@awboost/cfn-resource-types 0.1.135 → 0.1.137
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/AWS-ApiGatewayV2-Integration.d.ts +6 -75
- package/lib/AWS-ApiGatewayV2-Integration.js +1 -2
- package/lib/AWS-AppIntegrations-Application.d.ts +1 -1
- package/lib/AWS-ApplicationSignals-ServiceLevelObjective.d.ts +72 -1
- package/lib/AWS-Backup-RestoreTestingPlan.d.ts +6 -0
- package/lib/AWS-Batch-ComputeEnvironment.d.ts +1 -0
- package/lib/AWS-Bedrock-Flow.d.ts +131 -1
- package/lib/AWS-Bedrock-FlowAlias.d.ts +1 -1
- package/lib/AWS-Bedrock-FlowVersion.d.ts +118 -1
- package/lib/AWS-Bedrock-PromptVersion.d.ts +17 -0
- package/lib/AWS-CloudWatch-Alarm.d.ts +7 -4
- package/lib/AWS-CodeBuild-Fleet.d.ts +6 -2
- package/lib/AWS-Deadline-Fleet.d.ts +1 -1
- package/lib/AWS-EC2-CustomerGateway.d.ts +1 -1
- package/lib/AWS-EC2-InternetGateway.d.ts +1 -1
- package/lib/AWS-EC2-KeyPair.d.ts +1 -1
- package/lib/AWS-EC2-LaunchTemplate.d.ts +2 -2
- package/lib/AWS-EC2-NatGateway.d.ts +1 -1
- package/lib/AWS-EC2-Subnet.d.ts +4 -4
- package/lib/AWS-EC2-VPCEndpoint.d.ts +4 -2
- package/lib/AWS-EC2-VPCEndpoint.js +2 -1
- package/lib/AWS-EC2-VPNConnection.d.ts +12 -1
- package/lib/AWS-EC2-VPNGateway.d.ts +1 -1
- package/lib/AWS-EC2-VPNGatewayRoutePropagation.d.ts +6 -0
- package/lib/AWS-EC2-Volume.d.ts +13 -7
- package/lib/AWS-EC2-Volume.js +4 -1
- package/lib/AWS-ECR-Repository.d.ts +1 -1
- package/lib/AWS-ECS-TaskDefinition.d.ts +73 -62
- package/lib/AWS-ECS-TaskDefinition.js +1 -1
- package/lib/AWS-ElasticLoadBalancingV2-LoadBalancer.d.ts +1 -0
- package/lib/AWS-EntityResolution-MatchingWorkflow.d.ts +8 -0
- package/lib/AWS-EntityResolution-SchemaMapping.d.ts +1 -1
- package/lib/AWS-Glue-Database.d.ts +61 -8
- package/lib/AWS-IVS-Channel.d.ts +1 -1
- package/lib/AWS-IVS-PublicKey.d.ts +67 -0
- package/lib/AWS-IVS-PublicKey.js +12 -0
- package/lib/AWS-IVS-Stage.d.ts +24 -0
- package/lib/AWS-IoTFleetWise-Campaign.d.ts +20 -0
- package/lib/AWS-IoTFleetWise-DecoderManifest.d.ts +2 -2
- package/lib/AWS-Location-APIKey.d.ts +2 -2
- package/lib/AWS-MSK-Replicator.d.ts +21 -0
- package/lib/AWS-MediaLive-Input.d.ts +27 -0
- package/lib/AWS-MediaPackageV2-OriginEndpoint.d.ts +2 -2
- package/lib/AWS-Neptune-DBCluster.d.ts +7 -3
- package/lib/AWS-OpenSearchService-Domain.d.ts +12 -0
- package/lib/AWS-PaymentCryptography-Key.d.ts +3 -3
- package/lib/AWS-QBusiness-Application.d.ts +45 -0
- package/lib/AWS-QBusiness-WebExperience.d.ts +40 -0
- package/lib/AWS-QuickSight-Analysis.d.ts +48 -0
- package/lib/AWS-QuickSight-Dashboard.d.ts +48 -0
- package/lib/AWS-QuickSight-DataSet.d.ts +2 -2
- package/lib/AWS-QuickSight-DataSource.d.ts +1 -1
- package/lib/AWS-QuickSight-Template.d.ts +48 -0
- package/lib/AWS-RDS-DBInstance.d.ts +2 -2
- package/lib/AWS-RDS-GlobalCluster.d.ts +2 -0
- package/lib/AWS-SES-ReceiptRule.d.ts +1 -0
- package/lib/AWS-SSMQuickSetup-ConfigurationManager.d.ts +104 -0
- package/lib/AWS-SSMQuickSetup-ConfigurationManager.js +12 -0
- package/lib/AWS-SageMaker-Domain.d.ts +1 -1
- package/lib/AWS-SageMaker-UserProfile.d.ts +1 -1
- package/lib/AWS-SecurityHub-AutomationRule.d.ts +332 -96
- package/lib/AWS-SecurityHub-DelegatedAdmin.d.ts +9 -7
- package/lib/AWS-SecurityHub-DelegatedAdmin.js +4 -1
- package/lib/AWS-SecurityHub-FindingAggregator.d.ts +20 -10
- package/lib/AWS-SecurityHub-FindingAggregator.js +3 -1
- package/package.json +1 -1
|
@@ -4,7 +4,7 @@ import type { ResourceOptions as $ResourceOptions } from "@awboost/cfn-template-
|
|
|
4
4
|
* Resource type definition for `AWS::ECS::TaskDefinition`.
|
|
5
5
|
* Registers a new task definition from the supplied ``family`` and ``containerDefinitions``. Optionally, you can add data volumes to your containers with the ``volumes`` parameter. For more information about task definition parameters and defaults, see [Amazon ECS Task Definitions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_defintions.html) in the *Amazon Elastic Container Service Developer Guide*.
|
|
6
6
|
You can specify a role for your task with the ``taskRoleArn`` parameter. When you specify a role for a task, its containers can then use the latest versions of the CLI or SDKs to make API requests to the AWS services that are specified in the policy that's associated with the role. For more information, see [IAM Roles for Tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) in the *Amazon Elastic Container Service Developer Guide*.
|
|
7
|
-
You can specify a Docker networking mode for the containers in your task definition with the ``networkMode`` parameter.
|
|
7
|
+
You can specify a Docker networking mode for the containers in your task definition with the ``networkMode`` parameter. If you specify the ``awsvpc`` network mode, the task is allocated an elastic network interface, and you must specify a [NetworkConfiguration](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_NetworkConfiguration.html) when you create a service or run a task with the task definition. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide*.
|
|
8
8
|
In the following example or examples, the Authorization header contents (``AUTHPARAMS``) must be replaced with an AWS Signature Version 4 signature. For more information, see [Signature Version 4 Signing Process](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html) in the *General Reference*.
|
|
9
9
|
You only need to learn how to sign HTTP requests if you intend to create them manually. When you use the [](https://docs.aws.amazon.com/cli/) or one of the [SDKs](https://docs.aws.amazon.com/tools/) to make requests to AWS, these tools automatically sign the requests for you, with the access key that you specify when you configure the tools. When you use these tools, you don't have to sign requests yourself.
|
|
10
10
|
* @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html}
|
|
@@ -16,6 +16,7 @@ export type ECSTaskDefinitionProperties = {
|
|
|
16
16
|
ContainerDefinitions?: ContainerDefinition[];
|
|
17
17
|
/**
|
|
18
18
|
* The number of ``cpu`` units used by the task. If you use the EC2 launch type, this field is optional. Any value can be used. If you use the Fargate launch type, this field is required. You must use one of the following values. The value that you choose determines your range of valid values for the ``memory`` parameter.
|
|
19
|
+
If you use the EC2 launch type, this field is optional. Supported values are between ``128`` CPU units (``0.125`` vCPUs) and ``10240`` CPU units (``10`` vCPUs).
|
|
19
20
|
The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate.
|
|
20
21
|
+ 256 (.25 vCPU) - Available ``memory`` values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB)
|
|
21
22
|
+ 512 (.5 vCPU) - Available ``memory`` values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB)
|
|
@@ -47,8 +48,8 @@ export type ECSTaskDefinitionProperties = {
|
|
|
47
48
|
*/
|
|
48
49
|
InferenceAccelerators?: InferenceAccelerator[];
|
|
49
50
|
/**
|
|
50
|
-
* The IPC resource namespace to use for the containers in the task. The valid values are ``host``, ``task``, or ``none``. If ``host`` is specified, then all containers within the tasks that specified the ``host`` IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same IPC resources. If ``none`` is specified, then IPC resources within the containers of a task are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance.
|
|
51
|
-
If the ``host`` IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose.
|
|
51
|
+
* The IPC resource namespace to use for the containers in the task. The valid values are ``host``, ``task``, or ``none``. If ``host`` is specified, then all containers within the tasks that specified the ``host`` IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same IPC resources. If ``none`` is specified, then IPC resources within the containers of a task are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance.
|
|
52
|
+
If the ``host`` IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose.
|
|
52
53
|
If you are setting namespaced kernel parameters using ``systemControls`` for the containers in the task, the following will apply to your IPC resource namespace. For more information, see [System Controls](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html) in the *Amazon Elastic Container Service Developer Guide*.
|
|
53
54
|
+ For tasks that use the ``host`` IPC mode, IPC namespace related ``systemControls`` are not supported.
|
|
54
55
|
+ For tasks that use the ``task`` IPC mode, IPC namespace related ``systemControls`` will apply to all containers within a task.
|
|
@@ -76,17 +77,16 @@ export type ECSTaskDefinitionProperties = {
|
|
|
76
77
|
For Amazon ECS tasks on Fargate, the ``awsvpc`` network mode is required. For Amazon ECS tasks on Amazon EC2 Linux instances, any network mode can be used. For Amazon ECS tasks on Amazon EC2 Windows instances, ``<default>`` or ``awsvpc`` can be used. If the network mode is set to ``none``, you cannot specify port mappings in your container definitions, and the tasks containers do not have external connectivity. The ``host`` and ``awsvpc`` network modes offer the highest networking performance for containers because they use the EC2 network stack instead of the virtualized network stack provided by the ``bridge`` mode.
|
|
77
78
|
With the ``host`` and ``awsvpc`` network modes, exposed container ports are mapped directly to the corresponding host port (for the ``host`` network mode) or the attached elastic network interface port (for the ``awsvpc`` network mode), so you cannot take advantage of dynamic host port mappings.
|
|
78
79
|
When using the ``host`` network mode, you should not run containers using the root user (UID 0). It is considered best practice to use a non-root user.
|
|
79
|
-
If the network mode is ``awsvpc``, the task is allocated an elastic network interface, and you must specify a NetworkConfiguration value when you create a service or run a task with the task definition. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide*.
|
|
80
|
+
If the network mode is ``awsvpc``, the task is allocated an elastic network interface, and you must specify a [NetworkConfiguration](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_NetworkConfiguration.html) value when you create a service or run a task with the task definition. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide*.
|
|
80
81
|
If the network mode is ``host``, you cannot run multiple instantiations of the same task on a single container instance when port mappings are used.
|
|
81
|
-
For more information, see [Network settings](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#network-settings) in the *Docker run reference*.
|
|
82
82
|
*/
|
|
83
83
|
NetworkMode?: string;
|
|
84
84
|
/**
|
|
85
85
|
* The process namespace to use for the containers in the task. The valid values are ``host`` or ``task``. On Fargate for Linux containers, the only valid value is ``task``. For example, monitoring sidecars might need ``pidMode`` to access information about other containers running in the same task.
|
|
86
86
|
If ``host`` is specified, all containers within the tasks that specified the ``host`` PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance.
|
|
87
87
|
If ``task`` is specified, all containers within the specified task share the same process namespace.
|
|
88
|
-
If no value is specified, the default is a private namespace for each container.
|
|
89
|
-
If the ``host`` PID mode is used, there's a heightened risk of undesired process namespace exposure.
|
|
88
|
+
If no value is specified, the default is a private namespace for each container.
|
|
89
|
+
If the ``host`` PID mode is used, there's a heightened risk of undesired process namespace exposure.
|
|
90
90
|
This parameter is not supported for Windows containers.
|
|
91
91
|
This parameter is only supported for tasks that are hosted on FARGATElong if the tasks are using platform version ``1.4.0`` or later (Linux). This isn't supported for Windows containers on Fargate.
|
|
92
92
|
*/
|
|
@@ -122,8 +122,10 @@ export type ECSTaskDefinitionProperties = {
|
|
|
122
122
|
*/
|
|
123
123
|
Tags?: Tag[];
|
|
124
124
|
/**
|
|
125
|
-
|
|
126
|
-
|
|
125
|
+
* The short name or full Amazon Resource Name (ARN) of the IAMlong role that grants containers in the task permission to call AWS APIs on your behalf. For more information, see [Amazon ECS Task Role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) in the *Amazon Elastic Container Service Developer Guide*.
|
|
126
|
+
IAM roles for tasks on Windows require that the ``-EnableTaskIAMRole`` option is set when you launch the Amazon ECS-optimized Windows AMI. Your containers must also run some configuration code to use the feature. For more information, see [Windows IAM roles for tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows_task_IAM_roles.html) in the *Amazon Elastic Container Service Developer Guide*.
|
|
127
|
+
String validation is done on the ECS side. If an invalid string value is given for ``TaskRoleArn``, it may cause the Cloudformation job to hang.
|
|
128
|
+
*/
|
|
127
129
|
TaskRoleArn?: string;
|
|
128
130
|
/**
|
|
129
131
|
* The list of data volume definitions for the task. For more information, see [Using data volumes in tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_data_volumes.html) in the *Amazon Elastic Container Service Developer Guide*.
|
|
@@ -160,15 +162,15 @@ export type AuthorizationConfig = {
|
|
|
160
162
|
*/
|
|
161
163
|
export type ContainerDefinition = {
|
|
162
164
|
/**
|
|
163
|
-
* The command that's passed to the container. This parameter maps to ``Cmd`` in the
|
|
165
|
+
* The command that's passed to the container. This parameter maps to ``Cmd`` in the docker conainer create command and the ``COMMAND`` parameter to docker run. If there are multiple arguments, each argument is a separated string in the array.
|
|
164
166
|
*/
|
|
165
167
|
Command?: string[];
|
|
166
168
|
/**
|
|
167
|
-
* The number of ``cpu`` units reserved for the container. This parameter maps to ``CpuShares`` in the
|
|
169
|
+
* The number of ``cpu`` units reserved for the container. This parameter maps to ``CpuShares`` in the docker conainer create commandand the ``--cpu-shares`` option to docker run.
|
|
168
170
|
This field is optional for tasks using the Fargate launch type, and the only requirement is that the total amount of CPU reserved for all containers within a task be lower than the task-level ``cpu`` value.
|
|
169
171
|
You can determine the number of CPU units that are available per EC2 instance type by multiplying the vCPUs listed for that instance type on the [Amazon EC2 Instances](https://docs.aws.amazon.com/ec2/instance-types/) detail page by 1,024.
|
|
170
172
|
Linux containers share unallocated CPU units with other containers on the container instance with the same ratio as their allocated amount. For example, if you run a single-container task on a single-core instance type with 512 CPU units specified for that container, and that's the only task running on the container instance, that container could use the full 1,024 CPU unit share at any given time. However, if you launched another copy of the same task on that container instance, each task is guaranteed a minimum of 512 CPU units when needed. Moreover, each container could float to higher CPU usage if the other container was not using it. If both tasks were 100% active all of the time, they would be limited to 512 CPU units.
|
|
171
|
-
On Linux container instances, the Docker daemon on the container instance uses the CPU value to calculate the relative CPU share ratios for running containers.
|
|
173
|
+
On Linux container instances, the Docker daemon on the container instance uses the CPU value to calculate the relative CPU share ratios for running containers. The minimum valid CPU share value that the Linux kernel allows is 2, and the maximum valid CPU share value that the Linux kernel allows is 262144. However, the CPU parameter isn't required, and you can use CPU values below 2 or above 262144 in your container definitions. For CPU values below 2 (including null) or above 262144, the behavior varies based on your Amazon ECS container agent version:
|
|
172
174
|
+ *Agent versions less than or equal to 1.1.0:* Null and zero CPU values are passed to Docker as 0, which Docker then converts to 1,024 CPU shares. CPU values of 1 are passed to Docker as 1, which the Linux kernel converts to two CPU shares.
|
|
173
175
|
+ *Agent versions greater than or equal to 1.2.0:* Null, zero, and CPU values of 1 are passed to Docker as 2.
|
|
174
176
|
+ *Agent versions greater than or equal to 1.84.0:* CPU values greater than 256 vCPU are passed to Docker as 256, which is equivalent to 262144 CPU shares.
|
|
@@ -195,47 +197,46 @@ export type ContainerDefinition = {
|
|
|
195
197
|
*/
|
|
196
198
|
DependsOn?: ContainerDependency[];
|
|
197
199
|
/**
|
|
198
|
-
* When this parameter is true, networking is off within the container. This parameter maps to ``NetworkDisabled`` in the
|
|
200
|
+
* When this parameter is true, networking is off within the container. This parameter maps to ``NetworkDisabled`` in the docker conainer create command.
|
|
199
201
|
This parameter is not supported for Windows containers.
|
|
200
202
|
*/
|
|
201
203
|
DisableNetworking?: boolean;
|
|
202
204
|
/**
|
|
203
|
-
* A list of DNS search domains that are presented to the container. This parameter maps to ``DnsSearch`` in the
|
|
205
|
+
* A list of DNS search domains that are presented to the container. This parameter maps to ``DnsSearch`` in the docker conainer create command and the ``--dns-search`` option to docker run.
|
|
204
206
|
This parameter is not supported for Windows containers.
|
|
205
207
|
*/
|
|
206
208
|
DnsSearchDomains?: string[];
|
|
207
209
|
/**
|
|
208
|
-
* A list of DNS servers that are presented to the container. This parameter maps to ``Dns`` in the
|
|
210
|
+
* A list of DNS servers that are presented to the container. This parameter maps to ``Dns`` in the the docker conainer create command and the ``--dns`` option to docker run.
|
|
209
211
|
This parameter is not supported for Windows containers.
|
|
210
212
|
*/
|
|
211
213
|
DnsServers?: string[];
|
|
212
214
|
/**
|
|
213
|
-
* A key/value map of labels to add to the container. This parameter maps to ``Labels`` in the
|
|
215
|
+
* A key/value map of labels to add to the container. This parameter maps to ``Labels`` in the docker conainer create command and the ``--label`` option to docker run. This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``
|
|
214
216
|
*/
|
|
215
217
|
DockerLabels?: Record<string, string>;
|
|
216
218
|
/**
|
|
217
|
-
* A list of strings to provide custom configuration for multiple security systems.
|
|
219
|
+
* A list of strings to provide custom configuration for multiple security systems. This field isn't valid for containers in tasks using the Fargate launch type.
|
|
218
220
|
For Linux tasks on EC2, this parameter can be used to reference custom labels for SELinux and AppArmor multi-level security systems.
|
|
219
221
|
For any tasks on EC2, this parameter can be used to reference a credential spec file that configures a container for Active Directory authentication. For more information, see [Using gMSAs for Windows Containers](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows-gmsa.html) and [Using gMSAs for Linux Containers](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/linux-gmsa.html) in the *Amazon Elastic Container Service Developer Guide*.
|
|
220
|
-
This parameter maps to ``SecurityOpt`` in the
|
|
222
|
+
This parameter maps to ``SecurityOpt`` in the docker conainer create command and the ``--security-opt`` option to docker run.
|
|
221
223
|
The Amazon ECS container agent running on a container instance must register with the ``ECS_SELINUX_CAPABLE=true`` or ``ECS_APPARMOR_CAPABLE=true`` environment variables before containers placed on that instance can use these security options. For more information, see [Amazon ECS Container Agent Configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html) in the *Amazon Elastic Container Service Developer Guide*.
|
|
222
|
-
|
|
223
|
-
Valid values: "no-new-privileges" | "apparmor:PROFILE" | "label:value" | "credentialspec:CredentialSpecFilePath"
|
|
224
|
+
Valid values: "no-new-privileges" | "apparmor:PROFILE" | "label:value" | "credentialspec:CredentialSpecFilePath"
|
|
224
225
|
*/
|
|
225
226
|
DockerSecurityOptions?: string[];
|
|
226
227
|
/**
|
|
227
228
|
* Early versions of the Amazon ECS container agent don't properly handle ``entryPoint`` parameters. If you have problems using ``entryPoint``, update your container agent or enter your commands and arguments as ``command`` array items instead.
|
|
228
|
-
The entry point that's passed to the container. This parameter maps to ``Entrypoint`` in
|
|
229
|
+
The entry point that's passed to the container. This parameter maps to ``Entrypoint`` in tthe docker conainer create command and the ``--entrypoint`` option to docker run.
|
|
229
230
|
*/
|
|
230
231
|
EntryPoint?: string[];
|
|
231
232
|
/**
|
|
232
|
-
* The environment variables to pass to a container. This parameter maps to ``Env`` in the
|
|
233
|
+
* The environment variables to pass to a container. This parameter maps to ``Env`` in the docker conainer create command and the ``--env`` option to docker run.
|
|
233
234
|
We don't recommend that you use plaintext environment variables for sensitive information, such as credential data.
|
|
234
235
|
*/
|
|
235
236
|
Environment?: KeyValuePair[];
|
|
236
237
|
/**
|
|
237
|
-
* A list of files containing the environment variables to pass to a container. This parameter maps to the ``--env-file`` option to
|
|
238
|
-
You can specify up to ten environment files. The file must have a ``.env`` file extension. Each line in an environment file contains an environment variable in ``VARIABLE=VALUE`` format. Lines beginning with ``#`` are treated as comments and are ignored.
|
|
238
|
+
* A list of files containing the environment variables to pass to a container. This parameter maps to the ``--env-file`` option to docker run.
