Run Amazon ECS or Fargate tasks with Step Functions

To Nha Notes | Sept. 11, 2024, 11:17 p.m.

Learn how to integrate Step Functions with Amazon ECS or Fargate to run and manage tasks. In Amazon ECS, a task is the fundamental unit of computation. Tasks are defined by a task definition that specifies how a Docker container should be run, including the container image, CPU and memory limits, network configuration, and other parameters. This page lists the available Amazon ECS API actions and provides instructions on how to pass data to an Amazon ECS task using Step Functions.

To learn about integrating with AWS servicesin Step Functions, see Integrating services and Passing parameters to a service API in Step Functions.

Below is a JSON-based state machine that runs a Fargate task on AWS.

{
  "Version": "1.0",
  "Comment": "Run AWS Fargate task",
  "StartAt": "Run Fargate Task",
  "States": {
    "Run Fargate Task": {
      "Type": "Task",
      "Resource": "arn:aws:states:::ecs:runTask.sync",
      "Parameters": {
        "LaunchType": "FARGATE",
        "PlatformVersion": "LATEST",
        "Cluster": "<CLUSTER>",
        "TaskDefinition": "arn:aws:ecs:ap-northeast-1:xxx:task-definition/<TASK-DEFINITION-NAME>:4",
        "PropagateTags": "TASK_DEFINITION",
        "Group.$": "$$.Execution.Name",
        "NetworkConfiguration": {
          "AwsvpcConfiguration": {
            "Subnets": [
              "subnet-aaa",
              "subnet-bbb"
            ],
            "AssignPublicIp": "ENABLED",
            "SecurityGroups": [
              "sg-ccc"
            ]
          }
        }
      },
      "End": true
    }
  }
}

Below is a JSON-based state machine role's permissions policies

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": "iam:PassRole",
            "Resource": [
                "arn:aws:iam::<ACCOUNT_ID>:role/<TASK-DEFINITION-NAME>-ExecutionRole-Bp2nSD4zKk81",
                "arn:aws:iam::<ACCOUNT_ID>:role/<TASK-DEFINITION-NAME>-TaskRole-wgyBgQoqf3Ll"
            ],
            "Effect": "Allow"
        },
        {
            "Condition": {
                "ArnEquals": {
                    "ecs:cluster": "arn:aws:ecs:ap-northeast-1:<ACCOUNT_ID>:cluster/<CLUSTER>"
                }
            },
            "Action": "ecs:RunTask",
            "Resource": "arn:aws:ecs:ap-northeast-1:<ACCOUNT_ID>:task-definition/<TASK-DEFINITION-NAME>:4",
            "Effect": "Allow"
        },
        {
            "Condition": {
                "ArnEquals": {
                    "ecs:cluster": "arn:aws:ecs:ap-northeast-1:<ACCOUNT_ID>:cluster/<CLUSTER>"
                }
            },
            "Action": [
                "ecs:StopTask",
                "ecs:DescribeTasks"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "logs:CreateLogDelivery",
                "logs:GetLogDelivery",
                "logs:UpdateLogDelivery",
                "logs:DeleteLogDelivery",
                "logs:ListLogDeliveries",
                "logs:PutResourcePolicy",
                "logs:DescribeResourcePolicies",
                "logs:DescribeLogGroups"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "events:PutTargets",
                "events:PutRule",
                "events:DescribeRule"
            ],
            "Resource": "arn:aws:events:ap-northeast-1:<ACCOUNT_ID>:rule/StepFunctionsGetEventsForECSTaskRule",
            "Effect": "Allow"
        }
    ]
}

References

https://docs.aws.amazon.com/step-functions/latest/dg/connect-ecs.html

https://docs.aws.amazon.com/step-functions/latest/dg/integrate-optimized.html