Interface EcsFargateServiceProps

Additional IAM policy statements to append to the service's Task Role

Identifier for the application this service is part of. Used as the prefix for resource names etc. Not to be confused with 'serviceName' that is the unique name for the actual ECS service to be created. Usually the 'applicationId' would be the same for all services in the current context

Metric to use for ECS autoscaling

Target value for the autoscaling. Depends on the selected metric

The Fargate Cluster

Environment variables to pass to the container as key-value pairs

Container environment variables to securely resolve from SSM ParameterStore Secret (encrypted) parameters at the time of launching the container. Defined as key-value parirs. The value can be either a parameter name or reference to StringParameter resource.

The parameters defined here must exist before launching this service

The KMS key(s) used to encrypt the secret SSM Parameters must be passed in the 'kmsEnvironmentKeys' property

Container environment variables to resolve from SSM ParameterStore Standard (non-encrypted) parameters at the time of launching the container

The parameters defined here must exist before launching this service

Provisioned CPU capacity for the service

Properties for enabling the DataDog agent container as a 'sidecar' for this container service

Desired number of tasks (containers) to launch. Autoscaling aims to keep this number of tasks running at all times

NOTE: Consider not specifying the desiredCount directly, instead allow the AutoScaling to scale the service to the desired level. The AutoScaling actions work by setting the desiredCount value for the service. This happens 'outside' of the IaC deployments. If desiredCount is specified here, the underlying CloudFormation stack for the service will drift when AutoScaling scales the service, causing possible issues with further deployments. You can control the AutoScaling by setting the minCapacity and maxCapacity properties accordingly. Setting the desiredCount explicitly is ok if AutoScaling is not intended to be used for the service.

Account ID of the AWS account that hosts the ECR repository that has the images for this service. Usually this is the application's PROD account. Used to define the required permissions for the container service to use the images

ARN of the ECR repository that hosts the images for this service

Standard environment name

Amount of ephemeral storage reserved for the service in GiB. Must be between 20 and 200 GiB

Name of the SSM param that has current Git commit SHA. Used to tag the container service resources with the current commit SHA that was used to build the container image

Required only if 'gitRepositoryUrl' is defined.

Git repo URL for this service. Used to tag the container service resources with the Git repository URL that hosts the container image definitions for this service. If enabled, the SSM parameter with the name provided for 'gitCommitShaParamName' (or a parameter that matches the default) must exist before launching this service.

Required to enable version tagging for the service

Grace period for the LoadBalancer health checks. If the container doesn't respond to the health check during this period, it will be marked as unavailable and replaced by auto scaling

Name of the SSM parameter that defines the container image tag (version) to be deployed.

The SSM parameter must exist before launching the service

KMS keys that are used to encrypt the data stores this service needs to access. The IAM role for this service will be granted Read/Write access to these keys

KMS key that is used to encrypt the ECR images used by this service. This is required only on the account that hosts the ECR repository.

KMS keys that are used to encrypt resources like SSM ParameterStore parameters that are needed in order to launch this service. The ECS Task Execution Role (the IAM role that is used by the ECS service to launch the container services) is granted Read access to these keys

LogGroupClass for the CloudWatch LogGroup for this service's logs

CloudWatch log retention for the log group for this service

Maximum value the Auto Scaling will scale the service to during scaling activity

The maximum number of tasks, specified as a percentage of the Amazon ECS service's DesiredCount value, that can run in a service during a deployment.

Memory limit for the Fargate Task in GiB. Allowed values depend on the specified CPU capacity.

Minimum value the Auto Scaling will scale the service to during scaling activity

The minimum number of tasks, specified as a percentage of the Amazon ECS service's DesiredCount value, that must continue to run and remain healthy during a deployment.

Give the container only ReadOnly access to its root file system.

NOTE: It's best practice to enable this feature to restrict a possible attacker's ability to try to break out from the container and gain wider system access. However, many services don't work correctly when this is enabled. Test your service thoroughly before enabling

Cooldown period after AutoScaling scale-in action, before next scale-in can be started. Controls how fast the AutoScaling reacts to reducing service load

Cooldown period after AutoScaling scale-out action, before next scale-out can be started. Controls how fast the AutoScaling reacts to increasing service load

Shared ServiceLinkedRole for the service auto scaling

Name of the service to launch. Must be a DNS-safe string. Will be forced to the kebab-case convention (for example: my-service-name)

Scope of the Fargate service

Type of the Fargate service

Additional permissions to add to the ECS Task Execution Role used to launch the services

VPC to deploy the cluster and services to

Private subnets of the VPC