|
|
239
|
+
You can specify up to ten environment files. The file must have a ``.env`` file extension. Each line in an environment file contains an environment variable in ``VARIABLE=VALUE`` format. Lines beginning with ``#`` are treated as comments and are ignored.
|
|
239
240
|
If there are environment variables specified using the ``environment`` parameter in a container definition, they take precedence over the variables contained within an environment file. If multiple environment files are specified that contain the same variable, they're processed from the top down. We recommend that you use unique variable names. For more information, see [Specifying Environment Variables](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/taskdef-envfiles.html) in the *Amazon Elastic Container Service Developer Guide*.
|
|
240
241
|
*/
|
|
241
242
|
EnvironmentFiles?: EnvironmentFile[];
|
|
@@ -245,7 +246,7 @@ export type ContainerDefinition = {
|
|
|
245
246
|
*/
|
|
246
247
|
Essential?: boolean;
|
|
247
248
|
/**
|
|
248
|
-
* A list of hostnames and IP address mappings to append to the ``/etc/hosts`` file on the container. This parameter maps to ``ExtraHosts`` in the
|
|
249
|
+
* A list of hostnames and IP address mappings to append to the ``/etc/hosts`` file on the container. This parameter maps to ``ExtraHosts`` in the docker conainer create command and the ``--add-host`` option to docker run.
|
|
249
250
|
This parameter isn't supported for Windows containers or tasks that use the ``awsvpc`` network mode.
|
|
250
251
|
*/
|
|
251
252
|
ExtraHosts?: HostEntry[];
|
|
@@ -254,16 +255,16 @@ export type ContainerDefinition = {
|
|
|
254
255
|
*/
|
|
255
256
|
FirelensConfiguration?: FirelensConfiguration;
|
|
256
257
|
/**
|
|
257
|
-
* The container health check command and associated configuration parameters for the container. This parameter maps to ``HealthCheck`` in the
|
|
258
|
+
* The container health check command and associated configuration parameters for the container. This parameter maps to ``HealthCheck`` in the docker conainer create command and the ``HEALTHCHECK`` parameter of docker run.
|
|
258
259
|
*/
|
|
259
260
|
HealthCheck?: HealthCheck;
|
|
260
261
|
/**
|
|
261
|
-
* The hostname to use for your container. This parameter maps to ``Hostname`` in
|
|
262
|
+
* The hostname to use for your container. This parameter maps to ``Hostname`` in thethe docker conainer create command and the ``--hostname`` option to docker run.
|
|
262
263
|
The ``hostname`` parameter is not supported if you're using the ``awsvpc`` network mode.
|
|
263
264
|
*/
|
|
264
265
|
Hostname?: string;
|
|
265
266
|
/**
|
|
266
|
-
* The image used to start a container. This string is passed directly to the Docker daemon. By default, images in the Docker Hub registry are available. Other repositories are specified with either ``repository-url/image:tag`` or ``repository-url/image@digest``. Up to 255 letters (uppercase and lowercase), numbers, hyphens, underscores, colons, periods, forward slashes, and number signs are allowed. This parameter maps to ``Image`` in the
|
|
267
|
+
* The image used to start a container. This string is passed directly to the Docker daemon. By default, images in the Docker Hub registry are available. Other repositories are specified with either ``repository-url/image:tag`` or ``repository-url/image@digest``. Up to 255 letters (uppercase and lowercase), numbers, hyphens, underscores, colons, periods, forward slashes, and number signs are allowed. This parameter maps to ``Image`` in the docker conainer create command and the ``IMAGE`` parameter of docker run.
|
|
267
268
|
+ When a new task starts, the Amazon ECS container agent pulls the latest version of the specified image and tag for the container to use. However, subsequent updates to a repository image aren't propagated to already running tasks.
|
|
268
269
|
+ Images in Amazon ECR repositories can be specified by either using the full ``registry/repository:tag`` or ``registry/repository@digest``. For example, ``012345678910.dkr.ecr.<region-name>.amazonaws.com/<repository-name>:latest`` or ``012345678910.dkr.ecr.<region-name>.amazonaws.com/<repository-name>@sha256:94afd1f2e64d908bc90dbca0035a5b567EXAMPLE``.
|
|
269
270
|
+ Images in official repositories on Docker Hub use a single name (for example, ``ubuntu`` or ``mongo``).
|
|
@@ -272,11 +273,11 @@ export type ContainerDefinition = {
|
|
|
272
273
|
*/
|
|
273
274
|
Image: string;
|
|
274
275
|
/**
|
|
275
|
-
* When this parameter is ``true``, you can deploy containerized applications that require ``stdin`` or a ``tty`` to be allocated. This parameter maps to ``OpenStdin`` in the
|
|
276
|
+
* When this parameter is ``true``, you can deploy containerized applications that require ``stdin`` or a ``tty`` to be allocated. This parameter maps to ``OpenStdin`` in the docker conainer create command and the ``--interactive`` option to docker run.
|
|
276
277
|
*/
|
|
277
278
|
Interactive?: boolean;
|
|
278
279
|
/**
|
|
279
|
-
* The ``links`` parameter allows containers to communicate with each other without the need for port mappings. This parameter is only supported if the network mode of a task definition is ``bridge``. The ``name:internalName`` construct is analogous to ``name:alias`` in Docker links. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed
|
|
280
|
+
* The ``links`` parameter allows containers to communicate with each other without the need for port mappings. This parameter is only supported if the network mode of a task definition is ``bridge``. The ``name:internalName`` construct is analogous to ``name:alias`` in Docker links. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed.. This parameter maps to ``Links`` in the docker conainer create command and the ``--link`` option to docker run.
|
|
280
281
|
This parameter is not supported for Windows containers.
|
|
281
282
|
Containers that are collocated on a single container instance may be able to communicate with each other without requiring links or host port mappings. Network isolation is achieved on the container instance using security groups and VPC settings.
|
|
282
283
|
*/
|
|
@@ -288,10 +289,10 @@ export type ContainerDefinition = {
|
|
|
288
289
|
LinuxParameters?: LinuxParameters;
|
|
289
290
|
/**
|
|
290
291
|
* The log configuration specification for the container.
|
|
291
|
-
This parameter maps to ``LogConfig`` in the
|
|
292
|
+
This parameter maps to ``LogConfig`` in the docker Create a container command and the ``--log-driver`` option to docker run. By default, containers use the same logging driver that the Docker daemon uses. However, the container may use a different logging driver than the Docker daemon by specifying a log driver with this parameter in the container definition. To use a different logging driver for a container, the log system must be configured properly on the container instance (or on a different log server for remote logging options). For more information on the options for different supported log drivers, see [Configure logging drivers](https://docs.aws.amazon.com/https://docs.docker.com/engine/admin/logging/overview/) in the Docker documentation.
|
|
292
293
|
Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon (shown in the [LogConfiguration](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_LogConfiguration.html) data type). Additional log drivers may be available in future releases of the Amazon ECS container agent.
|
|
293
294
|
This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``
|
|
294
|
-
The Amazon ECS container agent running on a container instance must register the logging drivers available on that instance with the ``ECS_AVAILABLE_LOGGING_DRIVERS`` environment variable before containers placed on that instance can use these log configuration options. For more information, see [
|
|
295
|
+
The Amazon ECS container agent running on a container instance must register the logging drivers available on that instance with the ``ECS_AVAILABLE_LOGGING_DRIVERS`` environment variable before containers placed on that instance can use these log configuration options. For more information, see [Container Agent Configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html) in the *Developer Guide*.
|
|
295
296
|
*/
|
|
296
297
|
LogConfiguration?: LogConfiguration;
|
|
297
298
|
/**
|
|
@@ -303,7 +304,7 @@ export type ContainerDefinition = {
|
|
|
303
304
|
*/
|
|
304
305
|
Memory?: number;
|
|
305
306
|
/**
|
|
306
|
-
* The soft limit (in MiB) of memory to reserve for the container. When system memory is under heavy contention, Docker attempts to keep the container memory to this soft limit. However, your container can consume more memory when it needs to, up to either the hard limit specified with the ``memory`` parameter (if applicable), or all of the available memory on the container instance, whichever comes first. This parameter maps to ``MemoryReservation`` in the
|
|
307
|
+
* The soft limit (in MiB) of memory to reserve for the container. When system memory is under heavy contention, Docker attempts to keep the container memory to this soft limit. However, your container can consume more memory when it needs to, up to either the hard limit specified with the ``memory`` parameter (if applicable), or all of the available memory on the container instance, whichever comes first. This parameter maps to ``MemoryReservation`` in the the docker conainer create command and the ``--memory-reservation`` option to docker run.
|
|
307
308
|
If a task-level memory value is not specified, you must specify a non-zero integer for one or both of ``memory`` or ``memoryReservation`` in a container definition. If you specify both, ``memory`` must be greater than ``memoryReservation``. If you specify ``memoryReservation``, then that value is subtracted from the available memory resources for the container instance where the container is placed. Otherwise, the value of ``memory`` is used.
|
|
308
309
|
For example, if your container normally uses 128 MiB of memory, but occasionally bursts to 256 MiB of memory for short periods of time, you can set a ``memoryReservation`` of 128 MiB, and a ``memory`` hard limit of 300 MiB. This configuration would allow the container to only reserve 128 MiB of memory from the remaining resources on the container instance, but also allow the container to consume more memory resources when needed.
|
|
309
310
|
The Docker 20.10.0 or later daemon reserves a minimum of 6 MiB of memory for a container. So, don't specify less than 6 MiB of memory for your containers.
|
|
@@ -312,12 +313,12 @@ export type ContainerDefinition = {
|
|
|
312
313
|
MemoryReservation?: number;
|
|
313
314
|
/**
|
|
314
315
|
* The mount points for data volumes in your container.
|
|
315
|
-
This parameter maps to ``Volumes`` in the
|
|
316
|
+
This parameter maps to ``Volumes`` in the the docker conainer create command and the ``--volume`` option to docker run.
|
|
316
317
|
Windows containers can mount whole directories on the same drive as ``$env:ProgramData``. Windows containers can't mount directories on a different drive, and mount point can't be across drives.
|
|
317
318
|
*/
|
|
318
319
|
MountPoints?: MountPoint[];
|
|
319
320
|
/**
|
|
320
|
-
* The name of a container. If you're linking multiple containers together in a task definition, the ``name`` of one container can be entered in the ``links`` of another container to connect the containers. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. This parameter maps to ``name`` in
|
|
321
|
+
* The name of a container. If you're linking multiple containers together in a task definition, the ``name`` of one container can be entered in the ``links`` of another container to connect the containers. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. This parameter maps to ``name`` in tthe docker conainer create command and the ``--name`` option to docker run.
|
|
321
322
|
*/
|
|
322
323
|
Name: string;
|
|
323
324
|
/**
|
|
@@ -329,16 +330,16 @@ export type ContainerDefinition = {
|
|
|
329
330
|
*/
|
|
330
331
|
PortMappings?: PortMapping[];
|
|
331
332
|
/**
|
|
332
|
-
* When this parameter is true, the container is given elevated privileges on the host container instance (similar to the ``root`` user). This parameter maps to ``Privileged`` in the
|
|
333
|
+
* When this parameter is true, the container is given elevated privileges on the host container instance (similar to the ``root`` user). This parameter maps to ``Privileged`` in the the docker conainer create command and the ``--privileged`` option to docker run
|
|
333
334
|
This parameter is not supported for Windows containers or tasks run on FARGATElong.
|
|
334
335
|
*/
|
|
335
336
|
Privileged?: boolean;
|
|
336
337
|
/**
|
|
337
|
-
* When this parameter is ``true``, a TTY is allocated. This parameter maps to ``Tty`` in
|
|
338
|
+
* When this parameter is ``true``, a TTY is allocated. This parameter maps to ``Tty`` in tthe docker conainer create command and the ``--tty`` option to docker run.
|
|
338
339
|
*/
|
|
339
340
|
PseudoTerminal?: boolean;
|
|
340
341
|
/**
|
|
341
|
-
* When this parameter is true, the container is given read-only access to its root file system. This parameter maps to ``ReadonlyRootfs`` in the
|
|
342
|
+
* When this parameter is true, the container is given read-only access to its root file system. This parameter maps to ``ReadonlyRootfs`` in the docker conainer create command and the ``--read-only`` option to docker run.
|
|
342
343
|
This parameter is not supported for Windows containers.
|
|
343
344
|
*/
|
|
344
345
|
ReadonlyRootFilesystem?: boolean;
|
|
@@ -350,6 +351,7 @@ export type ContainerDefinition = {
|
|
|
350
351
|
* The type and amount of a resource to assign to a container. The only supported resource is a GPU.
|
|
351
352
|
*/
|
|
352
353
|
ResourceRequirements?: ResourceRequirement[];
|
|
354
|
+
RestartPolicy?: RestartPolicy;
|
|
353
355
|
/**
|
|
354
356
|
* The secrets to pass to the container. For more information, see [Specifying Sensitive Data](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html) in the *Amazon Elastic Container Service Developer Guide*.
|
|
355
357
|
*/
|
|
@@ -362,7 +364,7 @@ export type ContainerDefinition = {
|
|
|
362
364
|
+ Windows platform version ``1.0.0`` or later.
|
|
363
365
|
|
|
364
366
|
For tasks using the EC2 launch type, your container instances require at least version ``1.26.0`` of the container agent to use a container start timeout value. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see [Updating the Amazon ECS Container Agent](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html) in the *Amazon Elastic Container Service Developer Guide*. If you're using an Amazon ECS-optimized Linux AMI, your instance needs at least version ``1.26.0-1`` of the ``ecs-init`` package. If your container instances are launched from version ``20190301`` or later, then they contain the required versions of the container agent and ``ecs-init``. For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) in the *Amazon Elastic Container Service Developer Guide*.
|
|
365
|
-
The valid values are 2-120 seconds.
|
|
367
|
+
The valid values for Fargate are 2-120 seconds.
|
|
366
368
|
*/
|
|
367
369
|
StartTimeout?: number;
|
|
368
370
|
/**
|
|
@@ -377,7 +379,7 @@ export type ContainerDefinition = {
|
|
|
377
379
|
*/
|
|
378
380
|
StopTimeout?: number;
|
|
379
381
|
/**
|
|
380
|
-
* A list of namespaced kernel parameters to set in the container. This parameter maps to ``Sysctls`` in
|
|
382
|
+
* A list of namespaced kernel parameters to set in the container. This parameter maps to ``Sysctls`` in tthe docker conainer create command and the ``--sysctl`` option to docker run. For example, you can configure ``net.ipv4.tcp_keepalive_time`` setting to maintain longer lived connections.
