Fargate service.
📚 Check out our new book Rapid Docker on AWS
- Written for DevOps engineers and web developers who want to run dockerized web applications on AWS.
- Prior knowledge of Docker and AWS is not required.
- Continuous Deployment of your Web Application and Infrastructure as Code.
Install Node.js and npm first!
npm i @cfn-modules/fargate-service
---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-modules example'
Resources:
Service:
Type: 'AWS::CloudFormation::Stack'
Properties:
Parameters:
VpcModule: !GetAtt 'Vpc.Outputs.StackName' # required
ClusterModule: !GetAtt 'Cluster.Outputs.StackName' # optional
TargetModule: '' # optional
FileSystemModule1: '' # optional
AlertingModule: '' # optional
ClientSgModule1: '' # optional
ClientSgModule2: '' # optional
ClientSgModule3: '' # optional
ManagedPolicyArns: '' # optional
ProxyImage: '' # optional
ProxyImageSecretModule '' # optional
ProxyPort: '8000' # optional
ProxyEnvironment1Key: '' # optional
ProxyEnvironment1Value: '' # optional
ProxyEnvironment1SecretModule: '' # optional
ProxyEnvironment2Key: '' # optional
ProxyEnvironment2Value: '' # optional
ProxyEnvironment2SecretModule: '' # optional
ProxyEnvironment3Key: '' # optional
ProxyEnvironment3Value: '' # optional
ProxyEnvironment3SecretModule: '' # optional
ProxyEnvironment4Key: '' # optional
ProxyEnvironment4Value: '' # optional
ProxyEnvironment4SecretModule: '' # optional
ProxyEnvironment5Key: '' # optional
ProxyEnvironment5Value: '' # optional
ProxyEnvironment5SecretModule: '' # optional
AppImage: 'widdix/hello:v1' # optional
AppImageSecretModule '' # optional
AppPort: '80' # optional
AppEnvironment1Key: '' # optional
AppEnvironment1Value: '' # optional
AppEnvironment1SecretModule: '' # optional
AppEnvironment2Key: '' # optional
AppEnvironment2Value: '' # optional
AppEnvironment2SecretModule: '' # optional
AppEnvironment3Key: '' # optional
AppEnvironment3Value: '' # optional
AppEnvironment3SecretModule: '' # optional
AppEnvironment4Key: '' # optional
AppEnvironment4Value: '' # optional
AppEnvironment4SecretModule: '' # optional
AppEnvironment5Key: '' # optional
AppEnvironment5Value: '' # optional
AppEnvironment5SecretModule: '' # optional
AppEnvironment6Key: '' # optional
AppEnvironment6Value: '' # optional
AppEnvironment7Key: '' # optional
AppEnvironment7Value: '' # optional
AppEnvironment8Key: '' # optional
AppEnvironment8Value: '' # optional
AppEnvironment9Key: '' # optional
AppEnvironment9Value: '' # optional
AppEnvironment10Key: '' # optional
AppEnvironment10Value: '' # optional
AppEnvironment10Key: '' # optional
AppEnvironment10Value: '' # optional
AppEnvironment11Key: '' # optional
AppEnvironment11Value: '' # optional
AppEnvironment12Key: '' # optional
AppEnvironment12Value: '' # optional
AppEnvironment13Key: '' # optional
AppEnvironment13Value: '' # optional
AppEnvironment14Key: '' # optional
AppEnvironment14Value: '' # optional
AppEnvironment15Key: '' # optional
AppEnvironment15Value: '' # optional
AppEnvironment16Key: '' # optional
AppEnvironment16Value: '' # optional
AppEnvironment17Key: '' # optional
AppEnvironment17Value: '' # optional
AppEnvironment18Key: '' # optional
AppEnvironment18Value: '' # optional
AppEnvironment19Key: '' # optional
AppEnvironment19Value: '' # optional
AppEnvironment20Key: '' # optional
AppEnvironment20Value: '' # optional
SidecarImage: '' # optional
SidecarImageSecretModule '' # optional
SidecarPort: '9000' # optional
SidecarProtocol: 'tcp' # optional
SidecarEnvironment1Key: '' # optional
SidecarEnvironment1Value: '' # optional
SidecarEnvironment1SecretModule: '' # optional
SidecarEnvironment2Key: '' # optional
SidecarEnvironment2Value: '' # optional
SidecarEnvironment2SecretModule: '' # optional
SidecarEnvironment3Key: '' # optional
SidecarEnvironment3Value: '' # optional
SidecarEnvironment3SecretModule: '' # optional
SidecarEnvironment4Key: '' # optional
SidecarEnvironment4Value: '' # optional
SidecarEnvironment4SecretModule: '' # optional
SidecarEnvironment5Key: '' # optional
SidecarEnvironment5Value: '' # optional
SidecarEnvironment5SecretModule: '' # optional
Cpu: '0.25' # optional
Memory: '0.5' # optional
DesiredCount: '2' # optional
MaxCapacity: '4' # optional
MinCapacity: '2' # optional
LogsRetentionInDays: '14' # optional
SubnetsReach: 'Public' # optional
AutoScaling: 'true' # optional
HealthCheckGracePeriodSeconds: '60' # optional
Spot: 'false' # optional
CpuArchitecture: 'X86_64' # optional
OperatingSystemFamily: 'LINUX' # optional
ExecuteCommand: 'false' # optional
TemplateURL: './node_modules/@cfn-modules/fargate-service/module.yml'
Name | Description | Default | Required? | Allowed values |
---|---|---|---|---|
VpcModule | Stack name of vpc module | yes | ||
ClusterModule | Stack name of ecs-cluster module (if empty, an ECS cluster is created) | no | ||
TargetModule | Stack name of module implementing Target | no | ||
FileSystemModule1 | Stack name of efs-file-system module mounted to /mnt/efs1 | no | ||
AlertingModule | Stack name of alerting module | no | ||
ClientSgModule1 | Stack name of client-sg module to mark traffic from Fargate task | no | ||
ClientSgModule2 | Stack name of client-sg module to mark traffic from Fargate task | no | ||
ClientSgModule3 | Stack name of client-sg module to mark traffic from Fargate task | no | ||
ManagedPolicyArns | Comma-delimited list of IAM managed policy ARNs to attach to the task's IAM role | no | ||
ProxyImage | Docker image to use for the proxy container. You can use images in the Docker Hub registry or specify other repositories (repository-url/image:tag). If the repository is private, set ProxyyImageSecretModule as well! | no | ||
ProxyImageSecretModule | Stack name of secret module which contains the repository credentials for private registry authentication | no | ||
ProxyPort | The port exposed by the proxy container that receives traffic from the load balancer (ProxyPort != AppPort != SidecarPort; ignored if ProxyImage and/or TargetModule are/is not set) | 8000 | no | |
ProxyEnvironment1Key | Environment variable 1 key for proxy container | no | ||
ProxyEnvironment1Value | Environment variable 1 plain-text value for proxy container (if ProxyEnvironment1Key is set, set either ProxyEnvironment1Value or ProxyEnvironment1SecretModule) | no | ||
ProxyEnvironment1SecretModule | Environment variable 1 stack name of secret module for proxy container (if ProxyEnvironment1Key is set, set either ProxyEnvironment1Value or ProxyEnvironment1SecretModule) | no | ||
ProxyEnvironment2Key | Environment variable 2 key for proxy container | no | ||
ProxyEnvironment2Value | Environment variable 2 plain-text value for proxy container (if ProxyEnvironment2Key is set, set either ProxyEnvironment2Value or ProxyEnvironment2SecretModule) | no | ||
ProxyEnvironment2SecretModule | Environment variable 2 stack name of secret module for proxy container (if ProxyEnvironment2Key is set, set either ProxyEnvironment2Value or ProxyEnvironment2SecretModule) | no | ||
ProxyEnvironment3Key | Environment variable 3 key for proxy container | no | ||
ProxyEnvironment3Value | Environment variable 3 plain-text value for proxy container (if ProxyEnvironment3Key is set, set either ProxyEnvironment3Value or ProxyEnvironment3SecretModule) | no | ||
ProxyEnvironment3SecretModule | Environment variable 3 stack name of secret module for proxy container (if ProxyEnvironment3Key is set, set either ProxyEnvironment3Value or ProxyEnvironment3SecretModule) | no | ||
ProxyEnvironment4Key | Environment variable 4 key for proxy container | no | ||
ProxyEnvironment4Value | Environment variable 4 plain-text value for proxy container (if ProxyEnvironment4Key is set, set either ProxyEnvironment4Value or ProxyEnvironment4SecretModule) | no | ||
ProxyEnvironment4SecretModule | Environment variable 4 stack name of secret module for proxy container (if ProxyEnvironment4Key is set, set either ProxyEnvironment4Value or ProxyEnvironment4SecretModule) | no | ||
ProxyEnvironment5Key | Environment variable 5 key for proxy container | no | ||
ProxyEnvironment5Value | Environment variable 5 plain-text value for proxy container (if ProxyEnvironment5Key is set, set either ProxyEnvironment5Value or ProxyEnvironment5SecretModule) | no | ||
