With your ECS cluster, ECS task definition, and various supporting resources in place, you can now define an ECS service that will deploy your container application as defined in the ECS task definition to your ECS cluster.
The following example demonstrates adding an ECS service resource to your CloudFormation template, which has a resource type of AWS::ECS::Service:
...
...
Resources:
ApplicationService:
Type: AWS::ECS::Service
DependsOn:
- ApplicationAutoscaling
- ApplicationLogGroup
- ApplicationLoadBalancerHttpListener
Properties:
TaskDefinition: !Ref ApplicationTaskDefinition
Cluster: !Ref ApplicationCluster
DesiredCount: !Ref ApplicationDesiredCount
LoadBalancers:
- ContainerName: todobackend
ContainerPort: 8000
TargetGroupArn: !Ref ApplicationServiceTargetGroup
Role: !Sub arn:aws:iam::${AWS::AccountId}:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS
DeploymentConfiguration:
MaximumPercent: 200
MinimumHealthyPercent: 100
ApplicationTaskDefinition:
Type: AWS::ECS::TaskDefinition
...
...
One interesting aspect of the configuration in the preceding example is the DependsOn parameter, which defines other resources in the stack that must be created or updated before the ECS service resource can be created or updated. Although CloudFormation automatically creates dependencies when a resource directly references another resource, a resource may have dependencies on other resources that don't have a direct relationship to that resource. The ECS service resource is a good example of this—the service can't operate without a functional ECS cluster and associated ECS container instances (this is represented by the ApplicationAutoscaling resource) and can't write logs without the ApplicationLogGroup resource. A more subtle dependency is the ApplicationLoadBalancerHttpListener resource, which must be functional before the target group associated with the ECS service will register targets.
The various properties that are configured for the ECS service are described here:
- TaskDefinition, DesiredCount, and Cluster: Defines the ECS task definition, number of ECS tasks, and the target ECS cluster that the service will deploy to.
- LoadBalancers: Configures a load balancer resource that the ECS service should be integrated with. You must specify the container name, container port, and target group ARN that the ECS service will be registered with. Notice that you reference the ApplicationServiceTargetGroup resource you created earlier in this chapter.
- Role: This property is only required if you are integrating your ECS service with a load balancer and specifies an IAM role that grants permissions for the ECS service to manage the configured load balancer. In the preceding example, you reference the ARN of a special IAM role known as a service role (https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html), which is automatically created by AWS whenever you create ECS resources. The AWSServiceRoleForECS service role grants a number of permissions typically required for ECS, including managing and integrating with application load balancers.
- DeploymentConfiguration: Configures settings related to rolling deployments of new versions of your ECS task definitions. During a deployment, ECS will stop existing containers and deploy new containers based on the new version of your ECS task definition, and the MinimumHealthyPercent setting defines minimum allowable percentage of containers in relation to the DesiredCount property that must be in service during a deployment. Similarly, the MaximumPercent setting defines the maximum allowable percentage of containers that can be deployed in relation to the DesiredCount property during a deployment.