community.aws.ecs_service – Create, terminate, start or stop a service in ECS

Note

This plugin is part of the community.aws collection (version 1.4.0).

To install it use: ansible-galaxy collection install community.aws.

To use it in a playbook, specify: community.aws.ecs_service.

New in version 1.0.0: of community.aws

Synopsis

  • Creates or terminates ECS. services.

Requirements

The below requirements are needed on the host that executes this module.

  • boto

  • boto3

  • botocore

  • json

  • python >= 2.6

Parameters

Parameter Choices/Defaults Comments
aws_access_key
string
AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.
If profile is set this parameter is ignored.
Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.

aliases: ec2_access_key, access_key
aws_ca_bundle
path
The location of a CA Bundle to use when validating SSL certificates.
Only used for boto3 based modules.
Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
aws_config
dictionary
A dictionary to modify the botocore configuration.
Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
aws_secret_key
string
AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.
If profile is set this parameter is ignored.
Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.

aliases: ec2_secret_key, secret_key
client_token
string
Unique, case-sensitive identifier you provide to ensure the idempotency of the request. Up to 32 ASCII characters are allowed.
cluster
string
The name of the cluster in which the service exists.
debug_botocore_endpoint_logs
boolean
    Choices:
  • no ←
  • yes
Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
delay
integer
Default:
10
The time to wait before checking that the service is available.
deployment_configuration
dictionary
Optional parameters that control the deployment_configuration.
Format is '{"maximum_percent":<integer>, "minimum_healthy_percent":<integer>}
maximum_percent
integer
Upper limit on the number of tasks in a service that are allowed in the RUNNING or PENDING state during a deployment.
minimum_healthy_percent
integer
A lower limit on the number of tasks in a service that must remain in the RUNNING state during a deployment.
desired_count
integer
The count of how many instances of the service.
This parameter is required when state=present.
ec2_url
string
Url to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.

aliases: aws_endpoint_url, endpoint_url
force_new_deployment
boolean
    Choices:
  • no ←
  • yes
Force deployment of service even if there are no changes.
health_check_grace_period_seconds
integer
Seconds to wait before health checking the freshly added/updated services.
This option requires botocore >= 1.8.20.
launch_type
string
    Choices:
  • EC2
  • FARGATE
The launch type on which to run your service.
load_balancers
list / elements=dictionary
The list of ELBs defined for this service.
name
string / required
The name of the service.
network_configuration
dictionary
Network configuration of the service. Only applicable for task definitions created with network_mode=awsvpc.
assign_public_ip requires botocore >= 1.8.4
assign_public_ip
boolean
    Choices:
  • no
  • yes
Whether the task's elastic network interface receives a public IP address.
This option requires botocore >= 1.8.4.
security_groups
list / elements=string
A list of security group names or group IDs to associate with the task.
subnets
list / elements=string
A list of subnet IDs to associate with the task.
placement_constraints
list / elements=dictionary
The placement constraints for the tasks in the service.
expression
string
A cluster query language expression to apply to the constraint.
type
string
The type of constraint.
placement_strategy
list / elements=dictionary
The placement strategy objects to use for tasks in your service. You can specify a maximum of 5 strategy rules per service.
field
string
The field to apply the placement strategy against.
type
string
The type of placement strategy.
profile
string
Uses a boto profile. Only works with boto >= 2.24.0.
Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.

aliases: aws_profile
region
string
The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region

aliases: aws_region, ec2_region
repeat
integer
Default:
10
The number of times to check that the service is available.
role
string
The name or full Amazon Resource Name (ARN) of the IAM role that allows your Amazon ECS container agent to make calls to your load balancer on your behalf.
This parameter is only required if you are using a load balancer with your service in a network mode other than awsvpc.
scheduling_strategy
string
    Choices:
  • DAEMON
  • REPLICA
The scheduling strategy.
Defaults to REPLICA if not given to preserve previous behavior.
security_token
string
AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.
If profile is set this parameter is ignored.
Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.

aliases: aws_security_token, access_token
service_registries
list / elements=dictionary
Describes service discovery registries this service will register with.
arn
string
Service discovery registry ARN.
container_name
string
Container name for service discovery registration.
container_port
integer
Container port for service discovery registration.
state
string / required
    Choices:
  • present
  • absent
  • deleting
The desired state of the service.
task_definition
string
The task definition the service will run.
This parameter is required when state=present.
validate_certs
boolean
    Choices:
  • no
  • yes ←
When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.