ProxyEnvironment5SecretModule | Environment variable 5 stack name of secret module for proxy container (if ProxyEnvironment5Key is set, set either ProxyEnvironment5Value or ProxyEnvironment5SecretModule) | no | ||
AppImage | The Docker image to use for the app container. You can use images in the Docker Hub registry or specify other repositories (repository-url/image:tag). If the repository is private, set AppImageSecretModule as well! | widdix/hello:v1 | no | |
AppImageSecretModule | Stack name of secret module which contains the repository credentials for private registry authentication | no | ||
AppPort | The port exposed by the app container that receives traffic from the load balancer or the proxy container (AppPort != ProxyPort != SidecarPort; ignored if TargetModule is not set) | 80 | no | |
AppEnvironment1Key | Environment variable 1 key for app container | no | ||
AppEnvironment1Value | Environment variable 1 plain-text value for app container (if AppEnvironment1Key is set, set either AppEnvironment1Value or AppEnvironment1SecretModule) | no | ||
AppEnvironment1SecretModule | Environment variable 1 stack name of secret module for app container (if AppEnvironment1Key is set, set either AppEnvironment1Value or AppEnvironment1SecretModule) | no | ||
AppEnvironment2Key | Environment variable 2 key for app container | no | ||
AppEnvironment2Value | Environment variable 2 plain-text value for app container (if AppEnvironment2Key is set, set either AppEnvironment2Value or AppEnvironment2SecretModule) | no | ||
AppEnvironment2SecretModule | Environment variable 2 stack name of secret module for app container (if AppEnvironment2Key is set, set either AppEnvironment2Value or AppEnvironment2SecretModule) | no | ||
AppEnvironment3Key | Environment variable 3 key for app container | no | ||
AppEnvironment3Value | Environment variable 3 plain-text value for app container (if AppEnvironment3Key is set, set either AppEnvironment3Value or AppEnvironment3SecretModule) | no | ||
AppEnvironment3SecretModule | Environment variable 3 stack name of secret module for app container (if AppEnvironment3Key is set, set either AppEnvironment3Value or AppEnvironment3SecretModule) | no | ||
AppEnvironment4Key | Environment variable 4 key for app container | no | ||
AppEnvironment4Value | Environment variable 4 plain-text value for app container (if AppEnvironment4Key is set, set either AppEnvironment4Value or AppEnvironment4SecretModule) | no | ||
AppEnvironment4SecretModule | Environment variable 4 stack name of secret module for app container (if AppEnvironment4Key is set, set either AppEnvironment4Value or AppEnvironment4SecretModule) | no | ||
AppEnvironment5Key | Environment variable 5 key for app container | no | ||
AppEnvironment5Value | Environment variable 5 plain-text value for app container (if AppEnvironment5Key is set, set either AppEnvironment5Value or AppEnvironment5SecretModule) | no | ||
AppEnvironment5SecretModule | Environment variable 5 stack name of secret module for app container (if AppEnvironment5Key is set, set either AppEnvironment5Value or AppEnvironment5SecretModule) | no | ||
AppEnvironment6Key | Environment variable 6 key for app container | no | ||
AppEnvironment6Value | Environment variable 6 plain-text value for app container | no | ||
AppEnvironment7Key | Environment variable 7 key for app container | no | ||
AppEnvironment7Value | Environment variable 7 plain-text value for app container | no | ||
AppEnvironment8Key | Environment variable 8 key for app container | no | ||
AppEnvironment8Value | Environment variable 8 plain-text value for app container | no | ||
AppEnvironment9Key | Environment variable 9 key for app container | no | ||
AppEnvironment9Value | Environment variable 9 plain-text value for app container | no | ||
AppEnvironment10Key | Environment variable 10 key for app container | no | ||
AppEnvironment10Value | Environment variable 10 plain-text value for app container | no | ||
AppEnvironment11Key | Environment variable 11 key for app container | no | ||
