (Union[Mapping[str, str], IResolvable, None]) – The options to use when configuring the log router. This field is optional and can be used to specify a custom configuration file or to add additional metadata, such as the task, task definition, cluster, and container instance details to the log event. If specified, the syntax to use is "options":{"enable-ecs-log-metadata":"true|false","config-file-type:"s3|file","config-file-value":"arn:aws:s3:::mybucket/fluent.conf|filepath"}. For more information, see Creating a task definition that uses a FireLens configuration in the Amazon Elastic Container Service Developer Guide. Tasks hosted on FARGATElong only support the file configuration file type.
type (Optional[str]) – The log router to use. The valid values are fluentd or fluentbit.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-firelensconfiguration.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_ecs as ecs

firelens_configuration_property = ecs.CfnDaemonTaskDefinition.FirelensConfigurationProperty(
    options={
        "options_key": "options"
    },
    type="type"
)

Attributes

options

The options to use when configuring the log router.

This field is optional and can be used to specify a custom configuration file or to add additional metadata, such as the task, task definition, cluster, and container instance details to the log event. If specified, the syntax to use is "options":{"enable-ecs-log-metadata":"true|false","config-file-type:"s3|file","config-file-value":"arn:aws:s3:::mybucket/fluent.conf|filepath"}. For more information, see Creating a task definition that uses a FireLens configuration in the Amazon Elastic Container Service Developer Guide. Tasks hosted on FARGATElong only support the file configuration file type.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-firelensconfiguration.html#cfn-ecs-daemontaskdefinition-firelensconfiguration-options

type

The log router to use.

The valid values are fluentd or fluentbit.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-firelensconfiguration.html#cfn-ecs-daemontaskdefinition-firelensconfiguration-type

HealthCheckProperty

class CfnDaemonTaskDefinition.HealthCheckProperty(*, command=None, interval=None, retries=None, start_period=None, timeout=None)

Bases: object

An object representing a container health check.

Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image (such as those specified in a parent image or from the image’s Dockerfile). This configuration maps to the HEALTHCHECK parameter of docker run. The Amazon ECS container agent only monitors and reports on the health checks specified in the task definition. Amazon ECS does not monitor Docker health checks that are embedded in a container image and not specified in the container definition. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image. You can view the health status of both individual containers and a task with the DescribeTasks API operation or when viewing the task details in the console. The health check is designed to make sure that your containers survive agent restarts, upgrades, or temporary unavailability. Amazon ECS performs health checks on containers with the default that launched the container instance or the task. The following describes the possible healthStatus values for a container:

HEALTHY-The container health check has passed successfully.
UNHEALTHY-The container health check has failed.
UNKNOWN-The container health check is being evaluated, there’s no container health check defined, or Amazon ECS doesn’t have the health status of the container.

The following describes the possible healthStatus values based on the container health checker status of essential containers in the task with the following priority order (high to low):

UNHEALTHY-One or more essential containers have failed their health check.
UNKNOWN-Any essential container running within the task is in an UNKNOWN state and no other essential containers have an UNHEALTHY state.
HEALTHY-All essential containers within the task have passed their health checks.

Consider the following task health example with 2 containers.

If Container1 is UNHEALTHY and Container2 is UNKNOWN, the task health is UNHEALTHY.
If Container1 is UNHEALTHY and Container2 is HEALTHY, the task health is UNHEALTHY.
If Container1 is HEALTHY and Container2 is UNKNOWN, the task health is UNKNOWN.
If Container1 is HEALTHY and Container2 is HEALTHY, the task health is HEALTHY.

Consider the following task health example with 3 containers.

If Container1 is UNHEALTHY and Container2 is UNKNOWN, and Container3 is UNKNOWN, the task health is UNHEALTHY.
If Container1 is UNHEALTHY and Container2 is UNKNOWN, and Container3 is HEALTHY, the task health is UNHEALTHY.
If Container1 is UNHEALTHY and Container2 is HEALTHY, and Container3 is HEALTHY, the task health is UNHEALTHY.
If Container1 is HEALTHY and Container2 is UNKNOWN, and Container3 is HEALTHY, the task health is UNKNOWN.
If Container1 is HEALTHY and Container2 is UNKNOWN, and Container3 is UNKNOWN, the task health is UNKNOWN.
If Container1 is HEALTHY and Container2 is HEALTHY, and Container3 is HEALTHY, the task health is HEALTHY.

If a task is run manually, and not as part of a service, the task will continue its lifecycle regardless of its health status. For tasks that are part of a service, if the task reports as unhealthy then the task will be stopped and the service scheduler will replace it. When a container health check fails for a task that is part of a service, the following process occurs:

The task is marked as UNHEALTHY.
The unhealthy task will be stopped, and during the stopping process, it will go through the following states:

DEACTIVATING - In this state, Amazon ECS performs additional steps before stopping the task. For example, for tasks that are part of services configured to use Elastic Load Balancing target groups, target groups will be deregistered in this state.
STOPPING - The task is in the process of being stopped.
DEPROVISIONING - Resources associated with the task are being cleaned up.
STOPPED - The task has been completely stopped.

After the old task stops, a new task will be launched to ensure service operation, and the new task will go through the following lifecycle:

PROVISIONING - Resources required for the task are being provisioned.
PENDING - The task is waiting to be placed on a container instance.
ACTIVATING - In this state, Amazon ECS pulls container images, creates containers, configures task networking, registers load balancer target groups, and configures service discovery status.
RUNNING - The task is running and performing its work.

