aws.ecs-service¶
Filters¶
json-diff¶
Compute the diff from the current resource to a previous version.
A resource matches the filter if a diff exists between the current resource and the selected revision.
Utilizes config as a resource revision database.
Revisions can be selected by date, against the previous version, and against a locked version (requires use of is-locked filter).
properties:
selector:
enum:
- previous
- date
- locked
selector_value:
type: string
type:
enum:
- json-diff
required:
- type
Permissions - config:GetResourceConfigHistory
taggable¶
Filter ECS resources on arn-format https://docs.aws.amazon.com/AmazonECS/latest/userguide/ecs-resource-ids.html :example:
policies: - name: taggable resource: ecs-service filters: - type: taggable state: True
properties:
state:
type: boolean
type:
enum:
- taggable
required:
- type
Permissions - ecs:ListServices
task-definition¶
Filter services by their task definitions.
- Example
Find any fargate services that are running with a particular image in the task and stop them.
policies:
- name: fargate-find-stop-image
resource: ecs-task
filters:
- launchType: FARGATE
- type: task-definition
key: "containerDefinitions[].image"
value: "elasticsearch/elasticsearch:6.4.3"
value_type: swap
op: contains
actions:
- type: stop
properties:
default:
type: object
key:
type: string
op:
enum:
- eq
- equal
- ne
- not-equal
- gt
- greater-than
- ge
- gte
- le
- lte
- lt
- less-than
- glob
- regex
- regex-case
- in
- ni
- not-in
- contains
- difference
- intersect
type:
enum:
- task-definition
value:
oneOf:
- type: array
- type: string
- type: boolean
- type: number
- type: 'null'
value_from:
additionalProperties: 'False'
properties:
expr:
oneOf:
- type: integer
- type: string
format:
enum:
- csv
- json
- txt
- csv2dict
url:
type: string
required:
- url
type: object
value_regex:
type: string
value_type:
enum:
- age
- integer
- expiration
- normalize
- size
- cidr
- cidr_size
- swap
- resource_count
- expr
- unique_size
- date
- version
required:
- type
Permissions - ecs:DescribeTaskDefinition, ecs:ListTaskDefinitions
Actions¶
delete¶
Delete service(s).
properties:
type:
enum:
- delete
required:
- type
Permissions - ecs:DeleteService
modify¶
Action to update service
- example
policies:
- name: no-public-ips-services
resource: ecs-service
filters:
- 'networkConfiguration.awsvpcConfiguration.assignPublicIp': 'ENABLED'
actions:
- type: modify
update:
networkConfiguration:
awsvpcConfiguration:
assignPublicIp: DISABLED
properties:
type:
enum:
- modify
update:
deploymentConfiguration:
properties:
maximumPercent:
type: integer
minimumHealthyPercent:
type: integer
type: object
desiredCount:
type: integer
forceNewDeployment:
default: false
type: boolean
healthCheckGracePeriodSeconds:
type: integer
networkConfiguration:
properties:
awsvpcConfiguration:
properties:
assignPublicIp:
enum:
- ENABLED
- DISABLED
type: string
securityGroups:
items:
type: string
subnets:
items:
type: string
minItems: 1
type: array
type: object
type: object
platformVersion:
type: string
taskDefinition:
type: string
required:
- type
Permissions - ecs:UpdateService
resize¶
Action to resize the min/max/desired count in an application autoscaling target
There are several ways to use this action:
apply a fixed resize of min, max or desired, optionally saving the previous values to a named tag (for restoring later):
policies:
- name: offhours-ecs-off
resource: ecs-service
filters:
- type: offhour
offhour: 19
default_tz: bst
actions:
- type: resize
min-capacity: 0
desired: 0
save-options-tag: OffHoursPrevious
suspend-scaling: true
restore previous values for min/max/desired from a tag:
policies:
- name: offhours-ecs-on
resource: ecs-service
filters:
- type: onhour
onhour: 8
default_tz: bst
actions:
- type: resize
restore-options-tag: OffHoursPrevious
restore-scaling: true
properties:
desired:
anyOf:
- enum:
- current
- minimum: 0
type: integer
max-capacity:
minimum: 0
type: integer
min-capacity:
minimum: 0
type: integer
restore-options-tag:
type: string
restore-scaling:
type: boolean
save-options-tag:
type: string
suspend-scaling:
type: boolean
type:
enum:
- resize
required:
- type
Permissions - ecs:UpdateService, ecs:TagResource, ecs:UntagResource