AppEnvironment11Value | Environment variable 11 plain-text value for app container | no | ||
AppEnvironment12Key | Environment variable 12 key for app container | no | ||
AppEnvironment12Value | Environment variable 12 plain-text value for app container | no | ||
AppEnvironment13Key | Environment variable 13 key for app container | no | ||
AppEnvironment13Value | Environment variable 13 plain-text value for app container | no | ||
AppEnvironment14Key | Environment variable 14 key for app container | no | ||
AppEnvironment14Value | Environment variable 14 plain-text value for app container | no | ||
AppEnvironment15Key | Environment variable 15 key for app container | no | ||
AppEnvironment15Value | Environment variable 15 plain-text value for app container | no | ||
AppEnvironment16Key | Environment variable 16 key for app container | no | ||
AppEnvironment16Value | Environment variable 16 plain-text value for app container | no | ||
AppEnvironment17Key | Environment variable 17 key for app container | no | ||
AppEnvironment17Value | Environment variable 17 plain-text value for app container | no | ||
AppEnvironment18Key | Environment variable 18 key for app container | no | ||
AppEnvironment18Value | Environment variable 18 plain-text value for app container | no | ||
AppEnvironment19Key | Environment variable 19 key for app container | no | ||
AppEnvironment19Value | Environment variable 19 plain-text value for app container | no | ||
AppEnvironment20Key | Environment variable 20 key for app container | no | ||
AppEnvironment20Value | Environment variable 20 plain-text value for app container | no | ||
SidecarImage | Docker image to use for the sidecar container. You can use images in the Docker Hub registry or specify other repositories (repository-url/image:tag). If the repository is private, set SidecarImageSecretModule as well! | no | ||
SidecarImageSecretModule | Stack name of secret module which contains the repository credentials for private registry authentication | no | ||
SidecarPort | The port exposed by the sidecar container reachable from the app container on host localhost (SidecarPort != ProxyPort != AppPort) | 9000 | no | |
SidecarProtocol | The protocol used by the sidecar container reachable from the app container on host localhost. | tcp | no | [tcp, udp] |
SidecarEnvironment1Key | Environment variable 1 key for sidecar container | no | ||
SidecarEnvironment1Value | Environment variable 1 plain-text value for sidecar container (if SidecarEnvironment1Key is set, set either SidecarEnvironment1Value or SidecarEnvironment1SecretModule) | no | ||
SidecarEnvironment1SecretModule | Environment variable 1 stack name of secret module for sidecar container (if SidecarEnvironment1Key is set, set either SidecarEnvironment1Value or SidecarEnvironment1SecretModule) | no | ||
SidecarEnvironment2Key | Environment variable 2 key for sidecar container | no | ||
SidecarEnvironment2Value | Environment variable 2 plain-text value for sidecar container (if SidecarEnvironment2Key is set, set either SidecarEnvironment2Value or SidecarEnvironment2SecretModule) | no | ||
SidecarEnvironment2SecretModule | Environment variable 2 stack name of secret module for sidecar container (if SidecarEnvironment2Key is set, set either SidecarEnvironment2Value or SidecarEnvironment2SecretModule) | no | ||
SidecarEnvironment3Key | Environment variable 3 key for sidecar container | no | ||
SidecarEnvironment3Value | Environment variable 3 plain-text value for sidecar container (if SidecarEnvironment3Key is set, set either SidecarEnvironment3Value or SidecarEnvironment3SecretModule) | no | ||
SidecarEnvironment3SecretModule | Environment variable 3 stack name of secret module for sidecar container (if SidecarEnvironment3Key is set, set either SidecarEnvironment3Value or SidecarEnvironment3SecretModule) | no | ||
SidecarEnvironment4Key | Environment variable 4 key for sidecar container | no | ||
SidecarEnvironment4Value | Environment variable 4 plain-text value for sidecar container (if SidecarEnvironment4Key is set, set either SidecarEnvironment4Value or SidecarEnvironment4SecretModule) | no | ||
