aws-cdk-lib 2.75.1__py3-none-any.whl → 2.76.0__py3-none-any.whl

aws_cdk/aws_ecs/__init__.py

@@ -738,22 +738,22 @@ The feature flag changes behavior for the entire CDK project. Therefore it is no
 declare const cluster: ecs.Cluster;
 
 // Import service from EC2 service attributes
-const service = ecs.Ec2Service.fromEc2ServiceAttributes(stack, 'EcsService', {
+const service = ecs.Ec2Service.fromEc2ServiceAttributes(this, 'EcsService', {
   serviceArn: 'arn:aws:ecs:us-west-2:123456789012:service/my-http-service',
   cluster,
 });
 
 // Import service from EC2 service ARN
-const service = ecs.Ec2Service.fromEc2ServiceArn(stack, 'EcsService', 'arn:aws:ecs:us-west-2:123456789012:service/my-http-service');
+const service = ecs.Ec2Service.fromEc2ServiceArn(this, 'EcsService', 'arn:aws:ecs:us-west-2:123456789012:service/my-http-service');
 
 // Import service from Fargate service attributes
-const service = ecs.FargateService.fromFargateServiceAttributes(stack, 'EcsService', {
+const service = ecs.FargateService.fromFargateServiceAttributes(this, 'EcsService', {
   serviceArn: 'arn:aws:ecs:us-west-2:123456789012:service/my-http-service',
   cluster,
 });
 
 // Import service from Fargate service ARN
-const service = ecs.FargateService.fromFargateServiceArn(stack, 'EcsService', 'arn:aws:ecs:us-west-2:123456789012:service/my-http-service');
+const service = ecs.FargateService.fromFargateServiceArn(this, 'EcsService', 'arn:aws:ecs:us-west-2:123456789012:service/my-http-service');
 ```
 
 ## Task Auto-Scaling
@@ -1168,11 +1168,10 @@ For more information visit https://docs.aws.amazon.com/AmazonECS/latest/develope
 When the service does not have a capacity provider strategy, the cluster's default capacity provider strategy will be used. Default Capacity Provider Strategy can be added by using the method `addDefaultCapacityProviderStrategy`. A capacity provider strategy cannot contain a mix of EC2 Autoscaling Group capacity providers and Fargate providers.
 
 ```python
-# Example automatically generated from non-compiling source. May contain errors.
-# capacity_provider: ecs.CapacityProvider
+# capacity_provider: ecs.AsgCapacityProvider
 
 
-cluster = ecs.Cluster(stack, "EcsCluster",
+cluster = ecs.Cluster(self, "EcsCluster",
     enable_fargate_capacity_providers=True
 )
 cluster.add_asg_capacity_provider(capacity_provider)
@@ -1182,11 +1181,10 @@ cluster.add_default_capacity_provider_strategy([capacity_provider="FARGATE", bas
 ```
 
 ```python
-# Example automatically generated from non-compiling source. May contain errors.
-# capacity_provider: ecs.CapacityProvider
+# capacity_provider: ecs.AsgCapacityProvider
 
 
-cluster = ecs.Cluster(stack, "EcsCluster",
+cluster = ecs.Cluster(self, "EcsCluster",
     enable_fargate_capacity_providers=True
 )
 cluster.add_asg_capacity_provider(capacity_provider)
@@ -1303,19 +1301,18 @@ To enable Service Connect, you must have created a CloudMap namespace. The CDK c
 or you can specify a custom namespace. You must also have created a named port mapping on at least one container in your Task Definition.
 
 ```python
-# Example automatically generated from non-compiling source. May contain errors.
 # cluster: ecs.Cluster
 # task_definition: ecs.TaskDefinition
-# container: ecs.ContainerDefinition
+# container_options: ecs.ContainerDefinitionOptions
+
 
+container = task_definition.add_container("MyContainer", container_options)
 
 container.add_port_mappings(
     name="api",
     container_port=8080
 )
 
-task_definition.add_container(container)
-
 cluster.add_default_cloud_map_namespace(
     name="local"
 )
@@ -1340,7 +1337,10 @@ be routed to the container's port 8080.
 To opt a service into using service connect without advertising a port, simply call the 'enableServiceConnect' method on an initialized service.
 
 ```python
-# Example automatically generated from non-compiling source. May contain errors.
+# cluster: ecs.Cluster
+# task_definition: ecs.TaskDefinition
+
+
 service = ecs.FargateService(self, "Service",
     cluster=cluster,
     task_definition=task_definition
@@ -1351,12 +1351,15 @@ service.enable_service_connect()
 Service Connect also allows custom logging, Service Discovery name, and configuration of the port where service connect traffic is received.
 
 ```python
-# Example automatically generated from non-compiling source. May contain errors.
+# cluster: ecs.Cluster
+# task_definition: ecs.TaskDefinition
+
+
 custom_service = ecs.FargateService(self, "CustomizedService",
     cluster=cluster,
     task_definition=task_definition,
     service_connect_configuration=ecs.ServiceConnectProps(
-        log_driver=ecs.LogDrivers.awslogs(
+        log_driver=ecs.LogDrivers.aws_logs(
             stream_prefix="sc-traffic"
         ),
         services=[ecs.ServiceConnectService(
@@ -3251,8 +3254,12 @@ class AssetImageProps(_DockerImageAssetOptions_9580cd76):
 
         Example::
 
-            # Example automatically generated from non-compiling source. May contain errors.
-                "MY_SECRET"DockerBuildSecret.from_src("file.txt")
+            from aws_cdk import DockerBuildSecret
+            
+            
+            build_secrets = {
+                "MY_SECRET": DockerBuildSecret.from_src("file.txt")
+            }
         '''
         result = self._values.get("build_secrets")
         return typing.cast(typing.Optional[typing.Mapping[builtins.str, builtins.str]], result)
@@ -10962,7 +10969,7 @@ class CfnTaskDefinition(
             :param dns_search_domains: A list of DNS search domains that are presented to the container. This parameter maps to ``DnsSearch`` in the `Create a container <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate>`_ section of the `Docker Remote API <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/>`_ and the ``--dns-search`` option to `docker run <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration>`_ . .. epigraph:: This parameter is not supported for Windows containers.
             :param dns_servers: A list of DNS servers that are presented to the container. This parameter maps to ``Dns`` in the `Create a container <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate>`_ section of the `Docker Remote API <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/>`_ and the ``--dns`` option to `docker run <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration>`_ . .. epigraph:: This parameter is not supported for Windows containers.
             :param docker_labels: A key/value map of labels to add to the container. This parameter maps to ``Labels`` in the `Create a container <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate>`_ section of the `Docker Remote API <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/>`_ and the ``--label`` option to `docker run <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration>`_ . This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``
-            :param docker_security_options: A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems. This field isn't valid for containers in tasks using the Fargate launch type. With Windows containers, this parameter can be used to reference a credential spec file when configuring a container for Active Directory authentication. For more information, see `Using gMSAs for Windows Containers <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows-gmsa.html>`_ in the *Amazon Elastic Container Service Developer Guide* . This parameter maps to ``SecurityOpt`` in the `Create a container <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate>`_ section of the `Docker Remote API <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/>`_ and the ``--security-opt`` option to `docker run <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration>`_ . .. epigraph:: The Amazon ECS container agent running on a container instance must register with the ``ECS_SELINUX_CAPABLE=true`` or ``ECS_APPARMOR_CAPABLE=true`` environment variables before containers placed on that instance can use these security options. For more information, see `Amazon ECS Container Agent Configuration <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html>`_ in the *Amazon Elastic Container Service Developer Guide* . For more information about valid values, see `Docker Run Security Configuration <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration>`_ . Valid values: "no-new-privileges" | "apparmor:PROFILE" | "label:value" | "credentialspec:CredentialSpecFilePath"
+            :param docker_security_options: A list of strings to provide custom configuration for multiple security systems. For more information about valid values, see `Docker Run Security Configuration <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration>`_ . This field isn't valid for containers in tasks using the Fargate launch type. For Linux tasks on EC2, this parameter can be used to reference custom labels for SELinux and AppArmor multi-level security systems. For any tasks on EC2, this parameter can be used to reference a credential spec file that configures a container for Active Directory authentication. For more information, see `Using gMSAs for Windows Containers <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows-gmsa.html>`_ and `Using gMSAs for Linux Containers <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/linux-gmsa.html>`_ in the *Amazon Elastic Container Service Developer Guide* . This parameter maps to ``SecurityOpt`` in the `Create a container <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate>`_ section of the `Docker Remote API <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/>`_ and the ``--security-opt`` option to `docker run <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration>`_ . .. epigraph:: The Amazon ECS container agent running on a container instance must register with the ``ECS_SELINUX_CAPABLE=true`` or ``ECS_APPARMOR_CAPABLE=true`` environment variables before containers placed on that instance can use these security options. For more information, see `Amazon ECS Container Agent Configuration <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html>`_ in the *Amazon Elastic Container Service Developer Guide* . For more information about valid values, see `Docker Run Security Configuration <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration>`_ . Valid values: "no-new-privileges" | "apparmor:PROFILE" | "label:value" | "credentialspec:CredentialSpecFilePath"
             :param entry_point: .. epigraph:: Early versions of the Amazon ECS container agent don't properly handle ``entryPoint`` parameters. If you have problems using ``entryPoint`` , update your container agent or enter your commands and arguments as ``command`` array items instead. The entry point that's passed to the container. This parameter maps to ``Entrypoint`` in the `Create a container <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate>`_ section of the `Docker Remote API <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/>`_ and the ``--entrypoint`` option to `docker run <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration>`_ . For more information, see `https://docs.docker.com/engine/reference/builder/#entrypoint <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/builder/#entrypoint>`_ .
             :param environment: The environment variables to pass to a container. This parameter maps to ``Env`` in the `Create a container <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate>`_ section of the `Docker Remote API <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/>`_ and the ``--env`` option to `docker run <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration>`_ . .. epigraph:: We don't recommend that you use plaintext environment variables for sensitive information, such as credential data.
             :param environment_files: A list of files containing the environment variables to pass to a container. This parameter maps to the ``--env-file`` option to `docker run <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration>`_ . You can specify up to ten environment files. The file must have a ``.env`` file extension. Each line in an environment file contains an environment variable in ``VARIABLE=VALUE`` format. Lines beginning with ``#`` are treated as comments and are ignored. For more information about the environment variable file syntax, see `Declare default environment variables in file <https://docs.aws.amazon.com/https://docs.docker.com/compose/env-file/>`_ . If there are environment variables specified using the ``environment`` parameter in a container definition, they take precedence over the variables contained within an environment file. If multiple environment files are specified that contain the same variable, they're processed from the top down. We recommend that you use unique variable names. For more information, see `Specifying Environment Variables <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/taskdef-envfiles.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
@@ -11399,11 +11406,13 @@ class CfnTaskDefinition(
 
         @builtins.property
         def docker_security_options(self) -> typing.Optional[typing.List[builtins.str]]:
-            '''A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems.
+            '''A list of strings to provide custom configuration for multiple security systems.
+
+            For more information about valid values, see `Docker Run Security Configuration <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration>`_ . This field isn't valid for containers in tasks using the Fargate launch type.
 
-            This field isn't valid for containers in tasks using the Fargate launch type.
+            For Linux tasks on EC2, this parameter can be used to reference custom labels for SELinux and AppArmor multi-level security systems.
 
-            With Windows containers, this parameter can be used to reference a credential spec file when configuring a container for Active Directory authentication. For more information, see `Using gMSAs for Windows Containers <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows-gmsa.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
+            For any tasks on EC2, this parameter can be used to reference a credential spec file that configures a container for Active Directory authentication. For more information, see `Using gMSAs for Windows Containers <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows-gmsa.html>`_ and `Using gMSAs for Linux Containers <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/linux-gmsa.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
 
             This parameter maps to ``SecurityOpt`` in the `Create a container <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate>`_ section of the `Docker Remote API <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/>`_ and the ``--security-opt`` option to `docker run <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration>`_ .
             .. epigraph::
@@ -16399,19 +16408,18 @@ class CloudMapNamespaceOptions:
 
         Example::
 
-            # Example automatically generated from non-compiling source. May contain errors.
             # cluster: ecs.Cluster
             # task_definition: ecs.TaskDefinition
-            # container: ecs.ContainerDefinition
+            # container_options: ecs.ContainerDefinitionOptions
             
             
+            container = task_definition.add_container("MyContainer", container_options)
+            
             container.add_port_mappings(
                 name="api",
                 container_port=8080
             )
             
-            task_definition.add_container(container)
-            
             cluster.add_default_cloud_map_namespace(
                 name="local"
             )
@@ -17023,6 +17031,7 @@ class ClusterProps:
     jsii_struct_bases=[],
     name_mapping={
         "task_definition_arn": "taskDefinitionArn",
+        "execution_role": "executionRole",
         "network_mode": "networkMode",
         "task_role": "taskRole",
     },
@@ -17032,12 +17041,14 @@ class CommonTaskDefinitionAttributes:
         self,
         *,
         task_definition_arn: builtins.str,
+        execution_role: typing.Optional[_IRole_235f5d8e] = None,
         network_mode: typing.Optional["NetworkMode"] = None,
         task_role: typing.Optional[_IRole_235f5d8e] = None,
     ) -> None:
         '''The common task definition attributes used across all types of task definitions.
 
         :param task_definition_arn: The arn of the task definition.
+        :param execution_role: The IAM role that grants containers and Fargate agents permission to make AWS API calls on your behalf. Some tasks do not have an execution role. Default: - undefined
         :param network_mode: The networking mode to use for the containers in the task. Default: Network mode cannot be provided to the imported task.
         :param task_role: The name of the IAM role that grants containers in the task permission to call AWS APIs on your behalf. Default: Permissions cannot be granted to the imported task.
 
@@ -17056,6 +17067,7 @@ class CommonTaskDefinitionAttributes:
                 task_definition_arn="taskDefinitionArn",
             
                 # the properties below are optional
+                execution_role=role,
                 network_mode=ecs.NetworkMode.NONE,
                 task_role=role
             )
@@ -17063,11 +17075,14 @@ class CommonTaskDefinitionAttributes:
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__1a458c1ea772685ddb7eb49b075e7de9bed322fac4bbee8aeab1cf6b576bc995)
             check_type(argname="argument task_definition_arn", value=task_definition_arn, expected_type=type_hints["task_definition_arn"])
+            check_type(argname="argument execution_role", value=execution_role, expected_type=type_hints["execution_role"])
             check_type(argname="argument network_mode", value=network_mode, expected_type=type_hints["network_mode"])
             check_type(argname="argument task_role", value=task_role, expected_type=type_hints["task_role"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "task_definition_arn": task_definition_arn,
         }
+        if execution_role is not None:
+            self._values["execution_role"] = execution_role
         if network_mode is not None:
             self._values["network_mode"] = network_mode
         if task_role is not None:
@@ -17080,6 +17095,17 @@ class CommonTaskDefinitionAttributes:
         assert result is not None, "Required property 'task_definition_arn' is missing"
         return typing.cast(builtins.str, result)
 
+    @builtins.property
+    def execution_role(self) -> typing.Optional[_IRole_235f5d8e]:
+        '''The IAM role that grants containers and Fargate agents permission to make AWS API calls on your behalf.
+
+        Some tasks do not have an execution role.
+
+        :default: - undefined
+        '''
+        result = self._values.get("execution_role")
+        return typing.cast(typing.Optional[_IRole_235f5d8e], result)
+
     @builtins.property
     def network_mode(self) -> typing.Optional["NetworkMode"]:
         '''The networking mode to use for the containers in the task.
@@ -19743,20 +19769,31 @@ class DeploymentController:
 
         Example::
 
+            # my_application: codedeploy.EcsApplication
             # cluster: ecs.Cluster
+            # task_definition: ecs.FargateTaskDefinition
+            # blue_target_group: elbv2.ITargetGroup
+            # green_target_group: elbv2.ITargetGroup
+            # listener: elbv2.IApplicationListener
             
-            load_balanced_fargate_service = ecs_patterns.ApplicationLoadBalancedFargateService(self, "Service",
+            
+            service = ecs.FargateService(self, "Service",
                 cluster=cluster,
-                memory_limit_mi_b=1024,
-                desired_count=1,
-                cpu=512,
-                task_image_options=ecsPatterns.ApplicationLoadBalancedTaskImageOptions(
-                    image=ecs.ContainerImage.from_registry("amazon/amazon-ecs-sample")
-                ),
+                task_definition=task_definition,
                 deployment_controller=ecs.DeploymentController(
                     type=ecs.DeploymentControllerType.CODE_DEPLOY
                 )
             )
+            
+            codedeploy.EcsDeploymentGroup(self, "BlueGreenDG",
+                service=service,
+                blue_green_deployment_config=codedeploy.EcsBlueGreenDeploymentConfig(
+                    blue_target_group=blue_target_group,
+                    green_target_group=green_target_group,
+                    listener=listener
+                ),
+                deployment_config=codedeploy.EcsDeploymentConfig.CANARY_10PERCENT_5MINUTES
+            )
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__919598d1dc3ec32befe4a81bbf3a26a387685443884de6cb5971808667ffb28b)
@@ -19794,20 +19831,31 @@ class DeploymentControllerType(enum.Enum):
 
     Example::
 
+        # my_application: codedeploy.EcsApplication
         # cluster: ecs.Cluster
+        # task_definition: ecs.FargateTaskDefinition
+        # blue_target_group: elbv2.ITargetGroup
+        # green_target_group: elbv2.ITargetGroup
+        # listener: elbv2.IApplicationListener
         
-        load_balanced_fargate_service = ecs_patterns.ApplicationLoadBalancedFargateService(self, "Service",
+        
+        service = ecs.FargateService(self, "Service",
             cluster=cluster,
-            memory_limit_mi_b=1024,
-            desired_count=1,
-            cpu=512,
-            task_image_options=ecsPatterns.ApplicationLoadBalancedTaskImageOptions(
-                image=ecs.ContainerImage.from_registry("amazon/amazon-ecs-sample")
-            ),
+            task_definition=task_definition,
             deployment_controller=ecs.DeploymentController(
                 type=ecs.DeploymentControllerType.CODE_DEPLOY
             )
         )
+        
+        codedeploy.EcsDeploymentGroup(self, "BlueGreenDG",
+            service=service,
+            blue_green_deployment_config=codedeploy.EcsBlueGreenDeploymentConfig(
+                blue_target_group=blue_target_group,
+                green_target_group=green_target_group,
+                listener=listener
+            ),
+            deployment_config=codedeploy.EcsDeploymentConfig.CANARY_10PERCENT_5MINUTES
+        )
     '''
 
     ECS = "ECS"
@@ -20556,6 +20604,7 @@ class Ec2ServiceProps(BaseServiceOptions):
     jsii_struct_bases=[CommonTaskDefinitionAttributes],
     name_mapping={
         "task_definition_arn": "taskDefinitionArn",
+        "execution_role": "executionRole",
         "network_mode": "networkMode",
         "task_role": "taskRole",
     },
@@ -20565,12 +20614,14 @@ class Ec2TaskDefinitionAttributes(CommonTaskDefinitionAttributes):
         self,
         *,
         task_definition_arn: builtins.str,
+        execution_role: typing.Optional[_IRole_235f5d8e] = None,
         network_mode: typing.Optional["NetworkMode"] = None,
         task_role: typing.Optional[_IRole_235f5d8e] = None,
     ) -> None:
         '''Attributes used to import an existing EC2 task definition.
 
         :param task_definition_arn: The arn of the task definition.
+        :param execution_role: The IAM role that grants containers and Fargate agents permission to make AWS API calls on your behalf. Some tasks do not have an execution role. Default: - undefined
         :param network_mode: The networking mode to use for the containers in the task. Default: Network mode cannot be provided to the imported task.
         :param task_role: The name of the IAM role that grants containers in the task permission to call AWS APIs on your behalf. Default: Permissions cannot be granted to the imported task.
 
@@ -20589,6 +20640,7 @@ class Ec2TaskDefinitionAttributes(CommonTaskDefinitionAttributes):
                 task_definition_arn="taskDefinitionArn",
             
                 # the properties below are optional
+                execution_role=role,
                 network_mode=ecs.NetworkMode.NONE,
                 task_role=role
             )
@@ -20596,11 +20648,14 @@ class Ec2TaskDefinitionAttributes(CommonTaskDefinitionAttributes):
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__e90e61a002f578b0dbe160c067f2d3de15287892110df7eedcbbfa7f0c7d391d)
             check_type(argname="argument task_definition_arn", value=task_definition_arn, expected_type=type_hints["task_definition_arn"])
+            check_type(argname="argument execution_role", value=execution_role, expected_type=type_hints["execution_role"])
             check_type(argname="argument network_mode", value=network_mode, expected_type=type_hints["network_mode"])
             check_type(argname="argument task_role", value=task_role, expected_type=type_hints["task_role"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "task_definition_arn": task_definition_arn,
         }
+        if execution_role is not None:
+            self._values["execution_role"] = execution_role
         if network_mode is not None:
             self._values["network_mode"] = network_mode
         if task_role is not None:
@@ -20613,6 +20668,17 @@ class Ec2TaskDefinitionAttributes(CommonTaskDefinitionAttributes):
         assert result is not None, "Required property 'task_definition_arn' is missing"
         return typing.cast(builtins.str, result)
 
+    @builtins.property
+    def execution_role(self) -> typing.Optional[_IRole_235f5d8e]:
+        '''The IAM role that grants containers and Fargate agents permission to make AWS API calls on your behalf.
+
+        Some tasks do not have an execution role.
+
+        :default: - undefined
+        '''
+        result = self._values.get("execution_role")
+        return typing.cast(typing.Optional[_IRole_235f5d8e], result)
+
     @builtins.property
     def network_mode(self) -> typing.Optional["NetworkMode"]:
         '''The networking mode to use for the containers in the task.
@@ -22287,6 +22353,7 @@ class ExternalServiceProps(BaseServiceOptions):
     jsii_struct_bases=[CommonTaskDefinitionAttributes],
     name_mapping={
         "task_definition_arn": "taskDefinitionArn",
+        "execution_role": "executionRole",
         "network_mode": "networkMode",
         "task_role": "taskRole",
     },
@@ -22296,12 +22363,14 @@ class ExternalTaskDefinitionAttributes(CommonTaskDefinitionAttributes):
         self,
         *,
         task_definition_arn: builtins.str,
+        execution_role: typing.Optional[_IRole_235f5d8e] = None,
         network_mode: typing.Optional["NetworkMode"] = None,
         task_role: typing.Optional[_IRole_235f5d8e] = None,
     ) -> None:
         '''Attributes used to import an existing External task definition.
 
         :param task_definition_arn: The arn of the task definition.
+        :param execution_role: The IAM role that grants containers and Fargate agents permission to make AWS API calls on your behalf. Some tasks do not have an execution role. Default: - undefined
         :param network_mode: The networking mode to use for the containers in the task. Default: Network mode cannot be provided to the imported task.
         :param task_role: The name of the IAM role that grants containers in the task permission to call AWS APIs on your behalf. Default: Permissions cannot be granted to the imported task.
 
@@ -22320,6 +22389,7 @@ class ExternalTaskDefinitionAttributes(CommonTaskDefinitionAttributes):
                 task_definition_arn="taskDefinitionArn",
             
                 # the properties below are optional
+                execution_role=role,
                 network_mode=ecs.NetworkMode.NONE,
                 task_role=role
             )
@@ -22327,11 +22397,14 @@ class ExternalTaskDefinitionAttributes(CommonTaskDefinitionAttributes):
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__2d58078e68b889d5f10f95714f42385491c26bf6ec084584b1a1487cc3acf7a2)
             check_type(argname="argument task_definition_arn", value=task_definition_arn, expected_type=type_hints["task_definition_arn"])
+            check_type(argname="argument execution_role", value=execution_role, expected_type=type_hints["execution_role"])
             check_type(argname="argument network_mode", value=network_mode, expected_type=type_hints["network_mode"])
             check_type(argname="argument task_role", value=task_role, expected_type=type_hints["task_role"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "task_definition_arn": task_definition_arn,
         }
+        if execution_role is not None:
+            self._values["execution_role"] = execution_role
         if network_mode is not None:
             self._values["network_mode"] = network_mode
         if task_role is not None:
@@ -22344,6 +22417,17 @@ class ExternalTaskDefinitionAttributes(CommonTaskDefinitionAttributes):
         assert result is not None, "Required property 'task_definition_arn' is missing"
         return typing.cast(builtins.str, result)
 
+    @builtins.property
+    def execution_role(self) -> typing.Optional[_IRole_235f5d8e]:
+        '''The IAM role that grants containers and Fargate agents permission to make AWS API calls on your behalf.
+
+        Some tasks do not have an execution role.
+
+        :default: - undefined
+        '''
+        result = self._values.get("execution_role")
+        return typing.cast(typing.Optional[_IRole_235f5d8e], result)
+
     @builtins.property
     def network_mode(self) -> typing.Optional["NetworkMode"]:
         '''The networking mode to use for the containers in the task.
@@ -23076,6 +23160,7 @@ class FargateServiceProps(BaseServiceOptions):
     jsii_struct_bases=[CommonTaskDefinitionAttributes],
     name_mapping={
         "task_definition_arn": "taskDefinitionArn",
+        "execution_role": "executionRole",
         "network_mode": "networkMode",
         "task_role": "taskRole",
     },
@@ -23085,12 +23170,14 @@ class FargateTaskDefinitionAttributes(CommonTaskDefinitionAttributes):
         self,
         *,
         task_definition_arn: builtins.str,
+        execution_role: typing.Optional[_IRole_235f5d8e] = None,
         network_mode: typing.Optional["NetworkMode"] = None,
         task_role: typing.Optional[_IRole_235f5d8e] = None,
     ) -> None:
         '''Attributes used to import an existing Fargate task definition.
 
         :param task_definition_arn: The arn of the task definition.
+        :param execution_role: The IAM role that grants containers and Fargate agents permission to make AWS API calls on your behalf. Some tasks do not have an execution role. Default: - undefined
         :param network_mode: The networking mode to use for the containers in the task. Default: Network mode cannot be provided to the imported task.
         :param task_role: The name of the IAM role that grants containers in the task permission to call AWS APIs on your behalf. Default: Permissions cannot be granted to the imported task.
 
@@ -23109,6 +23196,7 @@ class FargateTaskDefinitionAttributes(CommonTaskDefinitionAttributes):
                 task_definition_arn="taskDefinitionArn",
             
                 # the properties below are optional
+                execution_role=role,
                 network_mode=ecs.NetworkMode.NONE,
                 task_role=role
             )
@@ -23116,11 +23204,14 @@ class FargateTaskDefinitionAttributes(CommonTaskDefinitionAttributes):
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__5dd329152ba42239c8e48630ce2d0477a28dd88014af62f4536ef752f002010e)
             check_type(argname="argument task_definition_arn", value=task_definition_arn, expected_type=type_hints["task_definition_arn"])
+            check_type(argname="argument execution_role", value=execution_role, expected_type=type_hints["execution_role"])
             check_type(argname="argument network_mode", value=network_mode, expected_type=type_hints["network_mode"])
             check_type(argname="argument task_role", value=task_role, expected_type=type_hints["task_role"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "task_definition_arn": task_definition_arn,
         }
+        if execution_role is not None:
+            self._values["execution_role"] = execution_role
         if network_mode is not None:
             self._values["network_mode"] = network_mode
         if task_role is not None:
@@ -23133,6 +23224,17 @@ class FargateTaskDefinitionAttributes(CommonTaskDefinitionAttributes):
         assert result is not None, "Required property 'task_definition_arn' is missing"
         return typing.cast(builtins.str, result)
 
+    @builtins.property
+    def execution_role(self) -> typing.Optional[_IRole_235f5d8e]:
+        '''The IAM role that grants containers and Fargate agents permission to make AWS API calls on your behalf.
+
+        Some tasks do not have an execution role.
+
+        :default: - undefined
+        '''
+        result = self._values.get("execution_role")
+        return typing.cast(typing.Optional[_IRole_235f5d8e], result)
+
     @builtins.property
     def network_mode(self) -> typing.Optional["NetworkMode"]:
         '''The networking mode to use for the containers in the task.
@@ -27396,17 +27498,17 @@ class LogDriver(
 
     Example::
 
+        # secret: ecs.Secret
+        
+        
         # Create a Task Definition for the container to start
         task_definition = ecs.Ec2TaskDefinition(self, "TaskDef")
         task_definition.add_container("TheContainer",
             image=ecs.ContainerImage.from_registry("example-image"),
             memory_limit_mi_b=256,
-            logging=ecs.LogDrivers.firelens(
-                options={
-                    "Name": "firehose",
-                    "region": "us-west-2",
-                    "delivery_stream": "my-stream"
-                }
+            logging=ecs.LogDrivers.splunk(
+                secret_token=secret,
+                url="my-splunk-url"
             )
         )
     '''
@@ -27599,12 +27701,18 @@ class LogDrivers(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.aws_ecs.LogDriv
 
     Example::
 
+        # secret: ecs.Secret
+        
+        
         # Create a Task Definition for the container to start
         task_definition = ecs.Ec2TaskDefinition(self, "TaskDef")
         task_definition.add_container("TheContainer",
             image=ecs.ContainerImage.from_registry("example-image"),
             memory_limit_mi_b=256,
-            logging=ecs.LogDrivers.aws_logs(stream_prefix="EventDemo")
+            logging=ecs.LogDrivers.splunk(
+                secret_token=secret,
+                url="my-splunk-url"
+            )
         )
     '''
 
@@ -28795,35 +28903,29 @@ class PropagatedTagSource(enum.Enum):
             is_default=True
         )
         
-        cluster = ecs.Cluster(self, "Ec2Cluster", vpc=vpc)
-        cluster.add_capacity("DefaultAutoScalingGroup",
-            instance_type=ec2.InstanceType("t2.micro"),
-            vpc_subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC)
-        )
+        cluster = ecs.Cluster(self, "FargateCluster", vpc=vpc)
         
         task_definition = ecs.TaskDefinition(self, "TD",
-            compatibility=ecs.Compatibility.EC2
+            memory_mi_b="512",
+            cpu="256",
+            compatibility=ecs.Compatibility.FARGATE
         )
         
-        task_definition.add_container("TheContainer",
+        container_definition = task_definition.add_container("TheContainer",
             image=ecs.ContainerImage.from_registry("foo/bar"),
             memory_limit_mi_b=256
         )
         
-        run_task = tasks.EcsRunTask(self, "Run",
+        run_task = tasks.EcsRunTask(self, "RunFargate",
             integration_pattern=sfn.IntegrationPattern.RUN_JOB,
             cluster=cluster,
             task_definition=task_definition,
-            launch_target=tasks.EcsEc2LaunchTarget(
-                placement_strategies=[
-                    ecs.PlacementStrategy.spread_across_instances(),
-                    ecs.PlacementStrategy.packed_by_cpu(),
-                    ecs.PlacementStrategy.randomly()
-                ],
-                placement_constraints=[
-                    ecs.PlacementConstraint.member_of("blieptuut")
-                ]
-            ),
+            assign_public_ip=True,
+            container_overrides=[tasks.ContainerOverride(
+                container_definition=container_definition,
+                environment=[tasks.TaskEnvironmentVariable(name="SOME_KEY", value=sfn.JsonPath.string_at("$.SomeKey"))]
+            )],
+            launch_target=tasks.EcsFargateLaunchTarget(),
             propagated_tag_source=ecs.PropagatedTagSource.TASK_DEFINITION
         )
     '''
@@ -28980,17 +29082,17 @@ class RepositoryImage(
     Example::
 
         # Example automatically generated from non-compiling source. May contain errors.
-        import aws_cdk.aws_batch as batch
+        import aws_cdk.aws_batch_alpha as batch
         from aws_cdk.aws_ecs import ContainerImage
         
         
         job_queue = batch.JobQueue(self, "MyQueue",
-            compute_environments=[{
-                "compute_environment": batch.ComputeEnvironment(self, "ComputeEnvironment",
+            compute_environments=[batch.OrderedComputeEnvironment(
+                compute_environment=batch.ComputeEnvironment(self, "ComputeEnvironment",
                     managed=False
                 ),
-                "order": 1
-            }
+                order=1
+            )
             ]
         )
         
@@ -29003,14 +29105,14 @@ class RepositoryImage(
         queue = sqs.Queue(self, "Queue")
         
         rule = events.Rule(self, "Rule",
-            schedule=events.Schedule.rate(cdk.Duration.hours(1))
+            schedule=events.Schedule.rate(Duration.hours(1))
         )
         
         rule.add_target(targets.BatchJob(job_queue.job_queue_arn, job_queue, job_definition.job_definition_arn, job_definition,
             dead_letter_queue=queue,
             event=events.RuleTargetInput.from_object({"SomeParam": "SomeValue"}),
             retry_attempts=2,
-            max_event_age=cdk.Duration.hours(2)
+            max_event_age=Duration.hours(2)
         ))
     '''
 
@@ -30252,19 +30354,18 @@ class ServiceConnectProps:
 
         Example::
 
-            # Example automatically generated from non-compiling source. May contain errors.
             # cluster: ecs.Cluster
             # task_definition: ecs.TaskDefinition
-            # container: ecs.ContainerDefinition
+            # container_options: ecs.ContainerDefinitionOptions
+            
             
+            container = task_definition.add_container("MyContainer", container_options)
             
             container.add_port_mappings(
                 name="api",
                 container_port=8080
             )
             
-            task_definition.add_container(container)
-            
             cluster.add_default_cloud_map_namespace(
                 name="local"
             )
@@ -31539,31 +31640,20 @@ class TaskDefinition(
 
     Example::
 
-        # task_definition: ecs.TaskDefinition
         # cluster: ecs.Cluster
+        # task_definition: ecs.TaskDefinition
+        # vpc: ec2.Vpc
         
+        service = ecs.FargateService(self, "Service", cluster=cluster, task_definition=task_definition)
         
-        # Add a container to the task definition
-        specific_container = task_definition.add_container("Container",
-            image=ecs.ContainerImage.from_registry("/aws/aws-example-app"),
-            memory_limit_mi_b=2048
-        )
-        
-        # Add a port mapping
-        specific_container.add_port_mappings(
-            container_port=7600,
-            protocol=ecs.Protocol.TCP
-        )
-        
-        ecs.Ec2Service(self, "Service",
-            cluster=cluster,
-            task_definition=task_definition,
-            cloud_map_options=ecs.CloudMapOptions(
-                # Create SRV records - useful for bridge networking
-                dns_record_type=cloudmap.DnsRecordType.SRV,
-                # Targets port TCP port 7600 `specificContainer`
-                container=specific_container,
-                container_port=7600
+        lb = elbv2.ApplicationLoadBalancer(self, "LB", vpc=vpc, internet_facing=True)
+        listener = lb.add_listener("Listener", port=80)
+        service.register_load_balancer_targets(
+            container_name="web",
+            container_port=80,
+            new_target_group_id="ECS",
+            listener=ecs.ListenerConfig.application_listener(listener,
+                protocol=elbv2.ApplicationProtocol.HTTPS
             )
         )
     '''
@@ -31665,6 +31755,7 @@ class TaskDefinition(
         *,
         compatibility: typing.Optional[Compatibility] = None,
         task_definition_arn: builtins.str,
+        execution_role: typing.Optional[_IRole_235f5d8e] = None,
         network_mode: typing.Optional[NetworkMode] = None,
         task_role: typing.Optional[_IRole_235f5d8e] = None,
     ) -> ITaskDefinition:
@@ -31674,6 +31765,7 @@ class TaskDefinition(
         :param id: -
         :param compatibility: What launch types this task definition should be compatible with. Default: Compatibility.EC2_AND_FARGATE
         :param task_definition_arn: The arn of the task definition.
+        :param execution_role: The IAM role that grants containers and Fargate agents permission to make AWS API calls on your behalf. Some tasks do not have an execution role. Default: - undefined
         :param network_mode: The networking mode to use for the containers in the task. Default: Network mode cannot be provided to the imported task.
         :param task_role: The name of the IAM role that grants containers in the task permission to call AWS APIs on your behalf. Default: Permissions cannot be granted to the imported task.
         '''
@@ -31684,6 +31776,7 @@ class TaskDefinition(
         attrs = TaskDefinitionAttributes(
             compatibility=compatibility,
             task_definition_arn=task_definition_arn,
+            execution_role=execution_role,
             network_mode=network_mode,
             task_role=task_role,
         )
@@ -32182,6 +32275,7 @@ class TaskDefinition(
     jsii_struct_bases=[CommonTaskDefinitionAttributes],
     name_mapping={
         "task_definition_arn": "taskDefinitionArn",
+        "execution_role": "executionRole",
         "network_mode": "networkMode",
         "task_role": "taskRole",
         "compatibility": "compatibility",
@@ -32192,6 +32286,7 @@ class TaskDefinitionAttributes(CommonTaskDefinitionAttributes):
         self,
         *,
         task_definition_arn: builtins.str,
+        execution_role: typing.Optional[_IRole_235f5d8e] = None,
         network_mode: typing.Optional[NetworkMode] = None,
         task_role: typing.Optional[_IRole_235f5d8e] = None,
         compatibility: typing.Optional[Compatibility] = None,
@@ -32199,6 +32294,7 @@ class TaskDefinitionAttributes(CommonTaskDefinitionAttributes):
         '''A reference to an existing task definition.
 
         :param task_definition_arn: The arn of the task definition.
+        :param execution_role: The IAM role that grants containers and Fargate agents permission to make AWS API calls on your behalf. Some tasks do not have an execution role. Default: - undefined
         :param network_mode: The networking mode to use for the containers in the task. Default: Network mode cannot be provided to the imported task.
         :param task_role: The name of the IAM role that grants containers in the task permission to call AWS APIs on your behalf. Default: Permissions cannot be granted to the imported task.
         :param compatibility: What launch types this task definition should be compatible with. Default: Compatibility.EC2_AND_FARGATE
@@ -32219,6 +32315,7 @@ class TaskDefinitionAttributes(CommonTaskDefinitionAttributes):
             
                 # the properties below are optional
                 compatibility=ecs.Compatibility.EC2,
+                execution_role=role,
                 network_mode=ecs.NetworkMode.NONE,
                 task_role=role
             )
@@ -32226,12 +32323,15 @@ class TaskDefinitionAttributes(CommonTaskDefinitionAttributes):
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__723c7f01009409e12e945705433183d486be735607b50d3b8dd0ec765a5e03e3)
             check_type(argname="argument task_definition_arn", value=task_definition_arn, expected_type=type_hints["task_definition_arn"])
+            check_type(argname="argument execution_role", value=execution_role, expected_type=type_hints["execution_role"])
             check_type(argname="argument network_mode", value=network_mode, expected_type=type_hints["network_mode"])
             check_type(argname="argument task_role", value=task_role, expected_type=type_hints["task_role"])
             check_type(argname="argument compatibility", value=compatibility, expected_type=type_hints["compatibility"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "task_definition_arn": task_definition_arn,
         }
+        if execution_role is not None:
+            self._values["execution_role"] = execution_role
         if network_mode is not None:
             self._values["network_mode"] = network_mode
         if task_role is not None:
@@ -32246,6 +32346,17 @@ class TaskDefinitionAttributes(CommonTaskDefinitionAttributes):
         assert result is not None, "Required property 'task_definition_arn' is missing"
         return typing.cast(builtins.str, result)
 
+    @builtins.property
+    def execution_role(self) -> typing.Optional[_IRole_235f5d8e]:
+        '''The IAM role that grants containers and Fargate agents permission to make AWS API calls on your behalf.
+
+        Some tasks do not have an execution role.
+
+        :default: - undefined
+        '''
+        result = self._values.get("execution_role")
+        return typing.cast(typing.Optional[_IRole_235f5d8e], result)
+
     @builtins.property
     def network_mode(self) -> typing.Optional[NetworkMode]:
         '''The networking mode to use for the containers in the task.
@@ -33466,6 +33577,7 @@ class AssetImage(
 
     Example::
 
+        from constructs import Construct
         from aws_cdk import App, Stack
         import aws_cdk.aws_ec2 as ec2
         import aws_cdk.aws_ecs as ecs
@@ -33473,20 +33585,21 @@ class AssetImage(
         import aws_cdk.cx_api as cxapi
         import path as path
         
-        app = App()
+        class MyStack(Stack):
+            def __init__(self, scope, id):
+                super().__init__(scope, id)
         
-        stack = Stack(app, "aws-ecs-patterns-queue")
-        stack.node.set_context(cxapi.ECS_REMOVE_DEFAULT_DESIRED_COUNT, True)
+                self.node.set_context(cxapi.ECS_REMOVE_DEFAULT_DESIRED_COUNT, True)
         
-        vpc = ec2.Vpc(stack, "VPC",
-            max_azs=2
-        )
+                vpc = ec2.Vpc(self, "VPC",
+                    max_azs=2
+                )
         
-        ecs_patterns.QueueProcessingFargateService(stack, "QueueProcessingService",
-            vpc=vpc,
-            memory_limit_mi_b=512,
-            image=ecs.AssetImage(path.join(__dirname, "..", "sqs-reader"))
-        )
+                ecs_patterns.QueueProcessingFargateService(self, "QueueProcessingService",
+                    vpc=vpc,
+                    memory_limit_mi_b=512,
+                    image=ecs.AssetImage(path.join(__dirname, "..", "sqs-reader"))
+                )
     '''
 
     def __init__(
@@ -34904,7 +35017,6 @@ class BaseService(
 
     Example::
 
-        # Example automatically generated from non-compiling source. May contain errors.
         import aws_cdk.aws_ecs as ecs
         
         
@@ -35739,6 +35851,7 @@ class Ec2TaskDefinition(
         id: builtins.str,
         *,
         task_definition_arn: builtins.str,
+        execution_role: typing.Optional[_IRole_235f5d8e] = None,
         network_mode: typing.Optional[NetworkMode] = None,
         task_role: typing.Optional[_IRole_235f5d8e] = None,
     ) -> IEc2TaskDefinition:
@@ -35747,6 +35860,7 @@ class Ec2TaskDefinition(
         :param scope: -
         :param id: -
         :param task_definition_arn: The arn of the task definition.
+        :param execution_role: The IAM role that grants containers and Fargate agents permission to make AWS API calls on your behalf. Some tasks do not have an execution role. Default: - undefined
         :param network_mode: The networking mode to use for the containers in the task. Default: Network mode cannot be provided to the imported task.
         :param task_role: The name of the IAM role that grants containers in the task permission to call AWS APIs on your behalf. Default: Permissions cannot be granted to the imported task.
         '''
@@ -35756,6 +35870,7 @@ class Ec2TaskDefinition(
             check_type(argname="argument id", value=id, expected_type=type_hints["id"])
         attrs = Ec2TaskDefinitionAttributes(
             task_definition_arn=task_definition_arn,
+            execution_role=execution_role,
             network_mode=network_mode,
             task_role=task_role,
         )
@@ -36137,6 +36252,7 @@ class ExternalTaskDefinition(
         id: builtins.str,
         *,
         task_definition_arn: builtins.str,
+        execution_role: typing.Optional[_IRole_235f5d8e] = None,
         network_mode: typing.Optional[NetworkMode] = None,
         task_role: typing.Optional[_IRole_235f5d8e] = None,
     ) -> IExternalTaskDefinition:
@@ -36145,6 +36261,7 @@ class ExternalTaskDefinition(
         :param scope: -
         :param id: -
         :param task_definition_arn: The arn of the task definition.
+        :param execution_role: The IAM role that grants containers and Fargate agents permission to make AWS API calls on your behalf. Some tasks do not have an execution role. Default: - undefined
         :param network_mode: The networking mode to use for the containers in the task. Default: Network mode cannot be provided to the imported task.
         :param task_role: The name of the IAM role that grants containers in the task permission to call AWS APIs on your behalf. Default: Permissions cannot be granted to the imported task.