|
|
381
383
|
*/
|
|
382
384
|
SystemControls?: SystemControl[];
|
|
383
385
|
/**
|
|
@@ -386,7 +388,7 @@ export type ContainerDefinition = {
|
|
|
386
388
|
*/
|
|
387
389
|
Ulimits?: Ulimit[];
|
|
388
390
|
/**
|
|
389
|
-
* The user to use inside the container. This parameter maps to ``User`` in the
|
|
391
|
+
* The user to use inside the container. This parameter maps to ``User`` in the docker conainer create command and the ``--user`` option to docker run.
|
|
390
392
|
When running tasks using the ``host`` network mode, don't run containers using the root user (UID 0). We recommend using a non-root user for better security.
|
|
391
393
|
You can specify the ``user`` using the following formats. If specifying a UID or GID, you must specify it as a positive integer.
|
|
392
394
|
+ ``user``
|
|
@@ -400,11 +402,11 @@ export type ContainerDefinition = {
|
|
|
400
402
|
*/
|
|
401
403
|
User?: string;
|
|
402
404
|
/**
|
|
403
|
-
* Data volumes to mount from another container. This parameter maps to ``VolumesFrom`` in
|
|
405
|
+
* Data volumes to mount from another container. This parameter maps to ``VolumesFrom`` in tthe docker conainer create command and the ``--volumes-from`` option to docker run.
|
|
404
406
|
*/
|
|
405
407
|
VolumesFrom?: VolumeFrom[];
|
|
406
408
|
/**
|
|
407
|
-
* The working directory to run commands inside the container in. This parameter maps to ``WorkingDir`` in the
|
|
409
|
+
* The working directory to run commands inside the container in. This parameter maps to ``WorkingDir`` in the docker conainer create command and the ``--workdir`` option to docker run.
|
|
408
410
|
*/
|
|
409
411
|
WorkingDirectory?: string;
|
|
410
412
|
};
|
|
@@ -460,15 +462,15 @@ export type DockerVolumeConfiguration = {
|
|
|
460
462
|
*/
|
|
461
463
|
Autoprovision?: boolean;
|
|
462
464
|
/**
|
|
463
|
-
* The Docker volume driver to use. The driver value must match the driver name provided by Docker because it is used for task placement. If the driver was installed using the Docker plugin CLI, use ``docker plugin ls`` to retrieve the driver name from your container instance. If the driver was installed using another method, use Docker plugin discovery to retrieve the driver name.
|
|
465
|
+
* The Docker volume driver to use. The driver value must match the driver name provided by Docker because it is used for task placement. If the driver was installed using the Docker plugin CLI, use ``docker plugin ls`` to retrieve the driver name from your container instance. If the driver was installed using another method, use Docker plugin discovery to retrieve the driver name. This parameter maps to ``Driver`` in the docker conainer create command and the ``xxdriver`` option to docker volume create.
|
|
464
466
|
*/
|
|
465
467
|
Driver?: string;
|
|
466
468
|
/**
|
|
467
|
-
* A map of Docker driver-specific options passed through. This parameter maps to ``DriverOpts`` in the
|
|
469
|
+
* A map of Docker driver-specific options passed through. This parameter maps to ``DriverOpts`` in the docker create-volume command and the ``xxopt`` option to docker volume create.
|
|
468
470
|
*/
|
|
469
471
|
DriverOpts?: Record<string, string>;
|
|
470
472
|
/**
|
|
471
|
-
* Custom metadata to add to your Docker volume. This parameter maps to ``Labels`` in the
|
|
473
|
+
* Custom metadata to add to your Docker volume. This parameter maps to ``Labels`` in the docker conainer create command and the ``xxlabel`` option to docker volume create.
|
|
472
474
|
*/
|
|
473
475
|
Labels?: Record<string, string>;
|
|
474
476
|
/**
|
|
@@ -592,7 +594,7 @@ export type FSxWindowsFileServerVolumeConfiguration = {
|
|
|
592
594
|
};
|
|
593
595
|
/**
|
|
594
596
|
* Type definition for `AWS::ECS::TaskDefinition.HealthCheck`.
|
|
595
|
-
* The ``HealthCheck`` property specifies an object representing a container health check. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image (such as those specified in a parent image or from the image's Dockerfile). This configuration maps to the ``HEALTHCHECK`` parameter of
|
|
597
|
+
* The ``HealthCheck`` property specifies an object representing a container health check. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image (such as those specified in a parent image or from the image's Dockerfile). This configuration maps to the ``HEALTHCHECK`` parameter of docker run.
|
|
596
598
|
The Amazon ECS container agent only monitors and reports on the health checks specified in the task definition. Amazon ECS does not monitor Docker health checks that are embedded in a container image and not specified in the container definition. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image.
|
|
597
599
|
If a task is run manually, and not as part of a service, the task will continue its lifecycle regardless of its health status. For tasks that are part of a service, if the task reports as unhealthy then the task will be stopped and the service scheduler will replace it.
|
|
598
600
|
The following are notes about container health check support:
|
|
@@ -608,7 +610,7 @@ export type HealthCheck = {
|
|
|
608
610
|
``[ "CMD-SHELL", "curl -f http://localhost/ || exit 1" ]``
|
|
609
611
|
You don't include the double quotes and brackets when you use the AWS Management Console.
|
|
610
612
|
``CMD-SHELL, curl -f http://localhost/ || exit 1``
|
|
611
|
-
An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see ``HealthCheck`` in
|
|
613
|
+
An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see ``HealthCheck`` in tthe docker conainer create command
|
|
612
614
|
*/
|
|
613
615
|
Command?: string[];
|
|
614
616
|
/**
|
|
@@ -673,18 +675,18 @@ export type InferenceAccelerator = {
|
|
|
673
675
|
};
|
|
674
676
|
/**
|
|
675
677
|
* Type definition for `AWS::ECS::TaskDefinition.KernelCapabilities`.
|
|
676
|
-
* The Linux capabilities to add or remove from the default Docker configuration for a container defined in the task definition. For more
|
|
678
|
+
* The Linux capabilities to add or remove from the default Docker configuration for a container defined in the task definition. For more detailed information about these Linux capabilities, see the [capabilities(7)](https://docs.aws.amazon.com/http://man7.org/linux/man-pages/man7/capabilities.7.html) Linux manual page.
|
|
677
679
|
* @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-kernelcapabilities.html}
|
|
678
680
|
*/
|
|
679
681
|
export type KernelCapabilities = {
|
|
680
682
|
/**
|
|
681
|
-
* The Linux capabilities for the container that have been added to the default configuration provided by Docker. This parameter maps to ``CapAdd`` in the
|
|
683
|
+
* The Linux capabilities for the container that have been added to the default configuration provided by Docker. This parameter maps to ``CapAdd`` in the docker conainer create command and the ``--cap-add`` option to docker run.
|
|
682
684
|
Tasks launched on FARGATElong only support adding the ``SYS_PTRACE`` kernel capability.
|
|
683
685
|
Valid values: ``"ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" | "FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" | "LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" | "NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" | "SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" | "SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT" | "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" | "SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"``
|
|
684
686
|
*/
|
|
685
687
|
Add?: string[];
|
|
686
688
|
/**
|
|
687
|
-
* The Linux capabilities for the container that have been removed from the default configuration provided by Docker. This parameter maps to ``CapDrop`` in the
|
|
689
|
+
* The Linux capabilities for the container that have been removed from the default configuration provided by Docker. This parameter maps to ``CapDrop`` in the docker conainer create command and the ``--cap-drop`` option to docker run.
|
|
688
690
|
Valid values: ``"ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" | "FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" | "LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" | "NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" | "SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" | "SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT" | "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" | "SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"``
|
|
689
691
|
*/
|
|
690
692
|
Drop?: string[];
|
|
@@ -716,34 +718,34 @@ export type LinuxParameters = {
|
|
|
716
718
|
*/
|
|
717
719
|
Capabilities?: KernelCapabilities;
|
|
718
720
|
/**
|
|
719
|
-
* Any host devices to expose to the container. This parameter maps to ``Devices`` in
|
|
721
|
+
* Any host devices to expose to the container. This parameter maps to ``Devices`` in tthe docker conainer create command and the ``--device`` option to docker run.
|
|
720
722
|
If you're using tasks that use the Fargate launch type, the ``devices`` parameter isn't supported.
|
|
721
723
|
*/
|
|
722
724
|
Devices?: Device[];
|
|
723
725
|
/**
|
|
724
|
-
* Run an ``init`` process inside the container that forwards signals and reaps processes. This parameter maps to the ``--init`` option to
|
|
726
|
+
* Run an ``init`` process inside the container that forwards signals and reaps processes. This parameter maps to the ``--init`` option to docker run. This parameter requires version 1.25 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``
|
|
725
727
|
*/
|
|
726
728
|
InitProcessEnabled?: boolean;
|
|
727
729
|
/**
|
|
728
|
-
* The total amount of swap memory (in MiB) a container can use. This parameter will be translated to the ``--memory-swap`` option to
|
|
730
|
+
* The total amount of swap memory (in MiB) a container can use. This parameter will be translated to the ``--memory-swap`` option to docker run where the value would be the sum of the container memory plus the ``maxSwap`` value.
|
|
729
731
|
If a ``maxSwap`` value of ``0`` is specified, the container will not use swap. Accepted values are ``0`` or any positive integer. If the ``maxSwap`` parameter is omitted, the container will use the swap configuration for the container instance it is running on. A ``maxSwap`` value must be set for the ``swappiness`` parameter to be used.
|
|
730
732
|
If you're using tasks that use the Fargate launch type, the ``maxSwap`` parameter isn't supported.
|
|
731
733
|
If you're using tasks on Amazon Linux 2023 the ``swappiness`` parameter isn't supported.
|
|
732
734
|
*/
|
|
733
735
|
MaxSwap?: number;
|
|
734
736
|
/**
|
|
735
|
-
* The value for the size (in MiB) of the ``/dev/shm`` volume. This parameter maps to the ``--shm-size`` option to
|
|
737
|
+
* The value for the size (in MiB) of the ``/dev/shm`` volume. This parameter maps to the ``--shm-size`` option to docker run.
|
|
736
738
|
If you are using tasks that use the Fargate launch type, the ``sharedMemorySize`` parameter is not supported.
|
|
737
739
|
*/
|
|
738
740
|
SharedMemorySize?: number;
|
|
739
741
|
/**
|
|
740
|
-
* This allows you to tune a container's memory swappiness behavior. A ``swappiness`` value of ``0`` will cause swapping to not happen unless absolutely necessary. A ``swappiness`` value of ``100`` will cause pages to be swapped very aggressively. Accepted values are whole numbers between ``0`` and ``100``. If the ``swappiness`` parameter is not specified, a default value of ``60`` is used. If a value is not specified for ``maxSwap`` then this parameter is ignored. This parameter maps to the ``--memory-swappiness`` option to
|
|
742
|
+
* This allows you to tune a container's memory swappiness behavior. A ``swappiness`` value of ``0`` will cause swapping to not happen unless absolutely necessary. A ``swappiness`` value of ``100`` will cause pages to be swapped very aggressively. Accepted values are whole numbers between ``0`` and ``100``. If the ``swappiness`` parameter is not specified, a default value of ``60`` is used. If a value is not specified for ``maxSwap`` then this parameter is ignored. This parameter maps to the ``--memory-swappiness`` option to docker run.
|
|
741
743
|
If you're using tasks that use the Fargate launch type, the ``swappiness`` parameter isn't supported.
|
|
742
744
|
If you're using tasks on Amazon Linux 2023 the ``swappiness`` parameter isn't supported.
|
|
743
745
|
*/
|
|
744
746
|
Swappiness?: number;
|
|
745
747
|
/**
|
|
746
|
-
* The container path, mount options, and size (in MiB) of the tmpfs mount. This parameter maps to the ``--tmpfs`` option to
|
|
748
|
+
* The container path, mount options, and size (in MiB) of the tmpfs mount. This parameter maps to the ``--tmpfs`` option to docker run.
|
|
747
749
|
If you're using tasks that use the Fargate launch type, the ``tmpfs`` parameter isn't supported.
|
|
748
750
|
*/
|
|
749
751
|
Tmpfs?: Tmpfs[];
|
|
@@ -757,9 +759,9 @@ export type LogConfiguration = {
|
|
|
757
759
|
/**
|
|
758
760
|
* The log driver to use for the container.
|
|
759
761
|
For tasks on FARGATElong, the supported log drivers are ``awslogs``, ``splunk``, and ``awsfirelens``.
|
|
760
|
-
For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs``, ``fluentd``, ``gelf``, ``json-file``, ``journald``, ``
|
|
761
|
-
For more information about using the ``awslogs`` log driver, see [
|
|
762
|
-
For more information about using the ``awsfirelens`` log driver, see [
|
|
762
|
+
For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs``, ``fluentd``, ``gelf``, ``json-file``, ``journald``, ``syslog``, ``splunk``, and ``awsfirelens``.
|
|
763
|
+
For more information about using the ``awslogs`` log driver, see [Send Amazon ECS logs to CloudWatch](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html) in the *Amazon Elastic Container Service Developer Guide*.
|
|
764
|
+
For more information about using the ``awsfirelens`` log driver, see [Send Amazon ECS logs to an service or Partner](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html).
|
|
763
765
|
If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's [available on GitHub](https://docs.aws.amazon.com/https://github.com/aws/amazon-ecs-agent) and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software.
|
|
764
766
|
*/
|
|
765
767
|
LogDriver: string;
|
|
@@ -913,6 +915,15 @@ export type ResourceRequirement = {
|
|
|
913
915
|
*/
|
|
914
916
|
Value: string;
|
|
915
917
|
};
|
|
918
|
+
/**
|
|
919
|
+
* Type definition for `AWS::ECS::TaskDefinition.RestartPolicy`.
|
|
920
|
+
* @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-restartpolicy.html}
|
|
921
|
+
*/
|
|
922
|
+
export type RestartPolicy = {
|
|
923
|
+
Enabled?: boolean;
|
|
924
|
+
IgnoredExitCodes?: number[];
|
|
925
|
+
RestartAttemptPeriod?: number;
|
|
926
|
+
};
|
|
916
927
|
/**
|
|
917
928
|
* Type definition for `AWS::ECS::TaskDefinition.RuntimePlatform`.
|
|
918
929
|
* Information about the platform for the Amazon ECS service or task.
|
|
@@ -953,7 +964,7 @@ export type Secret = {
|
|
|
953
964
|
};
|
|
954
965
|
/**
|
|
955
966
|
* Type definition for `AWS::ECS::TaskDefinition.SystemControl`.
|
|
956
|
-
* A list of namespaced kernel parameters to set in the container. This parameter maps to ``Sysctls`` in
|
|
967
|
+
* A list of namespaced kernel parameters to set in the container. This parameter maps to ``Sysctls`` in tthe docker conainer create command and the ``--sysctl`` option to docker run. For example, you can configure ``net.ipv4.tcp_keepalive_time`` setting to maintain longer lived connections.
|
|
957
968
|
We don't recommend that you specify network-related ``systemControls`` parameters for multiple containers in a single task that also uses either the ``awsvpc`` or ``host`` network mode. Doing this has the following disadvantages:
|
|
958
969
|
+ For tasks that use the ``awsvpc`` network mode including Fargate, if you set ``systemControls`` for any container, it applies to all containers in the task. If you set different ``systemControls`` for multiple containers in a single task, the container that's started last determines which ``systemControls`` take effect.
|
|
959
970
|
+ For tasks that use the ``host`` network mode, the network namespace ``systemControls`` aren't supported.
|
|
@@ -1116,7 +1127,7 @@ export type VolumeFrom = {
|
|
|
1116
1127
|
* Resource type definition for `AWS::ECS::TaskDefinition`.
|
|
1117
1128
|
* Registers a new task definition from the supplied ``family`` and ``containerDefinitions``. Optionally, you can add data volumes to your containers with the ``volumes`` parameter. For more information about task definition parameters and defaults, see [Amazon ECS Task Definitions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_defintions.html) in the *Amazon Elastic Container Service Developer Guide*.
|
|
1118
1129
|
You can specify a role for your task with the ``taskRoleArn`` parameter. When you specify a role for a task, its containers can then use the latest versions of the CLI or SDKs to make API requests to the AWS services that are specified in the policy that's associated with the role. For more information, see [IAM Roles for Tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) in the *Amazon Elastic Container Service Developer Guide*.
|
|
1119
|
-
You can specify a Docker networking mode for the containers in your task definition with the ``networkMode`` parameter.
|
|
1130
|
+
You can specify a Docker networking mode for the containers in your task definition with the ``networkMode`` parameter. If you specify the ``awsvpc`` network mode, the task is allocated an elastic network interface, and you must specify a [NetworkConfiguration](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_NetworkConfiguration.html) when you create a service or run a task with the task definition. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide*.
|
|
1120
1131
|
In the following example or examples, the Authorization header contents (``AUTHPARAMS``) must be replaced with an AWS Signature Version 4 signature. For more information, see [Signature Version 4 Signing Process](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html) in the *General Reference*.
|
|
1121
1132
|
You only need to learn how to sign HTTP requests if you intend to create them manually. When you use the [](https://docs.aws.amazon.com/cli/) or one of the [SDKs](https://docs.aws.amazon.com/tools/) to make requests to AWS, these tools automatically sign the requests for you, with the access key that you specify when you configure the tools. When you use these tools, you don't have to sign requests yourself.
|
|
1122
1133
|
* @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html}
|
|
@@ -3,7 +3,7 @@ import { Resource as $Resource } from "@awboost/cfn-template-builder/template/re
|
|
|
3
3
|
* Resource type definition for `AWS::ECS::TaskDefinition`.
|
|
4
4
|
* Registers a new task definition from the supplied ``family`` and ``containerDefinitions``. Optionally, you can add data volumes to your containers with the ``volumes`` parameter. For more information about task definition parameters and defaults, see [Amazon ECS Task Definitions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_defintions.html) in the *Amazon Elastic Container Service Developer Guide*.
|
|
5
5
|
You can specify a role for your task with the ``taskRoleArn`` parameter. When you specify a role for a task, its containers can then use the latest versions of the CLI or SDKs to make API requests to the AWS services that are specified in the policy that's associated with the role. For more information, see [IAM Roles for Tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) in the *Amazon Elastic Container Service Developer Guide*.
|
|
6
|
-
You can specify a Docker networking mode for the containers in your task definition with the ``networkMode`` parameter.
|
|
6
|
+
You can specify a Docker networking mode for the containers in your task definition with the ``networkMode`` parameter. If you specify the ``awsvpc`` network mode, the task is allocated an elastic network interface, and you must specify a [NetworkConfiguration](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_NetworkConfiguration.html) when you create a service or run a task with the task definition. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide*.
|
|
7
7
|
In the following example or examples, the Authorization header contents (``AUTHPARAMS``) must be replaced with an AWS Signature Version 4 signature. For more information, see [Signature Version 4 Signing Process](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html) in the *General Reference*.
|
|
8
8
|
You only need to learn how to sign HTTP requests if you intend to create them manually. When you use the [](https://docs.aws.amazon.com/cli/) or one of the [SDKs](https://docs.aws.amazon.com/tools/) to make requests to AWS, these tools automatically sign the requests for you, with the access key that you specify when you configure the tools. When you use these tools, you don't have to sign requests yourself.
|
|
9
9
|
* @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html}
|
|
@@ -13,6 +13,7 @@ export type ElasticLoadBalancingV2LoadBalancerProperties = {
|
|
|
13
13
|
/**
|
|
14
14
|
* Note: Internal load balancers must use the ``ipv4`` IP address type.
|
|
15
15
|
[Application Load Balancers] The IP address type. The possible values are ``ipv4`` (for only IPv4 addresses), ``dualstack`` (for IPv4 and IPv6 addresses), and ``dualstack-without-public-ipv4`` (for IPv6 only public addresses, with private IPv4 and IPv6 addresses).
|
|
16
|
+
Note: Application Load Balancer authentication only supports IPv4 addresses when connecting to an Identity Provider (IdP) or Amazon Cognito endpoint. Without a public IPv4 address the load balancer cannot complete the authentication process, resulting in HTTP 500 errors.
|
|
16
17
|
[Network Load Balancers] The IP address type. The possible values are ``ipv4`` (for only IPv4 addresses) and ``dualstack`` (for IPv4 and IPv6 addresses). You can’t specify ``dualstack`` for a load balancer with a UDP or TCP_UDP listener.
|
|
17
18
|
[Gateway Load Balancers] The IP address type. The possible values are ``ipv4`` (for only IPv4 addresses) and ``dualstack`` (for IPv4 and IPv6 addresses).
|
|
18
19
|
*/
|
|
@@ -12,6 +12,7 @@ export type EntityResolutionMatchingWorkflowProperties = {
|
|
|
12
12
|
* @maxLength `255`
|
|
13
13
|
*/
|
|
14
14
|
Description?: string;
|
|
15
|
+
IncrementalRunConfig?: IncrementalRunConfig;
|
|
15
16
|
/**
|
|
16
17
|
* @minLength `1`
|
|
17
18
|
* @maxLength `20`
|
|
@@ -59,6 +60,13 @@ export type EntityResolutionMatchingWorkflowAttributes = {
|
|
|
59
60
|
*/
|
|
60
61
|
WorkflowArn: string;
|
|
61
62
|
};
|
|
63
|
+
/**
|
|
64
|
+
* Type definition for `AWS::EntityResolution::MatchingWorkflow.IncrementalRunConfig`.
|
|
65
|
+
* @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-entityresolution-matchingworkflow-incrementalrunconfig.html}
|
|
66
|
+
*/
|
|
67
|
+
export type IncrementalRunConfig = {
|
|
68
|
+
IncrementalRunType: "IMMEDIATE";
|
|
69
|
+
};
|
|
62
70
|
/**
|
|
63
71
|
* Type definition for `AWS::EntityResolution::MatchingWorkflow.InputSource`.
|
|
64
72
|
* @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-entityresolution-matchingworkflow-inputsource.html}
|