For more detailed information about task lifecycle states, see Task lifecycle in the Amazon Elastic Container Service Developer Guide. The following are notes about container health check support:

If the Amazon ECS container agent becomes disconnected from the Amazon ECS service, this won’t cause a container to transition to an UNHEALTHY status. This is by design, to ensure that containers remain running during agent restarts or temporary unavailability. The health check status is the “last heard from” response from the Amazon ECS agent, so if the container was considered HEALTHY prior to the disconnect, that status will remain until the agent reconnects and another health check occurs. There are no assumptions made about the status of the container health checks.
Container health checks require version 1.17.0 or greater of the Amazon ECS container agent. For more information, see Updating the Amazon ECS container agent.
Container health checks are supported for Fargate tasks if you’re using platform version 1.1.0 or greater. For more information, see platform versions.
Container health checks aren’t supported for tasks that are part of a service that’s configured to use a Classic Load Balancer.

For an example of how to specify a task definition with multiple containers where container dependency is specified, see Container dependency in the Amazon Elastic Container Service Developer Guide.

Parameters:

command (Optional[Sequence[str]]) – A string array representing the command that the container runs to determine if it is healthy. The string array must start with CMD to run the command arguments directly, or CMD-SHELL to run the command with the container’s default shell. When you use the AWS Management Console JSON panel, the CLIlong, or the APIs, enclose the list of commands in double quotes and brackets. [ "CMD-SHELL", "curl -f http://localhost/ || exit 1" ] You don’t include the double quotes and brackets when you use the AWS Management Console. CMD-SHELL, curl -f http://localhost/ || exit 1 An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see HealthCheck in the docker container create command.
interval (Union[int, float, None]) – The time period in seconds between each health check execution. You may specify between 5 and 300 seconds. The default value is 30 seconds. This value applies only when you specify a command.
retries (Union[int, float, None]) – The number of times to retry a failed health check before the container is considered unhealthy. You may specify between 1 and 10 retries. The default value is 3. This value applies only when you specify a command.
start_period (Union[int, float, None]) – The optional grace period to provide containers time to bootstrap before failed health checks count towards the maximum number of retries. You can specify between 0 and 300 seconds. By default, the startPeriod is off. This value applies only when you specify a command. If a health check succeeds within the startPeriod, then the container is considered healthy and any subsequent failures count toward the maximum number of retries.
timeout (Union[int, float, None]) – The time period in seconds to wait for a health check to succeed before it is considered a failure. You may specify between 2 and 60 seconds. The default value is 5. This value applies only when you specify a command.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-healthcheck.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_ecs as ecs

health_check_property = ecs.CfnDaemonTaskDefinition.HealthCheckProperty(
    command=["command"],
    interval=123,
    retries=123,
    start_period=123,
    timeout=123
)

Attributes

command

A string array representing the command that the container runs to determine if it is healthy.

The string array must start with CMD to run the command arguments directly, or CMD-SHELL to run the command with the container’s default shell. When you use the AWS Management Console JSON panel, the CLIlong, or the APIs, enclose the list of commands in double quotes and brackets. [ "CMD-SHELL", "curl -f http://localhost/ || exit 1" ] You don’t include the double quotes and brackets when you use the AWS Management Console. CMD-SHELL, curl -f http://localhost/ || exit 1 An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see HealthCheck in the docker container create command.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-healthcheck.html#cfn-ecs-daemontaskdefinition-healthcheck-command

interval

The time period in seconds between each health check execution.

You may specify between 5 and 300 seconds. The default value is 30 seconds. This value applies only when you specify a command.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-healthcheck.html#cfn-ecs-daemontaskdefinition-healthcheck-interval

retries

The number of times to retry a failed health check before the container is considered unhealthy.

You may specify between 1 and 10 retries. The default value is 3. This value applies only when you specify a command.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-healthcheck.html#cfn-ecs-daemontaskdefinition-healthcheck-retries

start_period

The optional grace period to provide containers time to bootstrap before failed health checks count towards the maximum number of retries.

You can specify between 0 and 300 seconds. By default, the startPeriod is off. This value applies only when you specify a command. If a health check succeeds within the startPeriod, then the container is considered healthy and any subsequent failures count toward the maximum number of retries.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-healthcheck.html#cfn-ecs-daemontaskdefinition-healthcheck-startperiod

timeout

The time period in seconds to wait for a health check to succeed before it is considered a failure.

You may specify between 2 and 60 seconds. The default value is 5. This value applies only when you specify a command.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-healthcheck.html#cfn-ecs-daemontaskdefinition-healthcheck-timeout

HostVolumePropertiesProperty

class CfnDaemonTaskDefinition.HostVolumePropertiesProperty(*, source_path=None)

Bases: object

Details on a container instance bind mount host volume.

Parameters:: source_path (Optional[str]) – When the host parameter is used, specify a sourcePath to declare the path on the host container instance that’s presented to the container. If this parameter is empty, then the Docker daemon has assigned a host path for you. If the host parameter contains a sourcePath file location, then the data volume persists at the specified location on the host container instance until you delete it manually. If the sourcePath value doesn’t exist on the host container instance, the Docker daemon creates it. If the location does exist, the contents of the source path folder are exported. If you’re using the Fargate launch type, the sourcePath parameter is not supported.
See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-hostvolumeproperties.html
ExampleMetadata:: fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_ecs as ecs

host_volume_properties_property = ecs.CfnDaemonTaskDefinition.HostVolumePropertiesProperty(
    source_path="sourcePath"
)

Attributes

source_path

When the host parameter is used, specify a sourcePath to declare the path on the host container instance that’s presented to the container.