         '''
@@ -36154,6 +36271,7 @@ class ExternalTaskDefinition(
             check_type(argname="argument id", value=id, expected_type=type_hints["id"])
         attrs = ExternalTaskDefinitionAttributes(
             task_definition_arn=task_definition_arn,
+            execution_role=execution_role,
             network_mode=network_mode,
             task_role=task_role,
         )
@@ -36437,6 +36555,7 @@ class FargateTaskDefinition(
         id: builtins.str,
         *,
         task_definition_arn: builtins.str,
+        execution_role: typing.Optional[_IRole_235f5d8e] = None,
         network_mode: typing.Optional[NetworkMode] = None,
         task_role: typing.Optional[_IRole_235f5d8e] = None,
     ) -> IFargateTaskDefinition:
@@ -36445,6 +36564,7 @@ class FargateTaskDefinition(
         :param scope: -
         :param id: -
         :param task_definition_arn: The arn of the task definition.
+        :param execution_role: The IAM role that grants containers and Fargate agents permission to make AWS API calls on your behalf. Some tasks do not have an execution role. Default: - undefined
         :param network_mode: The networking mode to use for the containers in the task. Default: Network mode cannot be provided to the imported task.
         :param task_role: The name of the IAM role that grants containers in the task permission to call AWS APIs on your behalf. Default: Permissions cannot be granted to the imported task.
         '''
@@ -36454,6 +36574,7 @@ class FargateTaskDefinition(
             check_type(argname="argument id", value=id, expected_type=type_hints["id"])
         attrs = FargateTaskDefinitionAttributes(
             task_definition_arn=task_definition_arn,
+            execution_role=execution_role,
             network_mode=network_mode,
             task_role=task_role,
         )
@@ -38218,6 +38339,7 @@ def _typecheckingstub__8819884fed76c2873e86d47e66faba011202f5d697aa512d17a66e595
 def _typecheckingstub__1a458c1ea772685ddb7eb49b075e7de9bed322fac4bbee8aeab1cf6b576bc995(
     *,
     task_definition_arn: builtins.str,
+    execution_role: typing.Optional[_IRole_235f5d8e] = None,
     network_mode: typing.Optional[NetworkMode] = None,
     task_role: typing.Optional[_IRole_235f5d8e] = None,
 ) -> None:
@@ -38599,6 +38721,7 @@ def _typecheckingstub__95634258086aa3448fbdfd9896017a2cbeb858f382deb61186bb9e22b
 def _typecheckingstub__e90e61a002f578b0dbe160c067f2d3de15287892110df7eedcbbfa7f0c7d391d(
     *,
     task_definition_arn: builtins.str,
+    execution_role: typing.Optional[_IRole_235f5d8e] = None,
     network_mode: typing.Optional[NetworkMode] = None,
     task_role: typing.Optional[_IRole_235f5d8e] = None,
 ) -> None:
@@ -38776,6 +38899,7 @@ def _typecheckingstub__3cc413964caae89bfcfbcabff8356ffe5c054f46824be99731a77b64e
 def _typecheckingstub__2d58078e68b889d5f10f95714f42385491c26bf6ec084584b1a1487cc3acf7a2(
     *,
     task_definition_arn: builtins.str,
+    execution_role: typing.Optional[_IRole_235f5d8e] = None,
     network_mode: typing.Optional[NetworkMode] = None,
     task_role: typing.Optional[_IRole_235f5d8e] = None,
 ) -> None:
@@ -38831,6 +38955,7 @@ def _typecheckingstub__8290283f61f3e2d289b7e7f81cad1a5d1e9ed9dbc07ccce2b57604682
 def _typecheckingstub__5dd329152ba42239c8e48630ce2d0477a28dd88014af62f4536ef752f002010e(
     *,
     task_definition_arn: builtins.str,
+    execution_role: typing.Optional[_IRole_235f5d8e] = None,
     network_mode: typing.Optional[NetworkMode] = None,
     task_role: typing.Optional[_IRole_235f5d8e] = None,
 ) -> None:
@@ -39641,6 +39766,7 @@ def _typecheckingstub__33efccb48f741fbca68f3379a33fab8d93a2872fc8c2a118c9704894b
     *,
     compatibility: typing.Optional[Compatibility] = None,
     task_definition_arn: builtins.str,
+    execution_role: typing.Optional[_IRole_235f5d8e] = None,
     network_mode: typing.Optional[NetworkMode] = None,
     task_role: typing.Optional[_IRole_235f5d8e] = None,
 ) -> None:
@@ -39779,6 +39905,7 @@ def _typecheckingstub__9a9f5e275c7ec18083bd47fd70c94d0dee80deddee22c30c6ef86cb08
 def _typecheckingstub__723c7f01009409e12e945705433183d486be735607b50d3b8dd0ec765a5e03e3(
     *,
     task_definition_arn: builtins.str,
+    execution_role: typing.Optional[_IRole_235f5d8e] = None,
     network_mode: typing.Optional[NetworkMode] = None,
     task_role: typing.Optional[_IRole_235f5d8e] = None,
     compatibility: typing.Optional[Compatibility] = None,
@@ -40260,6 +40387,7 @@ def _typecheckingstub__d794d0fc9ba23db2d5f4c804346c25e9732a8bd6c40b66b459e4b0596
     id: builtins.str,
     *,
     task_definition_arn: builtins.str,
+    execution_role: typing.Optional[_IRole_235f5d8e] = None,
     network_mode: typing.Optional[NetworkMode] = None,
     task_role: typing.Optional[_IRole_235f5d8e] = None,
 ) -> None:
@@ -40357,6 +40485,7 @@ def _typecheckingstub__ccd4d51c36358a0ea1efb52a38fa0bccb9e2db43ee7dc217a32ca2bf2
     id: builtins.str,
     *,
     task_definition_arn: builtins.str,
+    execution_role: typing.Optional[_IRole_235f5d8e] = None,
     network_mode: typing.Optional[NetworkMode] = None,
     task_role: typing.Optional[_IRole_235f5d8e] = None,
 ) -> None:
@@ -40439,6 +40568,7 @@ def _typecheckingstub__59be62eab8487bb224b6839e6560b22ec29653bf5f8e319f85996fa99
     id: builtins.str,
     *,
     task_definition_arn: builtins.str,
+    execution_role: typing.Optional[_IRole_235f5d8e] = None,
     network_mode: typing.Optional[NetworkMode] = None,
     task_role: typing.Optional[_IRole_235f5d8e] = None,
 ) -> None: