Stay up to date with the latest from the Knowledge Center. See all new and updated Knowledge Center articles published in the last month and re:Post’s top contributors.
Why does CFN update the ECS TaskDefinition when updating the ECS Service but not use the latest revision?
We're using ECS and when I update the ECS::Service resource it also triggers an update of the ECS::TaskDefinition for that service. The documentation specifically says that if you don't specify a "revision" in the TaskDefinition it will use the latest ACTIVE revision. However, that doesn't seem to be the case.
In my testing, I changed the Service::ServiceConnectionConfiguration service timeout from 60 seconds to 30 seconds and CFN update my TaskDefinition from "8 (LATEST)" to "4" which was old. What am I doing wrong? Is anyone else seeing this problem?
Service Config:
"ecssrvcdurin": {
"Type": "AWS::ECS::Service",
"Properties": {
"Cluster": {"Ref": "ParamClusterARN"},
"DeploymentConfiguration": {
"MaximumPercent": 200,
"MinimumHealthyPercent": 100,
"DeploymentCircuitBreaker": {"Enable": true, "Rollback": true}
},
"DeploymentController": {"Type": "ECS"},
"DesiredCount": 2,
"EnableECSManagedTags": true,
"EnableExecuteCommand": true,
"NetworkConfiguration": {"AwsvpcConfiguration": { .... }
},
"PropagateTags": "TASK_DEFINITION",
"ServiceName": "durin",
"ServiceConnectConfiguration": {
"Enabled": true,
"Services": [
{"PortName": "durin", "ClientAliases": [{"Port": 3001}], "Timeout": {"PerRequestTimeoutSeconds": 30}}
]
},
"TaskDefinition": {"Ref": "ecstddurin"}
}
},
Task Config:
"ecstddurin": {
"Type": "AWS::ECS::TaskDefinition",
"Properties": {
"ContainerDefinitions": [
{
"Essential": true,
"HealthCheck": {"Command": ["CMD-SHELL", "exit 0"], "Interval": 30, "Retries": 3, "Timeout": 5},
"LinuxParameters": {"InitProcessEnabled": true},
"LogConfiguration": {
"LogDriver": "awslogs",
"Options": {
"awslogs-region": "us-east-1",
"awslogs-group": "/lh/ecs/sg/durin",
"awslogs-stream-prefix": "durin"
}
},
"PortMappings": [{"Name": "durin", "ContainerPort": 3001, "Protocol": "tcp", "AppProtocol": "http"}],
"Image": "zzzzzzzzzzzzzz.dkr.ecr.us-east-1.amazonaws.com/durin",
"Name": "durin"
}
],
"Cpu": "1024",
"ExecutionRoleArn": {"Fn::GetAtt": ["iamrecsexecutionrole", "Arn"]},
"Family": "durin-sg",
"Memory": "4096",
"NetworkMode": "awsvpc",
"RequiresCompatibilities": ["FARGATE"],
"RuntimePlatform": {"CpuArchitecture": "X86_64", "OperatingSystemFamily": "LINUX"}
....
}
},
- Newest
- Most votes
- Most comments
Interesting. The "ECS::Service" and "ECS::TaskDefinition" are in the same CFN template. Will CFN dynamically update the TaskDevARN and apply it to the Service if they are both in the same template?
If there is a change in "AWS::ECS::TaskDefinition", a new revision will be created and the ARN revision number will be changed.
Also, this is a neat idea for a workaround, but should it be necessary? The CFN docs are pretty clear that it will use the latest ACTIVE TaskDefinition, yet my experience seems to suggest that's not the case.
In your case, you are getting the ARN including the revision number with "{"Ref": "ecstddurin"}".
The documentation says to use the latest revision only if you don't specify the full ARN.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-taskdefinition
Therefore, if the ARN is as below, I think the latest revision will be used.
arn:aws:ecs:us-west-2:123456789012:task-definition/TaskDefinitionFamily
Hello.
If you retrieve "AWS::ECS::TaskDefinition" with !Ref, the content will be retrieved with the revision number included in the ARN.
Therefore, it is possible that it has become the fourth revision.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#aws-resource-ecs-taskdefinition-return-values
In the following example, the Ref function returns the ARN of the MyTaskDefinition task definition, such as arn:aws:ecs:us-west-2:123456789012:task-definition/TaskDefinitionFamily:1.
Why not check the revision of the task definition used in CloudFormation using the "Outputs" section as shown below?
https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/outputs-section-structure.html
"Outputs" : {
"TaskDefARN" : {
"Value" : {"Ref": "ecstddurin"},
"Export" : {
"Name" : "TaskDefARN"
}
}
}
Relevant content
- asked 7 months ago
- asked 5 months ago
AWS OFFICIALUpdated 8 days ago- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 8 months ago
Interesting. The "ECS::Service" and "ECS::TaskDefinition" are in the same CFN template. Will CFN dynamically update the TaskDevARN and apply it to the Service if they are both in the same template?
Also, this is a neat idea for a workaround, but should it be necessary? The CFN docs are pretty clear that it will use the latest ACTIVE TaskDefinition, yet my experience seems to suggest that's not the case.
If there is a change in "AWS::ECS::TaskDefinition", a new revision will be created and the ARN revision number will be changed.
In your case, you are getting the ARN including the revision number with "{"Ref": "ecstddurin"}". The documentation says to use the latest revision only if you don't specify the full ARN. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-taskdefinition
Therefore, if the ARN is as below, I think the latest revision will be used.
Riku, I think you are correct. I just did a bit of testing where I manually constructed the ARN (without the revision number) and my update didn't change the TaskDefinition. WooHoo! If you repost this as an Answer I'll mark it as Accepted. :)