ECSctrl - utility to deploy ECS services for humans
Project description
ECSctrl - ECS deployment for humans
ECSctrl allows you to interact w ECS task definition, service and SSM parameter store APIs with simple, easy to maintain template-driven ymls. It works by generating yml resource description from a template and passing it directly to boto3 function as parameters. You can reference boto3 documentation for information on expected data structure.
Template engine
ECSctrl uses Jinja2 under the hood. You can use any expression (values, includes, conditions, loops etc.) that is allowed by Jinja. For example common pattern is to keep environment configuration in a common file and include it in multiple task definitions.
Parameter sources
Jinja templates are fed with values from multiple sources given as command arguments:
- env files with key-value pairs ie.
-e production.envor--env-file=staging.env - json files ie.
-j terraform-output.jsonor--env-file=infrastructure.json - key-value pairs provided as command arguments ie.
-v env_name=jupiteror--var instance_type=small - system environment - turned on/off with
--sys-env/--no-sys-envoption; off by default
Authentication
ECSctrl uses boto3. Configure your aws credentials or set your environment variables as expected by boto3.
Usage examples
All command accept parameter sources as described above. All examples below use the same env file:
# production.env
env_name=production
desired_count=5
memory_limit=2048
app_version=latest
aws_region=us-west-1
target_group_arn=arn:aws:elasticloadbalancing:us-west-1:123456:targetgroup/web-backend/6b38ca93a923aecf
execution_role_arn=arn:aws:iam::123456:role/ecs_task_execution_role
task_role_arn=arn:aws:iam::123456:role/ecs_task_role
subnets=subnet-0296669bba,subnet-b5815d42f,subnet-9401e7ab
service_security_groups=sg-d2935617e5,sg-bb45c06af
Register new ECS task definition.
# task-defnition.yaml
family: {{ env_name }}-nginx
tags:
ManagedBy: ECSctrl
Environment: {{ env_name }}
executionRoleArn: {{ execution_role_arn }}
taskRoleArn: {{ task_role_arn }}
networkMode: awsvpc
cpu: 512
memory: {{ memory_limit }}
containerDefinitions:
- name: ngninx
image: nginx:{{ app_version }}
memoryReservation: 512
essential: true
logConfiguration:
logDriver: awslogs
options:
awslogs-group: {{ env_name }}/nginx
awslogs-region: {{ aws_region }}
awslogs-stream-prefix: nginx
awslogs-create-group: "true"
portMappings:
- containerPort: 80
hostPort: 80
environment:
- DEBUG=true
secrets:
- DATABASE_PASSWORD={{ env_name }}-DATABASE_PASSWORD
- SESSION_SECRET_KEY={{ env_name }}-SESSION_SECRET_KEY
ecsctrl task-definition register -e production.env task-definition.yaml
Additionally you can use following options:
-c <cluster-name>/--update-services-in-cluster=<cluster-name>- updates all existing services which uses previous version of task definition (task definition family must match) in given cluster. Can be added multiple times for multiple clusters-w/--wait- wait for update of services to finish. Command will fail if at least one of services will fail to update.
Create new ECS service
# service.yaml
serviceName: nginx
cluster: {{ env_name }}-ecs-cluster
tags:
ManagedBy: ECSctrl
Environment: {{ env_name }}
enableECSManagedTags: true
propagateTags: TASK_DEFINITION
desiredCount: {{ desired_count }}
launchType: FARGATE
loadBalancers:
- targetGroupArn: {{ target_group_arn }}
containerName: nginx
containerPort: 80
taskDefinition: {{ env_name }}-nginx
deploymentConfiguration:
maximumPercent: 200
minimumHealthyPercent: 50
deploymentCircuitBreaker:
enable: true
rollback: false
schedulingStrategy: REPLICA
deploymentController:
type: ECS
networkConfiguration:
awsvpcConfiguration:
assignPublicIp: DISABLED
subnets:
{% for subnet in subnets.split(',') %}
- {{ subnet }}
{% endfor %}
securityGroups:
{% for sg in service_security_groups.split(',') %}
- {{ sg }}
{% endfor %}
ecsctrl service create -e production.env service.yaml
Update existing ECS service
Sorry, not implemented yet.
Store secrets in SSM parameter store.
Secrets are represented in yaml as SSM name and value pairs. They're uploaded to parameter store as SecureStrings.
# secrets.yaml
{{ env_name }}-DATABASE_PASSWORD: 5w55ARXYbM3vUSVH
{{ env_name }}-SESSION_SECRET_KEY: VADGyLJscJsa4FF2
ecsctrl secrets store -e production.env secrets.yaml
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ECSctrl-0.2.0.tar.gz.
File metadata
- Download URL: ECSctrl-0.2.0.tar.gz
- Upload date:
- Size: 11.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.9.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5377d4b7ac1d6afd38ff405dcc635d5e8f6e45844f2ebfd3e1d6123a292741d2
|
|
| MD5 |
c82d5a69dff30d01fc01a605e063f54b
|
|
| BLAKE2b-256 |
2d34c70066038659069efa172aa7f3d3fb01738722ce4e04ef19207398051e98
|
File details
Details for the file ECSctrl-0.2.0-py3-none-any.whl.
File metadata
- Download URL: ECSctrl-0.2.0-py3-none-any.whl
- Upload date:
- Size: 11.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.9.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
81008d15a65eeed7570e08cf1164f0381340606bebe9a7185ae197b99295cd4c
|
|
| MD5 |
f2149a59f1a06c90d41760105707a5fc
|
|
| BLAKE2b-256 |
af0227bd71aaf9cc813381ef44482461b3902f20d0d4c6817e54edde99f079d7
|