Notes

Note

  • The service role specified must be assumable. (i.e. have a trust relationship for the ecs service, ecs.amazonaws.com)

  • For details of the parameters and returns see https://boto3.readthedocs.io/en/latest/reference/services/ecs.html.

  • An IAM role must have been previously created.

  • If parameters are not set within the module, the following environment variables can be used in decreasing order of precedence AWS_URL or EC2_URL, AWS_PROFILE or AWS_DEFAULT_PROFILE, AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY or EC2_ACCESS_KEY, AWS_SECRET_ACCESS_KEY or AWS_SECRET_KEY or EC2_SECRET_KEY, AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN, AWS_REGION or EC2_REGION, AWS_CA_BUNDLE

  • Ansible uses the boto configuration file (typically ~/.boto) if no credentials are provided. See https://boto.readthedocs.io/en/latest/boto_config_tut.html

  • AWS_REGION or EC2_REGION can be typically be used to specify the AWS region, when required, but this can also be configured in the boto config file

Examples

# Note: These examples do not set authentication details, see the AWS Guide for details.

# Basic provisioning example
- community.aws.ecs_service:
    state: present
    name: console-test-service
    cluster: new_cluster
    task_definition: 'new_cluster-task:1'
    desired_count: 0

- name: create ECS service on VPC network
  community.aws.ecs_service:
    state: present
    name: console-test-service
    cluster: new_cluster
    task_definition: 'new_cluster-task:1'
    desired_count: 0
    network_configuration:
      subnets:
      - subnet-abcd1234
      security_groups:
      - sg-aaaa1111
      - my_security_group

# Simple example to delete
- community.aws.ecs_service:
    name: default
    state: absent
    cluster: new_cluster

# With custom deployment configuration (added in version 2.3), placement constraints and strategy (added in version 2.4)
- community.aws.ecs_service:
    state: present
    name: test-service
    cluster: test-cluster
    task_definition: test-task-definition
    desired_count: 3
    deployment_configuration:
      minimum_healthy_percent: 75
      maximum_percent: 150
    placement_constraints:
      - type: memberOf
        expression: 'attribute:flavor==test'
    placement_strategy:
      - type: binpack
        field: memory

Returned Facts

Facts returned by this module are added/updated in the hostvars host facts and can be referenced by name just like any other host fact. They do not need to be registered in order to use them.

Fact Returned Description
service
complex / elements=string
when service existed and was deleted
Details of deleted service.

clusterArn
string / elements=string
always
The Amazon Resource Name (ARN) of the of the cluster that hosts the service.

deploymentConfiguration
complex / elements=string
always
dictionary of deploymentConfiguration

maximumPercent
integer / elements=string
always
maximumPercent param

minimumHealthyPercent
integer / elements=string
always
minimumHealthyPercent param

deployments
list / elements=dictionary
always
list of service deployments

desiredCount
integer / elements=string
always
The desired number of instantiations of the task definition to keep running on the service.

events
list / elements=dictionary
always
list of service events

loadBalancers
complex / elements=string
always
A list of load balancer objects

containerName
string / elements=string
always
The name of the container to associate with the load balancer.

containerPort
integer / elements=string
always
The port on the container to associate with the load balancer.

loadBalancerName
string / elements=string
always
the name

pendingCount
integer / elements=string
always
The number of tasks in the cluster that are in the PENDING state.