SidecarEnvironment4SecretModule | Environment variable 4 stack name of secret module for sidecar container (if SidecarEnvironment4Key is set, set either SidecarEnvironment4Value or SidecarEnvironment4SecretModule) | no | ||
SidecarEnvironment5Key | Environment variable 5 key for sidecar container | no | ||
SidecarEnvironment5Value | Environment variable 5 plain-text value for sidecar container (if SidecarEnvironment5Key is set, set either SidecarEnvironment5Value or SidecarEnvironment5SecretModule) | no | ||
SidecarEnvironment5SecretModule | Environment variable 5 stack name of secret module for sidecar container (if SidecarEnvironment5Key is set, set either SidecarEnvironment5Value or SidecarEnvironment5SecretModule) | no | ||
Cpu | The minimum number of vCPUs to reserve for the container | 0.25 | no | [0.25, 0.5, 1, 2, 4] |
Memory | The amount (in GB) of memory used by the task | 0.5 | no | [0.5, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30] |
DesiredCount | The number of simultaneous tasks, that you want to run on the cluster | 2 | no | 1-N |
MaxCapacity | The maximum number of simultaneous tasks, that you want to run on the cluster | 4 | no | 1-N |
MinCapacity | The minimum number of simultaneous tasks, that you want to run on the cluster | 2 | no | 1-N |
LogsRetentionInDays | Specifies the number of days you want to retain log events in the specified log group | 14 | no | [1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653] |
SubnetsReach | Should the service have direct access to the Internet or do you prefer private subnets with NAT? | Public | no | [Public, Private] |
AutoScaling | Scale number of tasks based on CPU load? | true | no | [true, false] |
HealthCheckGracePeriodSeconds | The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing target health checks after a task has first started (ignored if TargetModule is not set) | 60 | no | 0-1800 |
Spot | Run workload on spot capacity? | false | no | [true, false] |
CpuArchitecture | The CPU architecture of the container. | X86_64 | no | [X86_64, ARM64] |
OperatingSystemFamily | The operating system family of the container. | LINUX | no | [LINUX, WINDOWS_SERVER_2004_CORE, WINDOWS_SERVER_2016_FULL, WINDOWS_SERVER_2019_CORE, WINDOWS_SERVER_2019_FULL, WINDOWS_SERVER_2022_CORE, WINDOWS_SERVER_2022_FULL, WINDOWS_SERVER_20H2_CORE] |
ExecuteCommand | Enable or disable ECS execute command | false | no | [false, true] |
Name | Interface | Description | Exported? |
---|---|---|---|
ModuleId | global | Id of the module | no |
ModuleVersion | global | Version of the module | no |
StackName | global | Name of the stack (used to pass module references) | no |
TaskRoleArn | IAM Role ARN of task | yes |
To fetch Docker images from private repositories, you have to provide the repository credentials via AWS Secrets Manager. Go to AWS Secrets Manager and create a new secret of type other type) with the plaintext value:
{
"username": "DOCKERHUB_USERNAME",
"password": "DOCKERHUB_PASSWORD"
}
Use the secret module wrapper to use the secret within cfn-modules.
---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-modules example'
Resources:
Secret:
Type: 'AWS::CloudFormation::Stack'
Properties:
Parameters:
Arn: 'arn:aws:secretsmanager:eu-west-1:111111111111:secret:name/of/secret' # TODO replace with your secret ARN
TemplateURL: './node_modules/@cfn-modules/secret/wrapper.yml'
The following image prameters support a secret:
Parameter | Secret |
---|---|
ProxyImage | ProxyImageSecretModule |
AppImage | AppImageSecretModule |
SidecarImage | SidecarImageSecretModule |
- Rename
AmbassadorImage
toProxyImage
. - Rename
AmbassadorPort
toProxyPort
. - Rename
AmbassadorEnvironment1Key
toProxyEnvironment1Key
. - Rename
AmbassadorEnvironment1Value
toProxyEnvironment1Value
. - Rename
AmbassadorEnvironment2Key
toProxyEnvironment2Key
. - Rename
AmbassadorEnvironment2Value
toProxyEnvironment2Value
. - Rename
AmbassadorEnvironment3Key
toProxyEnvironment3Key
. - Rename
AmbassadorEnvironment3Value
toProxyEnvironment3Value
.