CDK deployments with dynamic ecs task definitions


I'm deploying an ECS Cluster and Service with a Task Definition with the CDK. For organizational reasons, I run a build process with Github Actions that creates new versions of containers and then deploys them by creating new versions of the task definition that get deployed to the service I created with CDK.

I noticed that when I make changes to the service with CDK (not the task definition) it will roll back to the previous version of the task definition rather than the latest version of the definition that I deployed externally. I would rather not have deployed the task definition with CDK (I thought this might be an issue) - but it seems to be required to deploy the service with CDK.

If I never make changes to the service in CDK, everything is fine. But if I do, it'll roll back my task definition. How can I avoid this? Better yet, am I missing a best practice here/asking the wrong question?

  • Hi, I would suggest to update your question with the ECS-relevant part of your CDK code. That would help to understand how you ask ECS to choose the container image.

  • Hi! I suspect this would actually not help much - my CDK based task definition has a "dummy" container image. It just deploys a vanilla image of nginx. When the github action runs, it creates a brand new task definition that pulls from an ECR repo. This is why my cdk service updates are a problem - it reverts to the dummy nginx image.

1 Answer
Accepted Answer


Your ECS task definition (see points to a container image.

If you update your image, you must update the task definition in CDK so that it takes the latest image.

AWS recommendation is to not use 'latest' as image tag but commit id.

So, you CDK project should make use of an env var defining the commit id to use for the image tag included in the task definition



profile pictureAWS
answered 6 months ago
profile picture
reviewed 2 months ago
profile picture
reviewed 4 months ago
  • This is fair (and I've avoided using 'latest' for just this reason), but I've avoided this because that would mean I'd need to deploy from specific machines or environments. Not just anyone could run cdk deploy on their machine. In the past I've tried dynamic aws api calls within CDK to grab dynamic bits of configuration (like the most recent task definition, for instance), but this has traditionally caused problems/frustration.

  • Thnak you for the feedback and acceptation of answer

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions