ecs_composex.ecs.ecs_family package

Subpackages

• ecs_composex.ecs.ecs_family.family_logging package
  • Submodules
  • ecs_composex.ecs.ecs_family.family_logging.cw_logging module
    • add_container_level_log_group()
    • create_log_group()
    • logging_from_defined_region()
  • Module contents
    • FamilyLogging
      • FamilyLogging.api_health_enabled
      • FamilyLogging.buffer_limit_mb
      • FamilyLogging.cpu_limits
      • FamilyLogging.cw_log_retention
      • FamilyLogging.family
      • FamilyLogging.family_log_group
      • FamilyLogging.grace_period
      • FamilyLogging.handle_awslogs_logging()
      • FamilyLogging.handle_firelens()
      • FamilyLogging.init_family_services_log_configuration()
      • FamilyLogging.set_init_family_service_logging()
      • FamilyLogging.update_cw_log_retention()
      • FamilyLogging.update_family_services_logging_configuration()

Submodules

ecs_composex.ecs.ecs_family.family_helpers module

ecs_composex.ecs.ecs_family.family_helpers. assign_policy_to_role ( role_secrets , role )

Function to assign the policy to role Policies :param list role_secrets: :param troposphere.iam.Role role: :rtype: None :return:

ecs_composex.ecs.ecs_family.family_helpers. assign_secrets_to_roles ( secrets , exec_role , task_role )

Function to assign secrets access policies to exec_role and/or task_role

Parameters :

• secrets –

• exec_role ( troposphere.iam.Role ) –

• task_role ( troposphere.iam.Role ) –

Return type :

None

Returns :

ecs_composex.ecs.ecs_family.family_helpers. ensure_essential_containers ( family )

Iterates over the services of the family, and ensures that containers.Essential is set appropriately according to the service requirements

Parameters :

family ( ecs_composex.ecs.ecs_family.ComposeFamily ) –

Return type :

None

ecs_composex.ecs.ecs_family.family_helpers. handle_same_task_services_dependencies ( services_config )

Function to define inter-tasks dependencies. It defines a priority value (service[0]) based on how many parents (i.e, they depend on the parents) they have. The lowest priority value are the first ones to have to start, the highest value is the last container to start.

Parameters :

services_config ( list [ list [ ] ] ) –

Return type :

None

ecs_composex.ecs.ecs_family.family_helpers. set_ecs_cluster_logging_access ( settings , policy , role_stack )

Based on ECS Cluster settings / configurations, grant permissions to specific resources for all functionalities to work.

Parameters :

• settings ( ecs_composex.common.settings.ComposeXSettings ) –

• policy –

• role_stack ( ecs_composex.common.stacks.ComposeXStack ) –

Return type :

None

ecs_composex.ecs.ecs_family.family_helpers. set_ecs_cluster_logging_cw_access ( settings , policy , role_stack )

Based on ECS Cluster settings / configurations, grant permissions to CW Log defined to log ECS Execute command feature

Parameters :

• settings ( ecs_composex.common.settings.ComposeXSettings ) –

• policy –

• role_stack ( ecs_composex.common.stacks.ComposeXStack ) –

Return type :

None

ecs_composex.ecs.ecs_family.family_helpers. set_ecs_cluster_logging_kms_access ( settings , policy , role_stack )

Based on ECS Cluster settings / configurations, grant permissions to KMS key encrypting Log defined to log ECS Execute command feature

Parameters :

• settings ( ecs_composex.common.settings.ComposeXSettings ) –

• policy –

• role_stack ( ecs_composex.common.stacks.ComposeXStack ) –

ecs_composex.ecs.ecs_family.family_helpers. set_ecs_cluster_logging_s3_access ( settings , policy , role_stack )

Based on ECS Cluster settings / configurations, grant permissions to put logs to S3 Bucket for logs defined to log ECS Execute command feature

Parameters :

• settings ( ecs_composex.common.settings.ComposeXSettings ) –

• policy –

• role_stack ( ecs_composex.common.stacks.ComposeXStack ) –

ecs_composex.ecs.ecs_family.family_helpers. set_service_dependency_on_all_iam_policies ( family )

Function to ensure the Service does not get created/updated before all IAM policies were set completely

Return type :

None

ecs_composex.ecs.ecs_family.family_helpers. swap_environment_value_with_parameter ( family , service )

Return type :

None

ecs_composex.ecs.ecs_family.family_helpers. update_env_var_to_parameter ( family , service , env_var , set_as_params )

Function that will replace a user-defined environment variable with a Template Parameter If the SetAsParameter is a list, goes through them and generates the CFN Parameter properties If SetAsParameter is a dict, it will import the user-defined Parameter settings.

Return type :

None

ecs_composex.ecs.ecs_family.family_template module

ecs_composex.ecs.ecs_family.family_template. set_template ( family )

Function to set the troposphere.Template associated with the ECS Service Family

Return type :

troposphere.Template

ecs_composex.ecs.ecs_family.task_execute_command module

Module to enable ECS Anywhere feature for a given ECS Family.

ecs_composex.ecs.ecs_family.task_execute_command. apply_ecs_execute_command_permissions ( family , settings )

Set the IAM Policies in place to allow ECS Execute SSM and Logging

Parameters :

settings –

Returns :

ecs_composex.ecs.ecs_family.task_execute_command. expand_policy_roles ( role_stack , policy_title , task_role )

Adds the task role to the policy when the policy already exists

Parameters :

• role_stack –

• policy_title ( str ) –

• task_role –

Return type :

None

ecs_composex.ecs.ecs_family.task_execute_command. set_enable_execute_command ( family )

Sets necessary settings to enable ECS Execute Command ECS Anywhere support since 2022-01-24

ecs_composex.ecs.ecs_family.task_runtime module

ecs_composex.ecs.ecs_family.task_runtime. define_family_runtime_cpu_arch ( family , svc )

Sets the CPU Runtime architecture set from services, if set. Validates that if set, it is the same for all

Raises :

ValueError

Return type :

None

ecs_composex.ecs.ecs_family.task_runtime. define_family_runtime_os_family ( family , svc )

Sets the Runtime Host OS Family set from services, if set. Validates that if set, it is the same for all

Raises :

ValueError

Return type :

None

ecs_composex.ecs.ecs_family.task_runtime. define_family_runtime_parameters ( family )

Based on the services x-ecs. Configuration, allows to change the TaskDefinition Runtime configuration

Return type :

None

Module contents

Package to manage an ECS “Family” Task and Service definition

class ecs_composex.ecs.ecs_family. ComposeFamily ( services , family_name )

Bases: object

Class to group services logically to create the final ECS Task and Service definitions

Processing order

• Import first service

• Define LaunchType

• Define CapacityProviders if set

  This helps determine if we run in EXTERNAL mode early, as a lot of networking settings won’t apply.

Variables :

• services ( list [ ecs_composex.compose.compose_services.ComposeService ] ) – List of the Services part of the family

• ecs_service ( ecs_composex.ecs.ecs_service.Service ) – ECS Service settings

• iam_manager ( ecs_composex.ecs.task_iam.TaskIam ) –

• task_compute ( TaskCompute ) – Task Compute manager

add_containers_images_cfn_parameters ( )

Adds parameters to the stack and set values for each service/container in the family definition

add_managed_sidecar ( service )

Adds a new container/service to the Task Family and validates all settings that go along with the change. :type service: ecs_composex.compose.compose_services.ComposeService :param service:

add_service ( service )

Function to add new services (defined in the compose files). Not to use for managed sidecars :param ComposeService service:

apply_ecs_execute_command_permissions ( settings )

Method to set the IAM Policies in place to allow ECS Execute SSM and Logging

Parameters :

settings ( ecs_composex.common.settings.ComposeXSettings ) –

Return type :

None

Returns :

finalize_family_settings ( )

Once all services have been added, we add the sidecars and deal with appropriate permissions and settings Will add xray / prometheus sidecars

finalize_services_networking_settings ( settings )

Final pass on the service network settings

Return type :

None

generate_outputs ( )

Generates a list of CFN outputs for the ECS Service and Task Definition

handle_alarms ( )

Return type :

None

handle_logging ( settings )

Method to go over each service logging configuration and accordingly define the IAM permissions needed for the exec/task role

import_all_sidecars ( )

Once all services have been added from the ComposeXSettings looping over services, we import all sidecars Should be invoked only once.

Return type :

None

init_family ( )

Initializes the family after all services in the docker-compose definition have been assigned.

The only containers that might then be added will be sidecars which won’t influence launch type, capacity providers or anything else than the ECS Task Definition (CPU/RAM | ProxySettings)

Return type :

None

init_network_settings ( settings , vpc_stack )

Once we have figured out the compute settings (EXTERNAL vs other)

Return type :

None

init_task_definition ( )

Initialize the ECS TaskDefinition

• Sets Compute settings

• Sets the TaskDefinition using current services/ContainerDefinitions

• Update the logging configuration for the containers.

property logical_name : str

property service_arn_param : Parameter

property service_definition : Union [ None , Service ]

property service_name_param : Parameter

property services : list

property services_names : list [ str ]

set_add_region_when_external ( )

set_enable_execute_command ( )

Sets necessary settings to enable ECS Execute Command ECS Anywhere support since 2022-01-24

Return type :

None

set_secrets_access ( )

Method to handle secrets permissions access

set_services_family_links ( )

set_services_to_services_dependencies ( )

Method to iterate over each depends_on service set in the family services and add them up

Returns :

set_task_definition ( )

Function to set or update the task definition

Parameters :

self – the self of services

set_update_containers_priority ( )

Method to sort out the containers dependencies and create the containers definitions based on the configs.

Return type :

None

static sort_env_vars ( service , environment , secrets = None )

Sorts env vars. If there are secrets in the list, checks to remove env vars with Name that’d overlap with an existing secret. Favoring secret over environment variable for security, as it’s likely more sensitive.

Return type :

None

static sort_secrets ( service , secrets )

Sorts secrets by Name

Return type :

None

sort_secrets_env_vars ( )

Sorts secrets and env vars alphabetically. Removes env vars which would have a Key common to secrets

state_facts ( )

Function to display facts about the family. Similar to __repr__ but for logging the properties of the ComposeFamily

property task_ephemeral_storage : int

If any service ephemeral storage is defined above, sets the ephemeral storage to the maximum of them. Return 0 if below 21 which is the default “free” Fargate storage space.

validate_compute_configuration_for_task ( settings )

property want_xray : bool

x_environment_processing ( )

Checks for each service if x-environment was set

class ecs_composex.ecs.ecs_family. ServiceStack ( name , stack_template , stack_parameters = None , file_name = None , module_name = None , module = None , ** kwargs )

Bases: ComposeXStack

Class to identify specifically a service stack

do_validation : bool

properties : Dict[str, Any]

propnames : Set[str]

resource : Dict[str, Any]

template : Optional[Template]

title : Optional[str]