Fargate service.
📚 Check out our new book Rapid Docker on AWS
- Written for DevOps engineers and web developers who want to run dockerized web applications on AWS.
- Prior knowledge of Docker and AWS is not required.
- Continuous Deployment of your Web Application and Infrastructure as Code.
Install Node.js and npm first!
npm i @cfn-modules/fargate-service
---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-modules example'
Resources:
Service:
Type: 'AWS::CloudFormation::Stack'
Properties:
Parameters:
VpcModule: !GetAtt 'Vpc.Outputs.StackName' # required
ClusterModule: !GetAtt 'Cluster.Outputs.StackName' # optional
TargetModule: '' # optional
FileSystemModule1: '' # optional
AlertingModule: '' # optional
ClientSgModule1: '' # optional
ClientSgModule2: '' # optional
ClientSgModule3: '' # optional
ManagedPolicyArns: '' # optional
ProxyImage: '' # optional
ProxyImageSecretModule '' # optional
ProxyPort: '8000' # optional
ProxyEnvironment1Key: '' # optional
ProxyEnvironment1Value: '' # optional
ProxyEnvironment1SecretModule: '' # optional
ProxyEnvironment2Key: '' # optional
ProxyEnvironment2Value: '' # optional
ProxyEnvironment2SecretModule: '' # optional
ProxyEnvironment3Key: '' # optional
ProxyEnvironment3Value: '' # optional
ProxyEnvironment3SecretModule: '' # optional
ProxyEnvironment4Key: '' # optional
ProxyEnvironment4Value: '' # optional
ProxyEnvironment4SecretModule: '' # optional
ProxyEnvironment5Key: '' # optional
ProxyEnvironment5Value: '' # optional
ProxyEnvironment5SecretModule: '' # optional
AppImage: 'widdix/hello:v1' # optional
AppImageSecretModule '' # optional
AppPort: '80' # optional
AppEnvironment1Key: '' # optional
AppEnvironment1Value: '' # optional
AppEnvironment1SecretModule: '' # optional
AppEnvironment2Key: '' # optional
AppEnvironment2Value: '' # optional
AppEnvironment2SecretModule: '' # optional
AppEnvironment3Key: '' # optional
AppEnvironment3Value: '' # optional
AppEnvironment3SecretModule: '' # optional
AppEnvironment4Key: '' # optional
AppEnvironment4Value: '' # optional
AppEnvironment4SecretModule: '' # optional
AppEnvironment5Key: '' # optional
AppEnvironment5Value: '' # optional
AppEnvironment5SecretModule: '' # optional
AppEnvironment6Key: '' # optional
AppEnvironment6Value: '' # optional
AppEnvironment7Key: '' # optional
AppEnvironment7Value: '' # optional
AppEnvironment8Key: '' # optional
AppEnvironment8Value: '' # optional
AppEnvironment9Key: '' # optional
AppEnvironment9Value: '' # optional
AppEnvironment10Key: '' # optional
AppEnvironment10Value: '' # optional
AppEnvironment10Key: '' # optional
AppEnvironment10Value: '' # optional
AppEnvironment11Key: '' # optional
AppEnvironment11Value: '' # optional
AppEnvironment12Key: '' # optional
AppEnvironment12Value: '' # optional
AppEnvironment13Key: '' # optional
AppEnvironment13Value: '' # optional
AppEnvironment14Key: '' # optional
AppEnvironment14Value: '' # optional
AppEnvironment15Key: '' # optional
AppEnvironment15Value: '' # optional
AppEnvironment16Key: '' # optional
AppEnvironment16Value: '' # optional
AppEnvironment17Key: '' # optional
AppEnvironment17Value: '' # optional
AppEnvironment18Key: '' # optional
AppEnvironment18Value: '' # optional
AppEnvironment19Key: '' # optional
AppEnvironment19Value: '' # optional
AppEnvironment20Key: '' # optional
AppEnvironment20Value: '' # optional
AppEnvironment21Key: '' # optional
AppEnvironment21Value: '' # optional
AppEnvironment22Key: '' # optional
AppEnvironment22Value: '' # optional
AppEnvironment23Key: '' # optional
AppEnvironment23Value: '' # optional
AppEnvironment24Key: '' # optional
AppEnvironment24Value: '' # optional
AppEnvironment25Key: '' # optional
AppEnvironment25Value: '' # optional
SidecarImage: '' # optional
SidecarImageSecretModule '' # optional
SidecarPort: '9000' # optional
SidecarProtocol: 'tcp' # optional
SidecarEnvironment1Key: '' # optional
SidecarEnvironment1Value: '' # optional
SidecarEnvironment1SecretModule: '' # optional
SidecarEnvironment2Key: '' # optional
SidecarEnvironment2Value: '' # optional
SidecarEnvironment2SecretModule: '' # optional
SidecarEnvironment3Key: '' # optional
SidecarEnvironment3Value: '' # optional
SidecarEnvironment3SecretModule: '' # optional
SidecarEnvironment4Key: '' # optional
SidecarEnvironment4Value: '' # optional
SidecarEnvironment4SecretModule: '' # optional
SidecarEnvironment5Key: '' # optional
SidecarEnvironment5Value: '' # optional
SidecarEnvironment5SecretModule: '' # optional
Cpu: '0.25' # optional
Memory: '0.5' # optional
DesiredCount: '2' # optional
MaxCapacity: '4' # optional
MinCapacity: '2' # optional
LogsRetentionInDays: '14' # optional
SubnetsReach: 'Public' # optional
AutoScaling: 'true' # optional
HealthCheckGracePeriodSeconds: '60' # optional
Spot: 'false' # optional
CpuArchitecture: 'X86_64' # optional
OperatingSystemFamily: 'LINUX' # optional
ExecuteCommand: 'false' # optional
TemplateURL: './node_modules/@cfn-modules/fargate-service/module.yml'
| Name | Description | Default | Required? | Allowed values |
|---|---|---|---|---|
| VpcModule | Stack name of vpc module | yes | ||
| ClusterModule | Stack name of ecs-cluster module (if empty, an ECS cluster is created) | no | ||
| TargetModule | Stack name of module implementing Target | no | ||
| FileSystemModule1 | Stack name of efs-file-system module mounted to /mnt/efs1 | no | ||
| AlertingModule | Stack name of alerting module | no | ||
| ClientSgModule1 | Stack name of client-sg module to mark traffic from Fargate task | no | ||
| ClientSgModule2 | Stack name of client-sg module to mark traffic from Fargate task | no | ||
| ClientSgModule3 | Stack name of client-sg module to mark traffic from Fargate task | no | ||
| ManagedPolicyArns | Comma-delimited list of IAM managed policy ARNs to attach to the task's IAM role | no | ||
| ProxyImage | Docker image to use for the proxy container. You can use images in the Docker Hub registry or specify other repositories (repository-url/image:tag). If the repository is private, set ProxyyImageSecretModule as well! | no | ||
| ProxyImageSecretModule | Stack name of secret module which contains the repository credentials for private registry authentication | no | ||
| ProxyPort | The port exposed by the proxy container that receives traffic from the load balancer (ProxyPort != AppPort != SidecarPort; ignored if ProxyImage and/or TargetModule are/is not set) | 8000 | no | |
| ProxyEnvironment1Key | Environment variable 1 key for proxy container | no | ||
| ProxyEnvironment1Value | Environment variable 1 plain-text value for proxy container (if ProxyEnvironment1Key is set, set either ProxyEnvironment1Value or ProxyEnvironment1SecretModule) | no | ||
| ProxyEnvironment1SecretModule | Environment variable 1 stack name of secret module for proxy container (if ProxyEnvironment1Key is set, set either ProxyEnvironment1Value or ProxyEnvironment1SecretModule) | no | ||
| ProxyEnvironment2Key | Environment variable 2 key for proxy container | no | ||
| ProxyEnvironment2Value | Environment variable 2 plain-text value for proxy container (if ProxyEnvironment2Key is set, set either ProxyEnvironment2Value or ProxyEnvironment2SecretModule) | no | ||
| ProxyEnvironment2SecretModule | Environment variable 2 stack name of secret module for proxy container (if ProxyEnvironment2Key is set, set either ProxyEnvironment2Value or ProxyEnvironment2SecretModule) | no | ||
| ProxyEnvironment3Key | Environment variable 3 key for proxy container | no | ||
| ProxyEnvironment3Value | Environment variable 3 plain-text value for proxy container (if ProxyEnvironment3Key is set, set either ProxyEnvironment3Value or ProxyEnvironment3SecretModule) | no | ||
| ProxyEnvironment3SecretModule | Environment variable 3 stack name of secret module for proxy container (if ProxyEnvironment3Key is set, set either ProxyEnvironment3Value or ProxyEnvironment3SecretModule) | no | ||
| ProxyEnvironment4Key | Environment variable 4 key for proxy container | no | ||
| ProxyEnvironment4Value | Environment variable 4 plain-text value for proxy container (if ProxyEnvironment4Key is set, set either ProxyEnvironment4Value or ProxyEnvironment4SecretModule) | no | ||
| ProxyEnvironment4SecretModule | Environment variable 4 stack name of secret module for proxy container (if ProxyEnvironment4Key is set, set either ProxyEnvironment4Value or ProxyEnvironment4SecretModule) | no | ||
| ProxyEnvironment5Key | Environment variable 5 key for proxy container | no | ||
| ProxyEnvironment5Value | Environment variable 5 plain-text value for proxy container (if ProxyEnvironment5Key is set, set either ProxyEnvironment5Value or ProxyEnvironment5SecretModule) | no | ||
| ProxyEnvironment5SecretModule | Environment variable 5 stack name of secret module for proxy container (if ProxyEnvironment5Key is set, set either ProxyEnvironment5Value or ProxyEnvironment5SecretModule) | no | ||
| AppImage | The Docker image to use for the app container. You can use images in the Docker Hub registry or specify other repositories (repository-url/image:tag). If the repository is private, set AppImageSecretModule as well! | widdix/hello:v1 | no | |
| AppImageSecretModule | Stack name of secret module which contains the repository credentials for private registry authentication | no | ||
| AppPort | The port exposed by the app container that receives traffic from the load balancer or the proxy container (AppPort != ProxyPort != SidecarPort; ignored if TargetModule is not set) | 80 | no | |
| AppEnvironment1Key | Environment variable 1 key for app container | no | ||
| AppEnvironment1Value | Environment variable 1 plain-text value for app container (if AppEnvironment1Key is set, set either AppEnvironment1Value or AppEnvironment1SecretModule) | no | ||
| AppEnvironment1SecretModule | Environment variable 1 stack name of secret module for app container (if AppEnvironment1Key is set, set either AppEnvironment1Value or AppEnvironment1SecretModule) | no | ||
| AppEnvironment2Key | Environment variable 2 key for app container | no | ||
| AppEnvironment2Value | Environment variable 2 plain-text value for app container (if AppEnvironment2Key is set, set either AppEnvironment2Value or AppEnvironment2SecretModule) | no | ||
| AppEnvironment2SecretModule | Environment variable 2 stack name of secret module for app container (if AppEnvironment2Key is set, set either AppEnvironment2Value or AppEnvironment2SecretModule) | no | ||
| AppEnvironment3Key | Environment variable 3 key for app container | no | ||
| AppEnvironment3Value | Environment variable 3 plain-text value for app container (if AppEnvironment3Key is set, set either AppEnvironment3Value or AppEnvironment3SecretModule) | no | ||
| AppEnvironment3SecretModule | Environment variable 3 stack name of secret module for app container (if AppEnvironment3Key is set, set either AppEnvironment3Value or AppEnvironment3SecretModule) | no | ||
| AppEnvironment4Key | Environment variable 4 key for app container | no | ||
| AppEnvironment4Value | Environment variable 4 plain-text value for app container (if AppEnvironment4Key is set, set either AppEnvironment4Value or AppEnvironment4SecretModule) | no | ||
| AppEnvironment4SecretModule | Environment variable 4 stack name of secret module for app container (if AppEnvironment4Key is set, set either AppEnvironment4Value or AppEnvironment4SecretModule) | no | ||
| AppEnvironment5Key | Environment variable 5 key for app container | no | ||
| AppEnvironment5Value | Environment variable 5 plain-text value for app container (if AppEnvironment5Key is set, set either AppEnvironment5Value or AppEnvironment5SecretModule) | no | ||
| AppEnvironment5SecretModule | Environment variable 5 stack name of secret module for app container (if AppEnvironment5Key is set, set either AppEnvironment5Value or AppEnvironment5SecretModule) | no | ||
| AppEnvironment6Key | Environment variable 6 key for app container | no | ||
| AppEnvironment6Value | Environment variable 6 plain-text value for app container | no | ||
| AppEnvironment7Key | Environment variable 7 key for app container | no | ||
| AppEnvironment7Value | Environment variable 7 plain-text value for app container | no | ||
| AppEnvironment8Key | Environment variable 8 key for app container | no | ||
| AppEnvironment8Value | Environment variable 8 plain-text value for app container | no | ||
| AppEnvironment9Key | Environment variable 9 key for app container | no | ||
| AppEnvironment9Value | Environment variable 9 plain-text value for app container | no | ||
| AppEnvironment10Key | Environment variable 10 key for app container | no | ||
| AppEnvironment10Value | Environment variable 10 plain-text value for app container | no | ||
| AppEnvironment11Key | Environment variable 11 key for app container | no | ||
| AppEnvironment11Value | Environment variable 11 plain-text value for app container | no | ||
| AppEnvironment12Key | Environment variable 12 key for app container | no | ||
| AppEnvironment12Value | Environment variable 12 plain-text value for app container | no | ||
| AppEnvironment13Key | Environment variable 13 key for app container | no | ||
| AppEnvironment13Value | Environment variable 13 plain-text value for app container | no | ||
| AppEnvironment14Key | Environment variable 14 key for app container | no | ||
| AppEnvironment14Value | Environment variable 14 plain-text value for app container | no | ||
| AppEnvironment15Key | Environment variable 15 key for app container | no | ||
| AppEnvironment15Value | Environment variable 15 plain-text value for app container | no | ||
| AppEnvironment16Key | Environment variable 16 key for app container | no | ||
| AppEnvironment16Value | Environment variable 16 plain-text value for app container | no | ||
| AppEnvironment17Key | Environment variable 17 key for app container | no | ||
| AppEnvironment17Value | Environment variable 17 plain-text value for app container | no | ||
| AppEnvironment18Key | Environment variable 18 key for app container | no | ||
| AppEnvironment18Value | Environment variable 18 plain-text value for app container | no | ||
| AppEnvironment19Key | Environment variable 19 key for app container | no | ||
| AppEnvironment19Value | Environment variable 19 plain-text value for app container | no | ||
| AppEnvironment20Key | Environment variable 20 key for app container | no | ||
| AppEnvironment20Value | Environment variable 20 plain-text value for app container | no | ||
| AppEnvironment21Key | Environment variable 21 key for app container | no | ||
| AppEnvironment21Value | Environment variable 21 plain-text value for app container | no | ||
| AppEnvironment22Key | Environment variable 22 key for app container | no | ||
| AppEnvironment22Value | Environment variable 22 plain-text value for app container | no | ||
| AppEnvironment23Key | Environment variable 23 key for app container | no | ||
| AppEnvironment23Value | Environment variable 23 plain-text value for app container | no | ||
| AppEnvironment24Key | Environment variable 24 key for app container | no | ||
| AppEnvironment24Value | Environment variable 24 plain-text value for app container | no | ||
| AppEnvironment25Key | Environment variable 25 key for app container | no | ||
| AppEnvironment25Value | Environment variable 25 plain-text value for app container | no | ||
| SidecarImage | Docker image to use for the sidecar container. You can use images in the Docker Hub registry or specify other repositories (repository-url/image:tag). If the repository is private, set SidecarImageSecretModule as well! | no | ||
| SidecarImageSecretModule | Stack name of secret module which contains the repository credentials for private registry authentication | no | ||
| SidecarPort | The port exposed by the sidecar container reachable from the app container on host localhost (SidecarPort != ProxyPort != AppPort) | 9000 | no | |
| SidecarProtocol | The protocol used by the sidecar container reachable from the app container on host localhost. | tcp | no | [tcp, udp] |
| SidecarEnvironment1Key | Environment variable 1 key for sidecar container | no | ||
| SidecarEnvironment1Value | Environment variable 1 plain-text value for sidecar container (if SidecarEnvironment1Key is set, set either SidecarEnvironment1Value or SidecarEnvironment1SecretModule) | no | ||
| SidecarEnvironment1SecretModule | Environment variable 1 stack name of secret module for sidecar container (if SidecarEnvironment1Key is set, set either SidecarEnvironment1Value or SidecarEnvironment1SecretModule) | no | ||
| SidecarEnvironment2Key | Environment variable 2 key for sidecar container | no | ||
| SidecarEnvironment2Value | Environment variable 2 plain-text value for sidecar container (if SidecarEnvironment2Key is set, set either SidecarEnvironment2Value or SidecarEnvironment2SecretModule) | no | ||
| SidecarEnvironment2SecretModule | Environment variable 2 stack name of secret module for sidecar container (if SidecarEnvironment2Key is set, set either SidecarEnvironment2Value or SidecarEnvironment2SecretModule) | no | ||
| SidecarEnvironment3Key | Environment variable 3 key for sidecar container | no | ||
| SidecarEnvironment3Value | Environment variable 3 plain-text value for sidecar container (if SidecarEnvironment3Key is set, set either SidecarEnvironment3Value or SidecarEnvironment3SecretModule) | no | ||
| SidecarEnvironment3SecretModule | Environment variable 3 stack name of secret module for sidecar container (if SidecarEnvironment3Key is set, set either SidecarEnvironment3Value or SidecarEnvironment3SecretModule) | no | ||
| SidecarEnvironment4Key | Environment variable 4 key for sidecar container | no | ||
| SidecarEnvironment4Value | Environment variable 4 plain-text value for sidecar container (if SidecarEnvironment4Key is set, set either SidecarEnvironment4Value or SidecarEnvironment4SecretModule) | no | ||
| SidecarEnvironment4SecretModule | Environment variable 4 stack name of secret module for sidecar container (if SidecarEnvironment4Key is set, set either SidecarEnvironment4Value or SidecarEnvironment4SecretModule) | no | ||
| SidecarEnvironment5Key | Environment variable 5 key for sidecar container | no | ||
| SidecarEnvironment5Value | Environment variable 5 plain-text value for sidecar container (if SidecarEnvironment5Key is set, set either SidecarEnvironment5Value or SidecarEnvironment5SecretModule) | no | ||
| SidecarEnvironment5SecretModule | Environment variable 5 stack name of secret module for sidecar container (if SidecarEnvironment5Key is set, set either SidecarEnvironment5Value or SidecarEnvironment5SecretModule) | no | ||
| Cpu | The minimum number of vCPUs to reserve for the container | 0.25 | no | [0.25, 0.5, 1, 2, 4] |
| Memory | The amount (in GB) of memory used by the task | 0.5 | no | [0.5, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30] |
| DesiredCount | The number of simultaneous tasks, that you want to run on the cluster | 2 | no | 1-N |
| MaxCapacity | The maximum number of simultaneous tasks, that you want to run on the cluster | 4 | no | 1-N |
| MinCapacity | The minimum number of simultaneous tasks, that you want to run on the cluster | 2 | no | 1-N |
| LogsRetentionInDays | Specifies the number of days you want to retain log events in the specified log group | 14 | no | [1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653] |
| SubnetsReach | Should the service have direct access to the Internet or do you prefer private subnets with NAT? | Public | no | [Public, Private] |
| AutoScaling | Scale number of tasks based on CPU load? | true | no | [true, false] |
| HealthCheckGracePeriodSeconds | The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing target health checks after a task has first started (ignored if TargetModule is not set) | 60 | no | 0-1800 |
| Spot | Run workload on spot capacity? | false | no | [true, false] |
| CpuArchitecture | The CPU architecture of the container. | X86_64 | no | [X86_64, ARM64] |
| OperatingSystemFamily | The operating system family of the container. | LINUX | no | [LINUX, WINDOWS_SERVER_2004_CORE, WINDOWS_SERVER_2016_FULL, WINDOWS_SERVER_2019_CORE, WINDOWS_SERVER_2019_FULL, WINDOWS_SERVER_2022_CORE, WINDOWS_SERVER_2022_FULL, WINDOWS_SERVER_20H2_CORE] |
| ExecuteCommand | Enable or disable ECS execute command | false | no | [false, true] |
| Name | Interface | Description | Exported? |
|---|---|---|---|
| ModuleId | global | Id of the module | no |
| ModuleVersion | global | Version of the module | no |
| StackName | global | Name of the stack (used to pass module references) | no |
| TaskRoleArn | IAM Role ARN of task | yes |
To fetch Docker images from private repositories, you have to provide the repository credentials via AWS Secrets Manager. Go to AWS Secrets Manager and create a new secret of type other type) with the plaintext value:
{
"username": "DOCKERHUB_USERNAME",
"password": "DOCKERHUB_PASSWORD"
}Use the secret module wrapper to use the secret within cfn-modules.
---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-modules example'
Resources:
Secret:
Type: 'AWS::CloudFormation::Stack'
Properties:
Parameters:
Arn: 'arn:aws:secretsmanager:eu-west-1:111111111111:secret:name/of/secret' # TODO replace with your secret ARN
TemplateURL: './node_modules/@cfn-modules/secret/wrapper.yml'
The following image prameters support a secret:
| Parameter | Secret |
|---|---|
| ProxyImage | ProxyImageSecretModule |
| AppImage | AppImageSecretModule |
| SidecarImage | SidecarImageSecretModule |
- Rename
AmbassadorImagetoProxyImage. - Rename
AmbassadorPorttoProxyPort. - Rename
AmbassadorEnvironment1KeytoProxyEnvironment1Key. - Rename
AmbassadorEnvironment1ValuetoProxyEnvironment1Value. - Rename
AmbassadorEnvironment2KeytoProxyEnvironment2Key. - Rename
AmbassadorEnvironment2ValuetoProxyEnvironment2Value. - Rename
AmbassadorEnvironment3KeytoProxyEnvironment3Key. - Rename
AmbassadorEnvironment3ValuetoProxyEnvironment3Value.