placementConstraints
list / elements=dictionary
always
List of placement constraints objects

expression
string / elements=string
always
A cluster query language expression to apply to the constraint. Note you cannot specify an expression if the constraint type is distinctInstance.

type
string / elements=string
always
The type of constraint. Valid values are distinctInstance and memberOf.

placementStrategy
list / elements=dictionary
always
List of placement strategy objects

field
string / elements=string
always
The field to apply the placement strategy against. For the spread placement strategy, valid values are instanceId (or host, which has the same effect), or any platform or custom attribute that is applied to a container instance, such as attribute:ecs.availability-zone. For the binpack placement strategy, valid values are CPU and MEMORY.

type
string / elements=string
always
The type of placement strategy. Valid values are random, spread and binpack.

runningCount
integer / elements=string
always
The number of tasks in the cluster that are in the RUNNING state.

serviceArn
string / elements=string
always
The Amazon Resource Name (ARN) that identifies the service. The ARN contains the arn:aws:ecs namespace, followed by the region of the service, the AWS account ID of the service owner, the service namespace, and then the service name. For example, arn:aws:ecs:region :012345678910 :service/my-service .

serviceName
string / elements=string
always
A user-generated string used to identify the service

status
string / elements=string
always
The valid values are ACTIVE, DRAINING, or INACTIVE.

taskDefinition
string / elements=string
always
The ARN of a task definition to use for tasks in the service.



Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
service
complex
when creating a service
Details of created service.

 
clusterArn
string
always
The Amazon Resource Name (ARN) of the of the cluster that hosts the service.

 
deploymentConfiguration
complex
always
dictionary of deploymentConfiguration

   
maximumPercent
integer
always
maximumPercent param

   
minimumHealthyPercent
integer
always
minimumHealthyPercent param

 
deployments
list / elements=dictionary
always
list of service deployments

 
desiredCount
integer
always
The desired number of instantiations of the task definition to keep running on the service.

 
events
list / elements=dictionary
always
list of service events

 
loadBalancers
complex
always
A list of load balancer objects

   
containerName
string
always
The name of the container to associate with the load balancer.

   
containerPort
integer
always
The port on the container to associate with the load balancer.

   
loadBalancerName
string
always
the name

 
pendingCount
integer
always
The number of tasks in the cluster that are in the PENDING state.

 
placementConstraints
list / elements=dictionary
always
List of placement constraints objects

   
expression
string
always
A cluster query language expression to apply to the constraint. Note you cannot specify an expression if the constraint type is distinctInstance.

   
type
string
always
The type of constraint. Valid values are distinctInstance and memberOf.

 
placementStrategy
list / elements=dictionary
always
List of placement strategy objects

   
field
string
always
The field to apply the placement strategy against. For the spread placement strategy, valid values are instanceId (or host, which has the same effect), or any platform or custom attribute that is applied to a container instance, such as attribute:ecs.availability-zone. For the binpack placement strategy, valid values are CPU and MEMORY.

   
type
string
always
The type of placement strategy. Valid values are random, spread and binpack.

 
runningCount
integer
always
The number of tasks in the cluster that are in the RUNNING state.

 
serviceArn
string
always
The Amazon Resource Name (ARN) that identifies the service. The ARN contains the arn:aws:ecs namespace, followed by the region of the service, the AWS account ID of the service owner, the service namespace, and then the service name. For example, arn:aws:ecs:region :012345678910 :service/my-service .

 
serviceName
string
always
A user-generated string used to identify the service

 
status
string
always
The valid values are ACTIVE, DRAINING, or INACTIVE.

 
taskDefinition
string
always
The ARN of a task definition to use for tasks in the service.



Authors

  • Mark Chance (@Java1Guy)

  • Darek Kaczynski (@kaczynskid)

  • Stephane Maarek (@simplesteph)

  • Zac Blazic (@zacblazic)