This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::ECS::Cluster The `AWS::ECS::Cluster` resource creates an Amazon Elastic Container Service (Amazon ECS) cluster. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::ECS::Cluster", "Properties" : { "[CapacityProviders](#cfn-ecs-cluster-capacityproviders)" : [ String, ... ], "[ClusterName](#cfn-ecs-cluster-clustername)" : String, "[ClusterSettings](#cfn-ecs-cluster-clustersettings)" : [ ClusterSettings, ... ], "[Configuration](#cfn-ecs-cluster-configuration)" : ClusterConfiguration, "[DefaultCapacityProviderStrategy](#cfn-ecs-cluster-defaultcapacityproviderstrategy)" : [ CapacityProviderStrategyItem, ... ], "[ServiceConnectDefaults](#cfn-ecs-cluster-serviceconnectdefaults)" : ServiceConnectDefaults, "[Tags](#cfn-ecs-cluster-tags)" : [ Tag, ... ] } } ``` ### YAML ``` Type: AWS::ECS::Cluster Properties: [CapacityProviders](#cfn-ecs-cluster-capacityproviders): - String [ClusterName](#cfn-ecs-cluster-clustername): String [ClusterSettings](#cfn-ecs-cluster-clustersettings): - ClusterSettings [Configuration](#cfn-ecs-cluster-configuration): ClusterConfiguration [DefaultCapacityProviderStrategy](#cfn-ecs-cluster-defaultcapacityproviderstrategy): - CapacityProviderStrategyItem [ServiceConnectDefaults](#cfn-ecs-cluster-serviceconnectdefaults): ServiceConnectDefaults [Tags](#cfn-ecs-cluster-tags): - Tag ``` ## Properties `CapacityProviders` The short name of one or more capacity providers to associate with the cluster. A capacity provider must be associated with a cluster before it can be included as part of the default capacity provider strategy of the cluster or used in a capacity provider strategy when calling the [CreateService](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CreateService.html) or [RunTask](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_RunTask.html) actions. If specifying a capacity provider that uses an Auto Scaling group, the capacity provider must be created but not associated with another cluster. New Auto Scaling group capacity providers can be created with the [CreateCapacityProvider](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CreateCapacityProvider.html) API operation. To use a AWS Fargate capacity provider, specify either the `FARGATE` or `FARGATE_SPOT` capacity providers. The AWS Fargate capacity providers are available to all accounts and only need to be associated with a cluster to be used. The [PutCapacityProvider](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PutCapacityProvider.html) API operation is used to update the list of available capacity providers for a cluster after the cluster is created. *Required*: No *Type*: Array of String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ClusterName` A user-generated string that you use to identify your cluster. If you don't specify a name, AWS CloudFormation generates a unique physical ID for the name. *Required*: No *Type*: String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `ClusterSettings` The settings to use when creating a cluster. This parameter is used to turn on CloudWatch Container Insights with enhanced observability or CloudWatch Container Insights for a cluster. Container Insights with enhanced observability provides all the Container Insights metrics, plus additional task and container metrics. This version supports enhanced observability for Amazon ECS clusters using the Amazon EC2 and Fargate launch types. After you configure Container Insights with enhanced observability on Amazon ECS, Container Insights auto-collects detailed infrastructure telemetry from the cluster level down to the container level in your environment and displays these critical performance data in curated dashboards removing the heavy lifting in observability set-up. For more information, see [Monitor Amazon ECS containers using Container Insights with enhanced observability](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cloudwatch-container-insights.html) in the *Amazon Elastic Container Service Developer Guide*. *Required*: No *Type*: [Array](aws-properties-ecs-cluster-clustersettings.md) of [ClusterSettings](aws-properties-ecs-cluster-clustersettings.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Configuration` The execute command and managed storage configuration for the cluster. *Required*: No *Type*: [ClusterConfiguration](aws-properties-ecs-cluster-clusterconfiguration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DefaultCapacityProviderStrategy` The default capacity provider strategy for the cluster. When services or tasks are run in the cluster with no launch type or capacity provider strategy specified, the default capacity provider strategy is used. *Required*: No *Type*: Array of [CapacityProviderStrategyItem](aws-properties-ecs-cluster-capacityproviderstrategyitem.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ServiceConnectDefaults` Use this parameter to set a default Service Connect namespace. After you set a default Service Connect namespace, any new services with Service Connect turned on that are created in the cluster are added as client services in the namespace. This setting only applies to new services that set the `enabled` parameter to `true` in the `ServiceConnectConfiguration`. You can set the namespace of each service individually in the `ServiceConnectConfiguration` to override this default parameter. Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide*. *Required*: No *Type*: [ServiceConnectDefaults](aws-properties-ecs-cluster-serviceconnectdefaults.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Tags` The metadata that you apply to the cluster to help you categorize and organize them. Each tag consists of a key and an optional value. You define both. The following basic restrictions apply to tags: + Maximum number of tags per resource - 50 + For each resource, each tag key must be unique, and each tag key can have only one value. + Maximum key length - 128 Unicode characters in UTF-8 + Maximum value length - 256 Unicode characters in UTF-8 + If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: \$1 - = . \$1 : / @. + Tag keys and values are case-sensitive. + Do not use `aws:`, `AWS:`, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit. *Required*: No *Type*: Array of [Tag](aws-properties-ecs-cluster-tag.md) *Minimum*: `0` *Maximum*: `50` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the resource name. In the following example, the `Ref` function returns the name of the `MyECSCluster` cluster, such as `MyStack-MyECSCluster-NT5EUXTNTXXD`. `{ "Ref": "MyECSCluster" }` For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `Arn` The Amazon Resource Name (ARN) of the Amazon ECS cluster, such as `arn:aws:ecs:us-east-2:123456789012:cluster/MyECSCluster`. ## Examples **Topics** + [Create a cluster with Fargate capacity providers and a default capacity provider strategy](#aws-resource-ecs-cluster--examples--Create_a_cluster_with_Fargate_capacity_providers_and_a_default_capacity_provider_strategy) + [Create a cluster with the Amazon Linux 2023 ECS-Optimized-AMI](#aws-resource-ecs-cluster--examples--Create_a_cluster_with_the_Amazon_Linux_2023_ECS-Optimized-AMI) + [Create an empty cluster with CloudWatch Container Insights enabled and defined tags](#aws-resource-ecs-cluster--examples--Create_an_empty_cluster_with_CloudWatch_Container_Insights_enabled_and_defined_tags) ### Create a cluster with Fargate capacity providers and a default capacity provider strategy The following example creates a cluster named `MyFargateCluster` with the `FARGATE` and `FARGATE_SPOT` capacity providers. A default capacity provider strategy is also created where tasks launched will be split evenly between the `FARGATE` and `FARGATE_SPOT` capacity providers. The template also enables ECS Exec using the default logging configuration. For more information, see [Monitor Amazon ECS containers with ECS Exec](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-exec.html) in the *Amazon ECS Developer Guide*. #### JSON ``` { "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "ECSCluster": { "Type": "AWS::ECS::Cluster", "Properties": { "ClusterName": "MyFargateCluster", "CapacityProviders": ["FARGATE", "FARGATE_SPOT"], "DefaultCapacityProviderStrategy": [ { "CapacityProvider": "FARGATE", "Weight": 1 }, { "CapacityProvider": "FARGATE_SPOT", "Weight": 1 } ], "Configuration": { "ExecuteCommandConfiguration": { "Logging": "DEFAULT" } } } } } } ``` #### YAML ``` AWSTemplateFormatVersion: 2010-09-09 Resources: ECSCluster: Type: AWS::ECS::Cluster Properties: ClusterName: MyFargateCluster CapacityProviders: - FARGATE - FARGATE_SPOT DefaultCapacityProviderStrategy: - CapacityProvider: FARGATE Weight: 1 - CapacityProvider: FARGATE_SPOT Weight: 1 Configuration: ExecuteCommandConfiguration: Logging: DEFAULT ``` ### Create a cluster with the Amazon Linux 2023 ECS-Optimized-AMI The following example creates a cluster named `MyCluster` with a capacity provider that launches Amazon Linux 2023 t2.medium instances. Replace parameters with your own information. #### JSON ``` { "AWSTemplateFormatVersion": "2010-09-09", "Description": "EC2 ECS cluster that starts out empty, with no EC2 instances yet. An ECS capacity provider automatically launches more EC2 instances as required on the fly when you request ECS to launch services or standalone tasks.", "Parameters": { "InstanceType": { "Type": "String", "Description": "EC2 instance type", "Default": "t2.medium", "AllowedValues": [ "t1.micro", "t2.2xlarge", "t2.large", "t2.medium", "t2.micro", "t2.nano", "t2.small", "t2.xlarge", "t3.2xlarge", "t3.large", "t3.medium", "t3.micro", "t3.nano", "t3.small", "t3.xlarge" ] }, "DesiredCapacity": { "Type": "Number", "Default": "0", "Description": "Number of EC2 instances to launch in your ECS cluster." }, "MaxSize": { "Type": "Number", "Default": "100", "Description": "Maximum number of EC2 instances that can be launched in your ECS cluster." }, "ECSAMI": { "Description": "The Amazon Machine Image ID used for the cluster", "Type": "AWS::SSM::Parameter::Value", "Default": "/aws/service/ecs/optimized-ami/amazon-linux-2023/recommended/image_id" }, "VpcId": { "Type": "AWS::EC2::VPC::Id", "Description": "VPC ID where the ECS cluster is launched", "Default": "vpc-1234567890abcdef0" }, "SubnetIds": { "Type": "List", "Description": "List of subnet IDs where the EC2 instances will be launched", "Default": "subnet-021345abcdef67890" } }, "Resources": { "ECSCluster": { "Type": "AWS::ECS::Cluster", "Properties": { "ClusterSettings": [ { "Name": "containerInsights", "Value": "enabled" } ] } }, "ECSAutoScalingGroup": { "Type": "AWS::AutoScaling::AutoScalingGroup", "DependsOn": [ "ECSCluster", "EC2Role" ], "Properties": { "VPCZoneIdentifier": { "Ref": "SubnetIds" }, "LaunchTemplate": { "LaunchTemplateId": { "Ref": "ContainerInstances" }, "Version": { "Fn::GetAtt": [ "ContainerInstances", "LatestVersionNumber" ] } }, "MinSize": 0, "MaxSize": { "Ref": "MaxSize" }, "DesiredCapacity": { "Ref": "DesiredCapacity" }, "NewInstancesProtectedFromScaleIn": true }, "UpdatePolicy": { "AutoScalingReplacingUpdate": { "WillReplace": "true" } } }, "ContainerInstances": { "Type": "AWS::EC2::LaunchTemplate", "Properties": { "LaunchTemplateName": "asg-launch-template", "LaunchTemplateData": { "ImageId": { "Ref": "ECSAMI" }, "InstanceType": { "Ref": "InstanceType" }, "IamInstanceProfile": { "Name": { "Ref": "EC2InstanceProfile" } }, "SecurityGroupIds": [ { "Ref": "ContainerHostSecurityGroup" } ], "UserData": { "Fn::Base64": { "Fn::Sub": "#!/bin/bash -xe\n echo ECS_CLUSTER=${ECSCluster} >> /etc/ecs/ecs.config\n yum install -y aws-cfn-bootstrap\n /opt/aws/bin/cfn-init -v --stack ${AWS::StackId} --resource ContainerInstances --configsets full_install --region ${AWS::Region} &\n" } }, "MetadataOptions": { "HttpEndpoint": "enabled", "HttpTokens": "required" } } } }, "EC2InstanceProfile": { "Type": "AWS::IAM::InstanceProfile", "Properties": { "Path": "/", "Roles": [ { "Ref": "EC2Role" } ] } }, "CapacityProvider": { "Type": "AWS::ECS::CapacityProvider", "Properties": { "AutoScalingGroupProvider": { "AutoScalingGroupArn": { "Ref": "ECSAutoScalingGroup" }, "ManagedScaling": { "InstanceWarmupPeriod": 60, "MinimumScalingStepSize": 1, "MaximumScalingStepSize": 100, "Status": "ENABLED", "TargetCapacity": 100 }, "ManagedTerminationProtection": "ENABLED" } } }, "CapacityProviderAssociation": { "Type": "AWS::ECS::ClusterCapacityProviderAssociations", "Properties": { "CapacityProviders": [ { "Ref": "CapacityProvider" } ], "Cluster": { "Ref": "ECSCluster" }, "DefaultCapacityProviderStrategy": [ { "Base": 0, "CapacityProvider": { "Ref": "CapacityProvider" }, "Weight": 1 } ] } }, "ContainerHostSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "Access to the EC2 hosts that run containers", "VpcId": { "Ref": "VpcId" } } }, "EC2Role": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "ec2.amazonaws.com" ] }, "Action": [ "sts:AssumeRole" ] } ] }, "Path": "/", "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role", "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" ] } }, "ECSTaskExecutionRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "ecs-tasks.amazonaws.com" ] }, "Action": [ "sts:AssumeRole" ], "Condition": { "ArnLike": { "aws:SourceArn": { "Fn::Sub": "arn:${AWS::Partition}:ecs:${AWS::Region}:${AWS::AccountId}:*" } }, "StringEquals": { "aws:SourceAccount": { "Fn::Sub": "${AWS::AccountId}" } } } } ] }, "Path": "/", "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy" ] } } }, "Outputs": { "ClusterName": { "Description": "The ECS cluster into which to launch resources", "Value": "ECSCluster" }, "ECSTaskExecutionRole": { "Description": "The role used to start up a task", "Value": "ECSTaskExecutionRole" }, "CapacityProvider": { "Description": "The cluster capacity provider that the service should use to request capacity when it wants to start up a task", "Value": "CapacityProvider" } } } ``` #### YAML ``` AWSTemplateFormatVersion: 2010-09-09 Description: EC2 ECS cluster that starts out empty, with no EC2 instances yet. An ECS capacity provider automatically launches more EC2 instances as required on the fly when you request ECS to launch services or standalone tasks. Parameters: InstanceType: Type: String Description: EC2 instance type Default: "t2.medium" AllowedValues: - t1.micro - t2.2xlarge - t2.large - t2.medium - t2.micro - t2.nano - t2.small - t2.xlarge - t3.2xlarge - t3.large - t3.medium - t3.micro - t3.nano - t3.small - t3.xlarge DesiredCapacity: Type: Number Default: "0" Description: Number of EC2 instances to launch in your ECS cluster. MaxSize: Type: Number Default: "100" Description: Maximum number of EC2 instances that can be launched in your ECS cluster. ECSAMI: Description: The Amazon Machine Image ID used for the cluster Type: AWS::SSM::Parameter::Value Default: /aws/service/ecs/optimized-ami/amazon-linux-2023/recommended/image_id VpcId: Type: AWS::EC2::VPC::Id Description: VPC ID where the ECS cluster is launched Default: vpc-1234567890abcdef0 SubnetIds: Type: List Description: List of subnet IDs where the EC2 instances will be launched Default: "subnet-021345abcdef67890" Resources: # This is authorizes ECS to manage resources on your # account on your behalf. This role is likely already created on your account # ECSRole: # Type: AWS::IAM::ServiceLinkedRole # Properties: # AWSServiceName: 'ecs.amazonaws.com' # ECS Resources ECSCluster: Type: AWS::ECS::Cluster Properties: ClusterSettings: - Name: containerInsights Value: enabled # Autoscaling group. This launches the actual EC2 instances that will register # themselves as members of the cluster, and run the docker containers. ECSAutoScalingGroup: Type: AWS::AutoScaling::AutoScalingGroup DependsOn: # This is to ensure that the ASG gets deleted first before these # resources, when it comes to stack teardown. - ECSCluster - EC2Role Properties: VPCZoneIdentifier: Ref: SubnetIds LaunchTemplate: LaunchTemplateId: !Ref ContainerInstances Version: !GetAtt ContainerInstances.LatestVersionNumber MinSize: 0 MaxSize: Ref: MaxSize DesiredCapacity: Ref: DesiredCapacity NewInstancesProtectedFromScaleIn: true UpdatePolicy: AutoScalingReplacingUpdate: WillReplace: "true" # The config for each instance that is added to the cluster ContainerInstances: Type: AWS::EC2::LaunchTemplate Properties: LaunchTemplateName: "asg-launch-template" LaunchTemplateData: ImageId: Ref: ECSAMI InstanceType: Ref: InstanceType IamInstanceProfile: Name: !Ref EC2InstanceProfile SecurityGroupIds: - !Ref ContainerHostSecurityGroup # This injected configuration file is how the EC2 instance # knows which ECS cluster on your AWS account it should be joining UserData: Fn::Base64: !Sub | #!/bin/bash -xe echo ECS_CLUSTER=${ECSCluster} >> /etc/ecs/ecs.config yum install -y aws-cfn-bootstrap /opt/aws/bin/cfn-init -v --stack ${AWS::StackId} --resource ContainerInstances --configsets full_install --region ${AWS::Region} & # Disable IMDSv1, and require IMDSv2 MetadataOptions: HttpEndpoint: enabled HttpTokens: required EC2InstanceProfile: Type: AWS::IAM::InstanceProfile Properties: Path: / Roles: - !Ref EC2Role # Create an ECS capacity provider to attach the ASG to the ECS cluster # so that it autoscales as we launch more containers CapacityProvider: Type: AWS::ECS::CapacityProvider Properties: AutoScalingGroupProvider: AutoScalingGroupArn: !Ref ECSAutoScalingGroup ManagedScaling: InstanceWarmupPeriod: 60 MinimumScalingStepSize: 1 MaximumScalingStepSize: 100 Status: ENABLED # Percentage of cluster reservation to try to maintain TargetCapacity: 100 ManagedTerminationProtection: ENABLED # Create a cluster capacity provider assocation so that the cluster # will use the capacity provider CapacityProviderAssociation: Type: AWS::ECS::ClusterCapacityProviderAssociations Properties: CapacityProviders: - !Ref CapacityProvider Cluster: !Ref ECSCluster DefaultCapacityProviderStrategy: - Base: 0 CapacityProvider: !Ref CapacityProvider Weight: 1 # A security group for the EC2 hosts that will run the containers. # This can be used to limit incoming traffic to or outgoing traffic # from the container's host EC2 instance. ContainerHostSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Access to the EC2 hosts that run containers VpcId: Ref: VpcId # Role for the EC2 hosts. This allows the ECS agent on the EC2 hosts # to communciate with the ECS control plane, as well as download the docker # images from ECR to run on your host. EC2Role: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com Action: - sts:AssumeRole Path: / ManagedPolicyArns: # See reference: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonEC2ContainerServiceforEC2Role - arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role # This managed policy allows us to connect to the instance using SSM - arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore # This is a role which is used within Fargate to allow the Fargate agent # to download images, and upload logs. ECSTaskExecutionRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Effect: Allow Principal: Service: - ecs-tasks.amazonaws.com Action: - sts:AssumeRole Condition: ArnLike: aws:SourceArn: !Sub arn:${AWS::Partition}:ecs:${AWS::Region}:${AWS::AccountId}:* StringEquals: aws:SourceAccount: !Sub ${AWS::AccountId} Path: / # This role enables all features of ECS. See reference: # https://docs.aws.amazon.com/AmazonECS/latest/developerguide/security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonECSTaskExecutionRolePolicy ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy Outputs: ClusterName: Description: The ECS cluster into which to launch resources Value: ECSCluster ECSTaskExecutionRole: Description: The role used to start up a task Value: ECSTaskExecutionRole CapacityProvider: Description: The cluster capacity provider that the service should use to request capacity when it wants to start up a task Value: CapacityProvider ``` ### Create an empty cluster with CloudWatch Container Insights enabled and defined tags The following example creates an empty cluster named `MyCluster` that has CloudWatch Container Insights enabled and is tagged with the key `environment` and the value `production`. #### JSON ``` { "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "ECSCluster": { "Type": "AWS::ECS::Cluster", "Properties": { "ClusterName": "MyCluster", "ClusterSettings": [ { "Name": "containerInsights", "Value": "enabled" } ], "Tags": [ { "Key": "environment", "Value": "production" } ] } } } } ``` #### YAML ``` AWSTemplateFormatVersion: 2010-09-09 Resources: ECSCluster: Type: AWS::ECS::Cluster Properties: ClusterName: MyCluster ClusterSettings: - Name: containerInsights Value: enabled Tags: - Key: environment Value: production ``` # AWS::ECS::Cluster CapacityProviderStrategyItem The `CapacityProviderStrategyItem` property specifies the details of the default capacity provider strategy for the cluster. When services or tasks are run in the cluster with no launch type or capacity provider strategy specified, the default capacity provider strategy is used. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Base](#cfn-ecs-cluster-capacityproviderstrategyitem-base)" : Integer, "[CapacityProvider](#cfn-ecs-cluster-capacityproviderstrategyitem-capacityprovider)" : String, "[Weight](#cfn-ecs-cluster-capacityproviderstrategyitem-weight)" : Integer } ``` ### YAML ``` [Base](#cfn-ecs-cluster-capacityproviderstrategyitem-base): Integer [CapacityProvider](#cfn-ecs-cluster-capacityproviderstrategyitem-capacityprovider): String [Weight](#cfn-ecs-cluster-capacityproviderstrategyitem-weight): Integer ``` ## Properties `Base` The *base* value designates how many tasks, at a minimum, to run on the specified capacity provider for each service. Only one capacity provider in a capacity provider strategy can have a *base* defined. If no value is specified, the default value of `0` is used. Base value characteristics: + Only one capacity provider in a strategy can have a base defined + The default value is `0` if not specified + The valid range is 0 to 100,000 + Base requirements are satisfied first before weight distribution *Required*: No *Type*: Integer *Minimum*: `0` *Maximum*: `100000` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `CapacityProvider` The short name of the capacity provider. This can be either an AWS managed capacity provider (`FARGATE` or `FARGATE_SPOT`) or the name of a custom capacity provider that you created. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Weight` The *weight* value designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The `weight` value is taken into consideration after the `base` value, if defined, is satisfied. If no `weight` value is specified, the default value of `0` is used. When multiple capacity providers are specified within a capacity provider strategy, at least one of the capacity providers must have a weight value greater than zero and any capacity providers with a weight of `0` can't be used to place tasks. If you specify multiple capacity providers in a strategy that all have a weight of `0`, any `RunTask` or `CreateService` actions using the capacity provider strategy will fail. Weight value characteristics: + Weight is considered after the base value is satisfied + The default value is `0` if not specified + The valid range is 0 to 1,000 + At least one capacity provider must have a weight greater than zero + Capacity providers with weight of `0` cannot place tasks Task distribution logic: 1. Base satisfaction: The minimum number of tasks specified by the base value are placed on that capacity provider 1. Weight distribution: After base requirements are met, additional tasks are distributed according to weight ratios Examples: Equal Distribution: Two capacity providers both with weight `1` will split tasks evenly after base requirements are met. Weighted Distribution: If capacityProviderA has weight `1` and capacityProviderB has weight `4`, then for every 1 task on A, 4 tasks will run on B. *Required*: No *Type*: Integer *Minimum*: `0` *Maximum*: `1000` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## See also + [ Define a cluster with the AWS Fargate capacity providers and a default capacity provider strategy defined](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-cluster.html#aws-resource-ecs-cluster--examples--Define_a_cluster_with_the__capacity_providers_and_a_default_capacity_provider_strategy_defined) # AWS::ECS::Cluster ClusterConfiguration The execute command and managed storage configuration for the cluster. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[ExecuteCommandConfiguration](#cfn-ecs-cluster-clusterconfiguration-executecommandconfiguration)" : ExecuteCommandConfiguration, "[ManagedStorageConfiguration](#cfn-ecs-cluster-clusterconfiguration-managedstorageconfiguration)" : ManagedStorageConfiguration } ``` ### YAML ``` [ExecuteCommandConfiguration](#cfn-ecs-cluster-clusterconfiguration-executecommandconfiguration): ExecuteCommandConfiguration [ManagedStorageConfiguration](#cfn-ecs-cluster-clusterconfiguration-managedstorageconfiguration): ManagedStorageConfiguration ``` ## Properties `ExecuteCommandConfiguration` The details of the execute command configuration. *Required*: No *Type*: [ExecuteCommandConfiguration](aws-properties-ecs-cluster-executecommandconfiguration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ManagedStorageConfiguration` The details of the managed storage configuration. *Required*: No *Type*: [ManagedStorageConfiguration](aws-properties-ecs-cluster-managedstorageconfiguration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## See also + [ Define a cluster with the AWS Fargate capacity providers and a default capacity provider strategy defined](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-cluster.html#aws-resource-ecs-cluster--examples--Define_a_cluster_with_the__capacity_providers_and_a_default_capacity_provider_strategy_defined) # AWS::ECS::Cluster ClusterSettings The settings to use when creating a cluster. This parameter is used to turn on CloudWatch Container Insights with enhanced observability or CloudWatch Container Insights for a cluster. Container Insights with enhanced observability provides all the Container Insights metrics, plus additional task and container metrics. This version supports enhanced observability for Amazon ECS clusters using the Amazon EC2 and Fargate launch types. After you configure Container Insights with enhanced observability on Amazon ECS, Container Insights auto-collects detailed infrastructure telemetry from the cluster level down to the container level in your environment and displays these critical performance data in curated dashboards removing the heavy lifting in observability set-up. For more information, see [Monitor Amazon ECS containers using Container Insights with enhanced observability](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cloudwatch-container-insights.html) in the *Amazon Elastic Container Service Developer Guide*. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Name](#cfn-ecs-cluster-clustersettings-name)" : String, "[Value](#cfn-ecs-cluster-clustersettings-value)" : String } ``` ### YAML ``` [Name](#cfn-ecs-cluster-clustersettings-name): String [Value](#cfn-ecs-cluster-clustersettings-value): String ``` ## Properties `Name` The name of the cluster setting. The value is `containerInsights`. *Required*: No *Type*: String *Allowed values*: `containerInsights` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The value to set for the cluster setting. The supported values are `enhanced`, `enabled`, and `disabled`. To use Container Insights with enhanced observability, set the `containerInsights` account setting to `enhanced`. To use Container Insights, set the `containerInsights` account setting to `enabled`. If a cluster value is specified, it will override the `containerInsights` value set with [PutAccountSetting](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PutAccountSetting.html) or [PutAccountSettingDefault](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PutAccountSettingDefault.html). *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## See also + [Define an empty cluster with CloudWatch Container Insights enabled and defined tags](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-cluster.html#ws-resource-ecs-cluster--examples--Define_an_empty_cluster_with_CloudWatch_Container_Insights_enabled_and_defined_tags) # AWS::ECS::Cluster ExecuteCommandConfiguration The details of the execute command configuration. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[KmsKeyId](#cfn-ecs-cluster-executecommandconfiguration-kmskeyid)" : String, "[LogConfiguration](#cfn-ecs-cluster-executecommandconfiguration-logconfiguration)" : ExecuteCommandLogConfiguration, "[Logging](#cfn-ecs-cluster-executecommandconfiguration-logging)" : String } ``` ### YAML ``` [KmsKeyId](#cfn-ecs-cluster-executecommandconfiguration-kmskeyid): String [LogConfiguration](#cfn-ecs-cluster-executecommandconfiguration-logconfiguration): ExecuteCommandLogConfiguration [Logging](#cfn-ecs-cluster-executecommandconfiguration-logging): String ``` ## Properties `KmsKeyId` Specify an AWS Key Management Service key ID to encrypt the data between the local client and the container. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `LogConfiguration` The log configuration for the results of the execute command actions. The logs can be sent to CloudWatch Logs or an Amazon S3 bucket. When `logging=OVERRIDE` is specified, a `logConfiguration` must be provided. *Required*: No *Type*: [ExecuteCommandLogConfiguration](aws-properties-ecs-cluster-executecommandlogconfiguration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Logging` The log setting to use for redirecting logs for your execute command results. The following log settings are available. + `NONE`: The execute command session is not logged. + `DEFAULT`: The `awslogs` configuration in the task definition is used. If no logging parameter is specified, it defaults to this value. If no `awslogs` log driver is configured in the task definition, the output won't be logged. + `OVERRIDE`: Specify the logging details as a part of `logConfiguration`. If the `OVERRIDE` logging option is specified, the `logConfiguration` is required. *Required*: No *Type*: String *Allowed values*: `NONE | DEFAULT | OVERRIDE` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## See also + [ Define a cluster with the AWS Fargate capacity providers and a default capacity provider strategy defined](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-cluster.html#aws-resource-ecs-cluster--examples--Define_a_cluster_with_the__capacity_providers_and_a_default_capacity_provider_strategy_defined) # AWS::ECS::Cluster ExecuteCommandLogConfiguration The log configuration for the results of the execute command actions. The logs can be sent to CloudWatch Logs or an Amazon S3 bucket. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[CloudWatchEncryptionEnabled](#cfn-ecs-cluster-executecommandlogconfiguration-cloudwatchencryptionenabled)" : Boolean, "[CloudWatchLogGroupName](#cfn-ecs-cluster-executecommandlogconfiguration-cloudwatchloggroupname)" : String, "[S3BucketName](#cfn-ecs-cluster-executecommandlogconfiguration-s3bucketname)" : String, "[S3EncryptionEnabled](#cfn-ecs-cluster-executecommandlogconfiguration-s3encryptionenabled)" : Boolean, "[S3KeyPrefix](#cfn-ecs-cluster-executecommandlogconfiguration-s3keyprefix)" : String } ``` ### YAML ``` [CloudWatchEncryptionEnabled](#cfn-ecs-cluster-executecommandlogconfiguration-cloudwatchencryptionenabled): Boolean [CloudWatchLogGroupName](#cfn-ecs-cluster-executecommandlogconfiguration-cloudwatchloggroupname): String [S3BucketName](#cfn-ecs-cluster-executecommandlogconfiguration-s3bucketname): String [S3EncryptionEnabled](#cfn-ecs-cluster-executecommandlogconfiguration-s3encryptionenabled): Boolean [S3KeyPrefix](#cfn-ecs-cluster-executecommandlogconfiguration-s3keyprefix): String ``` ## Properties `CloudWatchEncryptionEnabled` Determines whether to use encryption on the CloudWatch logs. If not specified, encryption will be off. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `CloudWatchLogGroupName` The name of the CloudWatch log group to send logs to. The CloudWatch log group must already be created. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `S3BucketName` The name of the S3 bucket to send logs to. The S3 bucket must already be created. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `S3EncryptionEnabled` Determines whether to use encryption on the S3 logs. If not specified, encryption is not used. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `S3KeyPrefix` An optional folder in the S3 bucket to place logs in. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## See also + [ Define a cluster with the AWS Fargate capacity providers and a default capacity provider strategy defined](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-cluster.html#aws-resource-ecs-cluster--examples--Define_a_cluster_with_the__capacity_providers_and_a_default_capacity_provider_strategy_defined) # AWS::ECS::Cluster ManagedStorageConfiguration The managed storage configuration for the cluster. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[FargateEphemeralStorageKmsKeyId](#cfn-ecs-cluster-managedstorageconfiguration-fargateephemeralstoragekmskeyid)" : String, "[KmsKeyId](#cfn-ecs-cluster-managedstorageconfiguration-kmskeyid)" : String } ``` ### YAML ``` [FargateEphemeralStorageKmsKeyId](#cfn-ecs-cluster-managedstorageconfiguration-fargateephemeralstoragekmskeyid): String [KmsKeyId](#cfn-ecs-cluster-managedstorageconfiguration-kmskeyid): String ``` ## Properties `FargateEphemeralStorageKmsKeyId` Specify the AWS Key Management Service key ID for Fargate ephemeral storage. When you specify a `fargateEphemeralStorageKmsKeyId`, AWS Fargate uses the key to encrypt data at rest in ephemeral storage. For more information about Fargate ephemeral storage encryption, see [Customer managed keys for AWS Fargate ephemeral storage for Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/fargate-storage-encryption.html) in the *Amazon Elastic Container Service Developer Guide*. The key must be a single Region key. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `KmsKeyId` Specify a AWS Key Management Service key ID to encrypt Amazon ECS managed storage. When you specify a `kmsKeyId`, Amazon ECS uses the key to encrypt data volumes managed by Amazon ECS that are attached to tasks in the cluster. The following data volumes are managed by Amazon ECS: Amazon EBS. For more information about encryption of Amazon EBS volumes attached to Amazon ECS tasks, see [Encrypt data stored in Amazon EBS volumes for Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ebs-kms-encryption.html) in the *Amazon Elastic Container Service Developer Guide*. The key must be a single Region key. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::ECS::Cluster ServiceConnectDefaults Use this parameter to set a default Service Connect namespace. After you set a default Service Connect namespace, any new services with Service Connect turned on that are created in the cluster are added as client services in the namespace. This setting only applies to new services that set the `enabled` parameter to `true` in the `ServiceConnectConfiguration`. You can set the namespace of each service individually in the `ServiceConnectConfiguration` to override this default parameter. Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide*. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Namespace](#cfn-ecs-cluster-serviceconnectdefaults-namespace)" : String } ``` ### YAML ``` [Namespace](#cfn-ecs-cluster-serviceconnectdefaults-namespace): String ``` ## Properties `Namespace` The namespace name or full Amazon Resource Name (ARN) of the AWS Cloud Map namespace that's used when you create a service and don't specify a Service Connect configuration. The namespace name can include up to 1024 characters. The name is case-sensitive. The name can't include greater than (>), less than (<), double quotation marks ("), or slash (/). If you enter an existing namespace name or ARN, then that namespace will be used. Any namespace type is supported. The namespace must be in this account and this AWS Region. If you enter a new name, a AWS Cloud Map namespace will be created. Amazon ECS creates a AWS Cloud Map namespace with the "API calls" method of instance discovery only. This instance discovery method is the "HTTP" namespace type in the AWS Command Line Interface. Other types of instance discovery aren't used by Service Connect. If you update the cluster with an empty string `""` for the namespace name, the cluster configuration for Service Connect is removed. Note that the namespace will remain in AWS Cloud Map and must be deleted separately. For more information about AWS Cloud Map, see [Working with Services](https://docs.aws.amazon.com/cloud-map/latest/dg/working-with-services.html) in the *AWS Cloud Map Developer Guide*. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::ECS::Cluster Tag The metadata that you apply to a resource to help you categorize and organize them. Each tag consists of a key and an optional value. You define them. The following basic restrictions apply to tags: + Maximum number of tags per resource - 50 + For each resource, each tag key must be unique, and each tag key can have only one value. + Maximum key length - 128 Unicode characters in UTF-8 + Maximum value length - 256 Unicode characters in UTF-8 + If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: \$1 - = . \$1 : / @. + Tag keys and values are case-sensitive. + Do not use `aws:`, `AWS:`, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-ecs-cluster-tag-key)" : String, "[Value](#cfn-ecs-cluster-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-ecs-cluster-tag-key): String [Value](#cfn-ecs-cluster-tag-value): String ``` ## Properties `Key` One part of a key-value pair that make up a tag. A `key` is a general label that acts like a category for more specific tag values. *Required*: No *Type*: String *Pattern*: `([\p{L}\p{Z}\p{N}_.:/=+\-@]*)` *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The optional part of a key-value pair that make up a tag. A `value` acts as a descriptor within a tag category (key). *Required*: No *Type*: String *Pattern*: `([\p{L}\p{Z}\p{N}_.:/=+\-@]*)` *Minimum*: `0` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## See also + [Define an empty cluster with CloudWatch Container Insights enabled and defined tags](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-cluster.html#aws-resource-ecs-cluster--examples--Define_an_empty_cluster_with_CloudWatch_Container_Insights_enabled_and_defined_tags)