If this parameter is empty, then the Docker daemon has assigned a host path for you. If the host parameter contains a sourcePath file location, then the data volume persists at the specified location on the host container instance until you delete it manually. If the sourcePath value doesn’t exist on the host container instance, the Docker daemon creates it. If the location does exist, the contents of the source path folder are exported. If you’re using the Fargate launch type, the sourcePath parameter is not supported.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-hostvolumeproperties.html#cfn-ecs-daemontaskdefinition-hostvolumeproperties-sourcepath

KernelCapabilitiesProperty

class CfnDaemonTaskDefinition.KernelCapabilitiesProperty(*, add=None, drop=None)

Bases: object

The Linux capabilities to add or remove from the default Docker configuration for a container defined in the task definition.

For more detailed information about these Linux capabilities, see the capabilities(7) Linux manual page. The following describes how Docker processes the Linux capabilities specified in the add and drop request parameters. For information about the latest behavior, see Docker Compose: order of cap_drop and cap_add in the Docker Community Forum.

When the container is a privleged container, the container capabilities are all of the default Docker capabilities. The capabilities specified in the add request parameter, and the drop request parameter are ignored.
When the add request parameter is set to ALL, the container capabilities are all of the default Docker capabilities, excluding those specified in the drop request parameter.
When the drop request parameter is set to ALL, the container capabilities are the capabilities specified in the add request parameter.
When the add request parameter and the drop request parameter are both empty, the capabilities the container capabilities are all of the default Docker capabilities.
The default is to first drop the capabilities specified in the drop request parameter, and then add the capabilities specified in the add request parameter.

Parameters:

add (Optional[Sequence[str]]) – The Linux capabilities for the container that have been added to the default configuration provided by Docker. This parameter maps to CapAdd in the docker container create command and the --cap-add option to docker run. Tasks launched on FARGATElong only support adding the SYS_PTRACE kernel capability. Valid values: "ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" | "FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" | "LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" | "NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" | "SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" | "SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT" | "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" | "SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"
drop (Optional[Sequence[str]]) – The Linux capabilities for the container that have been removed from the default configuration provided by Docker. This parameter maps to CapDrop in the docker container create command and the --cap-drop option to docker run. Valid values: "ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" | "FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" | "LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" | "NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" | "SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" | "SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT" | "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" | "SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-kernelcapabilities.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_ecs as ecs

kernel_capabilities_property = ecs.CfnDaemonTaskDefinition.KernelCapabilitiesProperty(
    add=["add"],
    drop=["drop"]
)

Attributes

add

The Linux capabilities for the container that have been added to the default configuration provided by Docker.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-kernelcapabilities.html#cfn-ecs-daemontaskdefinition-kernelcapabilities-add

drop

The Linux capabilities for the container that have been removed from the default configuration provided by Docker.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-kernelcapabilities.html#cfn-ecs-daemontaskdefinition-kernelcapabilities-drop

KeyValuePairProperty

class CfnDaemonTaskDefinition.KeyValuePairProperty(*, name=None, value=None)

Bases: object

A key-value pair object.

Parameters:

name (Optional[str]) – The name of the key-value pair. For environment variables, this is the name of the environment variable.
value (Optional[str]) – The value of the key-value pair. For environment variables, this is the value of the environment variable.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-keyvaluepair.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_ecs as ecs

key_value_pair_property = ecs.CfnDaemonTaskDefinition.KeyValuePairProperty(
    name="name",
    value="value"
)

Attributes

name

The name of the key-value pair.

For environment variables, this is the name of the environment variable.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-keyvaluepair.html#cfn-ecs-daemontaskdefinition-keyvaluepair-name

value

The value of the key-value pair.

For environment variables, this is the value of the environment variable.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-keyvaluepair.html#cfn-ecs-daemontaskdefinition-keyvaluepair-value

LinuxParametersProperty

class CfnDaemonTaskDefinition.LinuxParametersProperty(*, capabilities=None, devices=None, init_process_enabled=None, tmpfs=None)

Bases: object

The Linux-specific options that are applied to the container, such as Linux KernelCapabilities.

Parameters:

capabilities (Union[IResolvable, KernelCapabilitiesProperty, Dict[str, Any], None]) –
The Linux capabilities to add or remove from the default Docker configuration for a container defined in the task definition. For more detailed information about these Linux capabilities, see the capabilities(7) Linux manual page. The following describes how Docker processes the Linux capabilities specified in the add and drop request parameters. For information about the latest behavior, see Docker Compose: order of cap_drop and cap_add in the Docker Community Forum. - When the container is a privleged container, the container capabilities are all of the default Docker capabilities. The capabilities specified in the add request parameter, and the drop request parameter are ignored. - When the add request parameter is set to ALL, the container capabilities are all of the default Docker capabilities, excluding those specified in the drop request parameter. - When the drop request parameter is set to ALL, the container capabilities are the capabilities specified in the add request parameter. - When the add request parameter and the drop request parameter are both empty, the capabilities the container capabilities are all of the default Docker capabilities. - The default is to first drop the capabilities specified in the drop request parameter, and then add the capabilities specified in the add request parameter.
devices (Union[IResolvable, Sequence[Union[IResolvable, DeviceProperty, Dict[str, Any]]], None]) – Any host devices to expose to the container. This parameter maps to Devices in the docker container create command and the --device option to docker run. If you’re using tasks that use the Fargate launch type, the devices parameter isn’t supported.
init_process_enabled (Union[bool, IResolvable, None]) – Run an init process inside the container that forwards signals and reaps processes. This parameter maps to the --init option to docker run. This parameter requires version 1.25 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'
tmpfs (Union[IResolvable, Sequence[Union[IResolvable, TmpfsProperty, Dict[str, Any]]], None]) – The container path, mount options, and size (in MiB) of the tmpfs mount. This parameter maps to the --tmpfs option to docker run. If you’re using tasks that use the Fargate launch type, the tmpfs parameter isn’t supported.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-linuxparameters.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_ecs as ecs

linux_parameters_property = ecs.CfnDaemonTaskDefinition.LinuxParametersProperty(
    capabilities=ecs.CfnDaemonTaskDefinition.KernelCapabilitiesProperty(
        add=["add"],
        drop=["drop"]
    ),
    devices=[ecs.CfnDaemonTaskDefinition.DeviceProperty(
        container_path="containerPath",
        host_path="hostPath",
        permissions=["permissions"]
    )],
    init_process_enabled=False,
    tmpfs=[ecs.CfnDaemonTaskDefinition.TmpfsProperty(
        size=123,

        # the properties below are optional
        container_path="containerPath",
        mount_options=["mountOptions"]
    )]
)

Attributes

capabilities

The Linux capabilities to add or remove from the default Docker configuration for a container defined in the task definition.

For more detailed information about these Linux capabilities, see the capabilities(7) Linux manual page. The following describes how Docker processes the Linux capabilities specified in the add and drop request parameters. For information about the latest behavior, see Docker Compose: order of cap_drop and cap_add in the Docker Community Forum.

When the container is a privleged container, the container capabilities are all of the default Docker capabilities. The capabilities specified in the add request parameter, and the drop request parameter are ignored.
When the add request parameter is set to ALL, the container capabilities are all of the default Docker capabilities, excluding those specified in the drop request parameter.
When the drop request parameter is set to ALL, the container capabilities are the capabilities specified in the add request parameter.
When the add request parameter and the drop request parameter are both empty, the capabilities the container capabilities are all of the default Docker capabilities.
The default is to first drop the capabilities specified in the drop request parameter, and then add the capabilities specified in the add request parameter.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-linuxparameters.html#cfn-ecs-daemontaskdefinition-linuxparameters-capabilities

devices

Any host devices to expose to the container.

This parameter maps to Devices in the docker container create command and the --device option to docker run. If you’re using tasks that use the Fargate launch type, the devices parameter isn’t supported.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-linuxparameters.html#cfn-ecs-daemontaskdefinition-linuxparameters-devices

init_process_enabled

Run an init process inside the container that forwards signals and reaps processes.

This parameter maps to the --init option to docker run. This parameter requires version 1.25 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-linuxparameters.html#cfn-ecs-daemontaskdefinition-linuxparameters-initprocessenabled

tmpfs

The container path, mount options, and size (in MiB) of the tmpfs mount.

This parameter maps to the --tmpfs option to docker run. If you’re using tasks that use the Fargate launch type, the tmpfs parameter isn’t supported.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-linuxparameters.html#cfn-ecs-daemontaskdefinition-linuxparameters-tmpfs

LogConfigurationProperty

class CfnDaemonTaskDefinition.LogConfigurationProperty(*, log_driver, options=None, secret_options=None)

Bases: object

The log configuration for the container.

This parameter maps to LogConfig in the docker container create command and the --log-driver option to docker run. By default, containers use the same logging driver that the Docker daemon uses. However, the container might use a different logging driver than the Docker daemon by specifying a log driver configuration in the container definition. Understand the following when specifying a log configuration for your containers.

Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon. Additional log drivers may be available in future releases of the Amazon ECS container agent. For tasks on FARGATElong, the supported log drivers are awslogs, splunk, and awsfirelens. For tasks hosted on Amazon EC2 instances, the supported log drivers are awslogs, fluentd, gelf, json-file, journald,``syslog``, splunk, and awsfirelens.
This parameter requires version 1.18 of the Docker Remote API or greater on your container instance.
For tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must register the available logging drivers with the ECS_AVAILABLE_LOGGING_DRIVERS environment variable before containers placed on that instance can use these log configuration options. For more information, see Amazon ECS container agent configuration in the Amazon Elastic Container Service Developer Guide.
For tasks that are on FARGATElong, because you don’t have access to the underlying infrastructure your tasks are hosted on, any additional software needed must be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to.

Parameters:

log_driver (str) – The log driver to use for the container. For tasks on FARGATElong, the supported log drivers are awslogs, splunk, and awsfirelens. For tasks hosted on Amazon EC2 instances, the supported log drivers are awslogs, fluentd, gelf, json-file, journald, syslog, splunk, and awsfirelens. For more information about using the awslogs log driver, see Send Amazon ECS logs to CloudWatch in the Amazon Elastic Container Service Developer Guide. For more information about using the awsfirelens log driver, see Send Amazon ECS logs to an service or Partner. If you have a custom driver that isn’t listed, you can fork the Amazon ECS container agent project that’s available on GitHub and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don’t currently provide support for running modified copies of this software.
options (Union[Mapping[str, str], IResolvable, None]) – The configuration options to send to the log driver. The options you can specify depend on the log driver. Some of the options you can specify when you use the awslogs log driver to route logs to Amazon CloudWatch include the following: - awslogs-create-group Required: No Specify whether you want the log group to be created automatically. If this option isn’t specified, it defaults to false. Your IAM policy must include the logs:CreateLogGroup permission before you attempt to use awslogs-create-group. + awslogs-region Required: Yes Specify the Region that the awslogs log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they’re all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. + awslogs-group Required: Yes Make sure to specify a log group that the awslogs log driver sends its log streams to. + awslogs-stream-prefix Required: Yes, when using Fargate.Optional when using EC2. Use the awslogs-stream-prefix option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format prefix-name/container-name/ecs-task-id. If you don’t specify a prefix with this option, then the log stream is named after the container ID that’s assigned by the Docker daemon on the container instance. Because it’s difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. + awslogs-datetime-format Required: No This option defines a multiline start pattern in Python strftime format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see awslogs-datetime-format. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + awslogs-multiline-pattern Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see awslogs-multiline-pattern. This option is ignored if awslogs-datetime-format is also configured. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. The following options apply to all supported log drivers. - mode Required: No Valid values: non-blocking | blocking This option defines the delivery mode of log messages from the container to the log driver specified using logDriver. The delivery mode you choose affects application availability when the flow of logs from container is interrupted. If you use the blocking mode and the flow of logs is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the non-blocking mode, the container’s logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver. You can set a default mode for all containers in a specific Region by using the defaultLogDriverMode account setting. If you don’t specify the mode option or configure the account setting, Amazon ECS will default to the non-blocking mode. For more information about the account setting, see Default log driver mode in the Amazon Elastic Container Service Developer Guide. On June 25, 2025, Amazon ECS changed the default log driver mode from blocking to non-blocking to prioritize task availability over logging. To continue using the blocking mode after this change, do one of the following: Set the mode option in your container definition’s logConfiguration as blocking. Set the defaultLogDriverMode account setting to blocking. + max-buffer-size Required: No Default value: 10m When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that’s used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. To route logs using the splunk log router, you need to specify a splunk-token and a splunk-url. When you use the awsfirelens log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the log-driver-buffer-limit option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker. Other options you can specify when using awsfirelens to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with region and a name for the log stream with delivery_stream. When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with region and a data stream name with stream. When you export logs to Amazon OpenSearch Service, you can specify options like Name, Host (OpenSearch Service endpoint without protocol), Port, Index, Type, Aws_auth, Aws_region, Suppress_Type_Name, and tls. For more information, see Under the hood: FireLens for Amazon ECS Tasks. When you export logs to Amazon S3, you can specify the bucket using the bucket option. You can also specify region, total_file_size, upload_timeout, and use_put_object as options. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'
secret_options (Union[IResolvable, Sequence[Union[IResolvable, SecretProperty, Dict[str, Any]]], None]) – The secrets to pass to the log configuration. For more information, see Specifying sensitive data in the Amazon Elastic Container Service Developer Guide.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-logconfiguration.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_ecs as ecs

log_configuration_property = ecs.CfnDaemonTaskDefinition.LogConfigurationProperty(
    log_driver="logDriver",

    # the properties below are optional
    options={
        "options_key": "options"
    },
    secret_options=[ecs.CfnDaemonTaskDefinition.SecretProperty(
        name="name",
        value_from="valueFrom"
    )]
)

Attributes

log_driver

The log driver to use for the container.

For tasks on FARGATElong, the supported log drivers are awslogs, splunk, and awsfirelens. For tasks hosted on Amazon EC2 instances, the supported log drivers are awslogs, fluentd, gelf, json-file, journald, syslog, splunk, and awsfirelens. For more information about using the awslogs log driver, see Send Amazon ECS logs to CloudWatch in the Amazon Elastic Container Service Developer Guide. For more information about using the awsfirelens log driver, see Send Amazon ECS logs to an service or Partner. If you have a custom driver that isn’t listed, you can fork the Amazon ECS container agent project that’s available on GitHub and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don’t currently provide support for running modified copies of this software.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-logconfiguration.html#cfn-ecs-daemontaskdefinition-logconfiguration-logdriver

options

The configuration options to send to the log driver.

The options you can specify depend on the log driver. Some of the options you can specify when you use the awslogs log driver to route logs to Amazon CloudWatch include the following:

awslogs-create-group Required: No Specify whether you want the log group to be created automatically. If this option isn’t specified, it defaults to false. Your IAM policy must include the logs:CreateLogGroup permission before you attempt to use awslogs-create-group. + awslogs-region Required: Yes Specify the Region that the awslogs log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they’re all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. + awslogs-group Required: Yes Make sure to specify a log group that the awslogs log driver sends its log streams to. + awslogs-stream-prefix Required: Yes, when using Fargate.Optional when using EC2. Use the awslogs-stream-prefix option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format prefix-name/container-name/ecs-task-id. If you don’t specify a prefix with this option, then the log stream is named after the container ID that’s assigned by the Docker daemon on the container instance. Because it’s difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. + awslogs-datetime-format Required: No This option defines a multiline start pattern in Python strftime format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see awslogs-datetime-format. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + awslogs-multiline-pattern Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see awslogs-multiline-pattern. This option is ignored if awslogs-datetime-format is also configured. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. The following options apply to all supported log drivers.
mode Required: No Valid values: non-blocking | blocking This option defines the delivery mode of log messages from the container to the log driver specified using logDriver. The delivery mode you choose affects application availability when the flow of logs from container is interrupted. If you use the blocking mode and the flow of logs is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the non-blocking mode, the container’s logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver. You can set a default mode for all containers in a specific Region by using the defaultLogDriverMode account setting. If you don’t specify the mode option or configure the account setting, Amazon ECS will default to the non-blocking mode. For more information about the account setting, see Default log driver mode in the Amazon Elastic Container Service Developer Guide. On June 25, 2025, Amazon ECS changed the default log driver mode from blocking to non-blocking to prioritize task availability over logging. To continue using the blocking mode after this change, do one of the following: Set the mode option in your container definition’s logConfiguration as blocking. Set the defaultLogDriverMode account setting to blocking. + max-buffer-size Required: No Default value: 10m When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that’s used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. To route logs using the splunk log router, you need to specify a splunk-token and a splunk-url. When you use the awsfirelens log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the log-driver-buffer-limit option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker. Other options you can specify when using awsfirelens to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with region and a name for the log stream with delivery_stream. When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with region and a data stream name with stream. When you export logs to Amazon OpenSearch Service, you can specify options like Name, Host (OpenSearch Service endpoint without protocol), Port, Index, Type, Aws_auth, Aws_region, Suppress_Type_Name, and tls. For more information, see Under the hood: FireLens for Amazon ECS Tasks. When you export logs to Amazon S3, you can specify the bucket using the bucket option. You can also specify region, total_file_size, upload_timeout, and use_put_object as options. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-logconfiguration.html#cfn-ecs-daemontaskdefinition-logconfiguration-options

secret_options

The secrets to pass to the log configuration.

For more information, see Specifying sensitive data in the Amazon Elastic Container Service Developer Guide.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-logconfiguration.html#cfn-ecs-daemontaskdefinition-logconfiguration-secretoptions

MountPointProperty

class CfnDaemonTaskDefinition.MountPointProperty(*, container_path=None, read_only=None, source_volume=None)

Bases: object

The details for a volume mount point that’s used in a container definition.

Parameters:

container_path (Optional[str]) – The path on the container to mount the host volume at.
read_only (Union[bool, IResolvable, None]) – If this value is true, the container has read-only access to the volume. If this value is false, then the container can write to the volume. The default value is false.
source_volume (Optional[str]) – The name of the volume to mount. Must be a volume name referenced in the name parameter of task definition volume.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-mountpoint.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_ecs as ecs

mount_point_property = ecs.CfnDaemonTaskDefinition.MountPointProperty(
    container_path="containerPath",
    read_only=False,
    source_volume="sourceVolume"
)

Attributes

container_path

The path on the container to mount the host volume at.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-mountpoint.html#cfn-ecs-daemontaskdefinition-mountpoint-containerpath

read_only

If this value is true, the container has read-only access to the volume.

If this value is false, then the container can write to the volume. The default value is false.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-mountpoint.html#cfn-ecs-daemontaskdefinition-mountpoint-readonly

source_volume

The name of the volume to mount.

Must be a volume name referenced in the name parameter of task definition volume.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-mountpoint.html#cfn-ecs-daemontaskdefinition-mountpoint-sourcevolume

RepositoryCredentialsProperty

class CfnDaemonTaskDefinition.RepositoryCredentialsProperty(*, credentials_parameter=None)

Bases: object

The repository credentials for private registry authentication.

Parameters:: credentials_parameter (Optional[str]) – The Amazon Resource Name (ARN) of the secret containing the private repository credentials. When you use the Amazon ECS API, CLI, or AWS SDK, if the secret exists in the same Region as the task that you’re launching then you can use either the full ARN or the name of the secret. When you use the AWS Management Console, you must specify the full ARN of the secret.
See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-repositorycredentials.html
ExampleMetadata:: fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_ecs as ecs

repository_credentials_property = ecs.CfnDaemonTaskDefinition.RepositoryCredentialsProperty(
    credentials_parameter="credentialsParameter"
)

Attributes

credentials_parameter

The Amazon Resource Name (ARN) of the secret containing the private repository credentials.

When you use the Amazon ECS API, CLI, or AWS SDK, if the secret exists in the same Region as the task that you’re launching then you can use either the full ARN or the name of the secret. When you use the AWS Management Console, you must specify the full ARN of the secret.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-repositorycredentials.html#cfn-ecs-daemontaskdefinition-repositorycredentials-credentialsparameter

RestartPolicyProperty

class CfnDaemonTaskDefinition.RestartPolicyProperty(*, enabled=None, ignored_exit_codes=None, restart_attempt_period=None)

Bases: object

Parameters:

enabled (Union[bool, IResolvable, None])
ignored_exit_codes (Union[Sequence[Union[int, float]], IResolvable, None])
restart_attempt_period (Union[int, float, None])

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-restartpolicy.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_ecs as ecs

restart_policy_property = ecs.CfnDaemonTaskDefinition.RestartPolicyProperty(
    enabled=False,
    ignored_exit_codes=[123],
    restart_attempt_period=123
)

Attributes

enabled

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-restartpolicy.html#cfn-ecs-daemontaskdefinition-restartpolicy-enabled

Type:: see

ignored_exit_codes

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-restartpolicy.html#cfn-ecs-daemontaskdefinition-restartpolicy-ignoredexitcodes

Type:: see

restart_attempt_period

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-restartpolicy.html#cfn-ecs-daemontaskdefinition-restartpolicy-restartattemptperiod

Type:: see

SecretProperty

class CfnDaemonTaskDefinition.SecretProperty(*, name, value_from)

Bases: object

An object representing the secret to expose to your container.

Secrets can be exposed to a container in the following ways:

To inject sensitive data into your containers as environment variables, use the secrets container definition parameter.
To reference sensitive information in the log configuration of a container, use the secretOptions container definition parameter.

For more information, see Specifying sensitive data in the Amazon Elastic Container Service Developer Guide.

Parameters:

name (str) – The name of the secret.
value_from (str) –
The secret to expose to the container. The supported values are either the full ARN of the ASMlong secret or the full ARN of the parameter in the SSM Parameter Store. For information about the require IAMlong permissions, see Required IAM permissions for Amazon ECS secrets (for Secrets Manager) or Required IAM permissions for Amazon ECS secrets (for Systems Manager Parameter store) in the Amazon Elastic Container Service Developer Guide. If the SSM Parameter Store parameter exists in the same Region as the task you’re launching, then you can use either the full ARN or name of the parameter. If the parameter exists in a different Region, then the full ARN must be specified.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-secret.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_ecs as ecs

secret_property = ecs.CfnDaemonTaskDefinition.SecretProperty(
    name="name",
    value_from="valueFrom"
)

Attributes

name

The name of the secret.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-secret.html#cfn-ecs-daemontaskdefinition-secret-name

value_from

The secret to expose to the container.

The supported values are either the full ARN of the ASMlong secret or the full ARN of the parameter in the SSM Parameter Store. For information about the require IAMlong permissions, see Required IAM permissions for Amazon ECS secrets (for Secrets Manager) or Required IAM permissions for Amazon ECS secrets (for Systems Manager Parameter store) in the Amazon Elastic Container Service Developer Guide. If the SSM Parameter Store parameter exists in the same Region as the task you’re launching, then you can use either the full ARN or name of the parameter. If the parameter exists in a different Region, then the full ARN must be specified.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-secret.html#cfn-ecs-daemontaskdefinition-secret-valuefrom

SystemControlProperty

class CfnDaemonTaskDefinition.SystemControlProperty(*, namespace=None, value=None)

Bases: object

A list of namespaced kernel parameters to set in the container.

This parameter maps to Sysctls in the docker container create command and the --sysctl option to docker run. For example, you can configure net.ipv4.tcp_keepalive_time setting to maintain longer lived connections. We don’t recommend that you specify network-related systemControls parameters for multiple containers in a single task that also uses either the awsvpc or host network mode. Doing this has the following disadvantages:

For tasks that use the awsvpc network mode including Fargate, if you set systemControls for any container, it applies to all containers in the task. If you set different systemControls for multiple containers in a single task, the container that’s started last determines which systemControls take effect.
For tasks that use the host network mode, the network namespace systemControls aren’t supported.

If you’re setting an IPC resource namespace to use for the containers in the task, the following conditions apply to your system controls. For more information, see IPC mode.

For tasks that use the host IPC mode, IPC namespace systemControls aren’t supported.
For tasks that use the task IPC mode, IPC namespace systemControls values apply to all containers within a task.

This parameter is not supported for Windows containers. This parameter is only supported for tasks that are hosted on FARGATElong if the tasks are using platform version 1.4.0 or later (Linux). This isn’t supported for Windows containers on Fargate.

Parameters:

namespace (Optional[str]) – The namespaced kernel parameter to set a value for.
value (Optional[str]) – The namespaced kernel parameter to set a value for. Valid IPC namespace values: "kernel.msgmax" | "kernel.msgmnb" | "kernel.msgmni" | "kernel.sem" | "kernel.shmall" | "kernel.shmmax" | "kernel.shmmni" | "kernel.shm_rmid_forced", and Sysctls that start with "fs.mqueue.*" Valid network namespace values: Sysctls that start with "net.*". Only namespaced Sysctls that exist within the container starting with “net.* are accepted. All of these values are supported by Fargate.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-systemcontrol.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_ecs as ecs

system_control_property = ecs.CfnDaemonTaskDefinition.SystemControlProperty(
    namespace="namespace",
    value="value"
)

Attributes

namespace

The namespaced kernel parameter to set a value for.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-systemcontrol.html#cfn-ecs-daemontaskdefinition-systemcontrol-namespace

value

The namespaced kernel parameter to set a value for.

Valid IPC namespace values: "kernel.msgmax" | "kernel.msgmnb" | "kernel.msgmni" | "kernel.sem" | "kernel.shmall" | "kernel.shmmax" | "kernel.shmmni" | "kernel.shm_rmid_forced", and Sysctls that start with "fs.mqueue.*" Valid network namespace values: Sysctls that start with "net.*". Only namespaced Sysctls that exist within the container starting with “net.* are accepted. All of these values are supported by Fargate.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-systemcontrol.html#cfn-ecs-daemontaskdefinition-systemcontrol-value

TmpfsProperty

class CfnDaemonTaskDefinition.TmpfsProperty(*, size, container_path=None, mount_options=None)

Bases: object

The container path, mount options, and size of the tmpfs mount.

Parameters:

size (Union[int, float]) – The maximum size (in MiB) of the tmpfs volume.
container_path (Optional[str]) – The absolute file path where the tmpfs volume is to be mounted.
mount_options (Optional[Sequence[str]]) – The list of tmpfs volume mount options. Valid values: "defaults" | "ro" | "rw" | "suid" | "nosuid" | "dev" | "nodev" | "exec" | "noexec" | "sync" | "async" | "dirsync" | "remount" | "mand" | "nomand" | "atime" | "noatime" | "diratime" | "nodiratime" | "bind" | "rbind" | "unbindable" | "runbindable" | "private" | "rprivate" | "shared" | "rshared" | "slave" | "rslave" | "relatime" | "norelatime" | "strictatime" | "nostrictatime" | "mode" | "uid" | "gid" | "nr_inodes" | "nr_blocks" | "mpol"

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-tmpfs.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_ecs as ecs

tmpfs_property = ecs.CfnDaemonTaskDefinition.TmpfsProperty(
    size=123,

    # the properties below are optional
    container_path="containerPath",
    mount_options=["mountOptions"]
)

Attributes

container_path

The absolute file path where the tmpfs volume is to be mounted.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-tmpfs.html#cfn-ecs-daemontaskdefinition-tmpfs-containerpath

mount_options

The list of tmpfs volume mount options.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-tmpfs.html#cfn-ecs-daemontaskdefinition-tmpfs-mountoptions

size

The maximum size (in MiB) of the tmpfs volume.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-tmpfs.html#cfn-ecs-daemontaskdefinition-tmpfs-size

UlimitProperty

class CfnDaemonTaskDefinition.UlimitProperty(*, hard_limit, name, soft_limit)

Bases: object

The ulimit settings to pass to the container.

Amazon ECS tasks hosted on FARGATElong use the default resource limit values set by the operating system with the exception of the nofile resource limit parameter which FARGATElong overrides. The nofile resource limit sets a restriction on the number of open files that a container can use. The default nofile soft limit is 65535 and the default hard limit is 65535. You can specify the ulimit settings for a container in a task definition.

Parameters:

hard_limit (Union[int, float]) – The hard limit for the ulimit type. The value can be specified in bytes, seconds, or as a count, depending on the type of the ulimit.
name (str) – The type of the ulimit.
soft_limit (Union[int, float]) – The soft limit for the ulimit type. The value can be specified in bytes, seconds, or as a count, depending on the type of the ulimit.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-ulimit.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_ecs as ecs

ulimit_property = ecs.CfnDaemonTaskDefinition.UlimitProperty(
    hard_limit=123,
    name="name",
    soft_limit=123
)

Attributes

hard_limit

The hard limit for the ulimit type.

The value can be specified in bytes, seconds, or as a count, depending on the type of the ulimit.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-ulimit.html#cfn-ecs-daemontaskdefinition-ulimit-hardlimit

name

The type of the ulimit.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-ulimit.html#cfn-ecs-daemontaskdefinition-ulimit-name

soft_limit

The soft limit for the ulimit type.

The value can be specified in bytes, seconds, or as a count, depending on the type of the ulimit.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-ulimit.html#cfn-ecs-daemontaskdefinition-ulimit-softlimit

VolumeProperty

class CfnDaemonTaskDefinition.VolumeProperty(*, host=None, name=None)

Bases: object

The data volume configuration for tasks launched using this task definition.

Specifying a volume configuration in a task definition is optional. The volume configuration may contain multiple volumes but only one volume configured at launch is supported. Each volume defined in the volume configuration may only specify a name and one of either configuredAtLaunch, dockerVolumeConfiguration, efsVolumeConfiguration, fsxWindowsFileServerVolumeConfiguration, or host. If an empty volume configuration is specified, by default Amazon ECS uses a host volume. For more information, see Using data volumes in tasks.

Parameters:

host (Union[IResolvable, HostVolumePropertiesProperty, Dict[str, Any], None]) – Details on a container instance bind mount host volume.
name (Optional[str]) – The name of the volume. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. When using a volume configured at launch, the name is required and must also be specified as the volume name in the ServiceVolumeConfiguration or TaskVolumeConfiguration parameter when creating your service or standalone task. For all other types of volumes, this name is referenced in the sourceVolume parameter of the mountPoints object in the container definition. When a volume is using the efsVolumeConfiguration, the name is required.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-volume.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_ecs as ecs

volume_property = ecs.CfnDaemonTaskDefinition.VolumeProperty(
    host=ecs.CfnDaemonTaskDefinition.HostVolumePropertiesProperty(
        source_path="sourcePath"
    ),
    name="name"
)

Attributes

host

Details on a container instance bind mount host volume.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-volume.html#cfn-ecs-daemontaskdefinition-volume-host

name

The name of the volume.

Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. When using a volume configured at launch, the name is required and must also be specified as the volume name in the ServiceVolumeConfiguration or TaskVolumeConfiguration parameter when creating your service or standalone task. For all other types of volumes, this name is referenced in the sourceVolume parameter of the mountPoints object in the container definition. When a volume is using the efsVolumeConfiguration, the name is required.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-daemontaskdefinition-volume.html#cfn-ecs-daemontaskdefinition-volume-name