AWS ECS

Examples

example ECS Fargate private (vpc only access) load balanced (internal ALB) http service (nginx)

example ECS Fargate nodejs task that is manually run

example ECS Fargate nodejs task with EFS file share that is manually run

example ECS on EC2 using Bottlerocket AMI for ECS container instance

example using ecs-cli to serve simple docker compose nodejs web app

Fargate Task CPU and memory
- min cpu: 256 (.25 vCPU), max cpu: 4096 (4 vCPU)
- min mem: 512 MiB, max mem: 30 GB
AWS::ECS::TaskDefinition.ExecutionRoleArn - role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf. For example, permission to pull ECR images and create log streams. See Amazon ECS task execution IAM role. The arn:aws:iam::${AWS::AccountId}:role/ecsTaskExecutionRole role is available by default.
AWS::ECS::TaskDefinition.TaskRoleArn - role that grants containers in the task permission to call AWS APIs on your behalf. e.g. access S3, secrets manager, etc. See IAM roles for tasks
AWS::ECS::Service.Role - no need to specify in typical use case. Amazon ECS uses the service-linked role named AWSServiceRoleForECS to enable Amazon ECS to call AWS APIs on your behalf. see Service-linked role for Amazon ECS
AWS::ECS::Service.NetworkConfiguration - required for task definitions that use the awsvpc network mode to receive their own elastic network interface, and it is not supported for other network modes
AWS::ECS::Service.NetworkConfiguration.AwsvpcConfiguration.AssignPublicIp - Whether the task’s elastic network interface receives a public IP address. The default value is DISABLED. (DISABLED | ENABLED)