https://prefect.io logo
Title
r

Rikimaru Yamaguchi

03/15/2023, 2:37 PM
Hi, is it possible to override task_definition in ECSTask? Specifically, I would like to specify
secrets
as follows.
"secrets": [
                {
                    "name": "AWS_ACCESS_KEY_ID",
                    "valueFrom": "/copilot/app/prd/secrets/AWS_ACCESS_KEY_ID"
                },
            ]
Thank you.
z

Zanie

03/15/2023, 2:53 PM
Yes you can pass a task definition with
task_definition
https://prefecthq.github.io/prefect-aws/ecs/#prefect_aws.ecs.ECSTask.task_definition
r

Rikimaru Yamaguchi

03/15/2023, 3:02 PM
@Zanie thank you
ecs = ECSTask(
    aws_credentials=aws_credentials_block,
    image=f"{config.aws_account_id}.dkr.ecr.{config.aws_region}.<http://amazonaws.com/core/agent:latest|amazonaws.com/core/agent:latest>",
    cpu="512",
    memory="1024",
    stream_output=True,
    configure_cloudwatch_logs=True,
    cluster=CLUSTER_NAME,
    execution_role_arn=f"arn:aws:iam::{config.aws_account_id}:role/prefect_ecs_execution_role",
    task_role_arn=f"arn:aws:iam::{config.aws_account_id}:role/prefect_ecs_execution_role",
    task_customizations=[
        {
            "op": "add",
            "path": "/networkConfiguration/awsvpcConfiguration/subnets",
            "value": SUBNETS,
        },
    ],
    task_definition={
        "containerDefinitions": [
            {
                "secrets": [
                    {
                        "name": "AWS_ACCESS_KEY_ID",
                        "valueFrom": "/copilot/app/prd/secrets/AWS_ACCESS_KEY_ID"
                    },
                ]
            }
        ],
    }
)
When task_definition is set as above, ECS will not start. Without task_definition, it is confirmed that it can start. Is there a wrong way to specify it?
z

Zanie

03/15/2023, 4:03 PM
When it does not start… what happens?
Here’s the base task definition we use for testing https://github.com/PrefectHQ/prefect-aws/blob/main/tests/test_ecs.py#L33-L40