awslabs / fargatecli Goto Github PK

View Code? Open in Web Editor NEW

894.0 63.0 116.0 5.87 MB

CLI for AWS Fargate

License: Apache License 2.0

Makefile 0.44% Go 99.48% Dockerfile 0.08%

aws fargate docker ecs

fargatecli's Introduction

Fargate CLI

NOTICE

❗ ❗ ❗ Please note that this project is no longer actively maintained. A better option for new Fargate deployments on AWS is the AWS Copilot CLI, which is both more featureful, and actively maintained by AWS. ❗ ❗ ❗

Screencast

Usage

Configuration

Region

By default, fargate uses us-east-1. The CLI accepts a --region parameter and will honor AWS_REGION and AWS_DEFAULT_REGION environment settings. Note that specifying a region where all required services aren't available will return an error.

See the Region Table for a breakdown of what services are available in which regions.

Credentials

fargate is built using the AWS SDK for Go which looks for credentials in the following locations:

For more information see Specifying Credentials in the AWS SDK for Go documentation.

Global Flags

Flag	Default	Description
--cluster	fargate	ECS cluster name
--region	us-east-1	AWS region
--no-color	false	Disable color output
--verbose	false	Verbose output

Tasks

Tasks are one-time executions of your container. Instances of your task are run until you manually stop them either through AWS APIs, the AWS Management Console, or fargate task stop, or until they are interrupted for any reason.

list
run
info
ps
logs
stop

fargate task list

fargate task list

List running task groups

fargate task run

fargate task run <task-group-name> [--num <count>] [--cpu <cpu-units>] [--memory <MiB>]
                                   [--image <docker-image>] [--env <key=value>]
                                   [--task-role <task-role>] [--subnet-id <subnet-id>]
                                   [--security-group-id <security-group-id>]

Run new tasks

You must specify a task group name in order to interact with the task(s) in subsequent commands to view logs, stop and inspect tasks. Task group names do not have to be unique -- multiple configurations of task instances can be started with the same task group.

Multiple instances of a task can be run by specifying a number in the --num flag. If no number is specified, a single task instance will be run.

CPU and memory settings can be optionally specified as CPU units and mebibytes respectively using the --cpu and --memory flags. Every 1024 CPU units is equivilent to a single vCPU. AWS Fargate only supports certain combinations of CPU and memory configurations:

CPU (CPU Units)	Memory (MiB)
256	512, 1024, or 2048
512	1024 through 4096 in 1GiB increments
1024	2048 through 8192 in 1GiB increments
2048	4096 through 16384 in 1GiB increments
4096	8192 through 30720 in 1GiB increments

If not specified, fargate will launch minimally sized tasks at 0.25 vCPU (256 CPU units) and 0.5GB (512 MiB) of memory.

The Docker container image to use in the task can be optionally specified via the --image flag. If not specified, fargate will build a new Docker container image from the current working directory and push it to Amazon ECR in a repository named for the task group. If the current working directory is a git repository, the container image will be tagged with the short ref of the HEAD commit. If not, a timestamp in the format of YYYYMMDDHHMMSS will be used.

Environment variables can be specified via the --env flag. Specify --env with a key=value parameter multiple times to add multiple variables.

Security groups can optionally be specified for the task by passing the --security-group-id flag with a security group ID. To add multiple security groups, pass --security-group-id with a security group ID multiple times. If --security-group-id is omitted, a permissive security group will be applied to the task.

By default, the task will be created in the default VPC and attached to the default VPC subnets for each availability zone. You can override this by specifying explicit subnets by passing the --subnet-id flag with a subnet ID.

A task role can be optionally specified via the --task-role flag by providing eith a full IAM role ARN or the name of an IAM role. The tasks will be able to assume this role.

fargate task info

fargate task info <task-group-name> [--task <task-id>]

Inspect tasks

Shows extended information for each running task within a task group or for specific tasks specified with the --task flag. Information includes environment variables which could differ between tasks in a task group. To inspect multiple specific tasks within a task group specific --task with a task ID multiple times.

fargate task ps

fargate task ps <task-group-name>

List running tasks

fargate task logs

fargate task logs <task-group-name> [--follow] [--start <time-expression>] [--end <time-expression>]
                                    [--filter <filter-expression>] [--task <task-id>]

Show logs from tasks

Return either a specific segment of task logs or tail logs in real-time using the --follow option. Logs are prefixed by their log stream name which is in the format of "fargate/<task-group-name>/<task-id>."

Follow will continue to run and return logs until interrupted by Control-C. If --follow is passed --end cannot be specified.

Logs can be returned for specific tasks within a task group by passing a task ID via the --task flag. Pass --task with a task ID multiple times in order to retrieve logs from multiple specific tasks.

A specific window of logs can be requested by passing --start and --end options with a time expression. The time expression can be either a duration or a timestamp:

Duration (e.g. -1h [one hour ago], -1h10m30s [one hour, ten minutes, and thirty seconds ago], 2h [two hours from now])
Timestamp with optional timezone in the format of YYYY-MM-DD HH:MM:SS [TZ]; timezone will default to UTC if omitted (e.g. 2017-12-22 15:10:03 EST)

You can filter logs for specific term by passing a filter expression via the --filter flag. Pass a single term to search for that term, pass multiple terms to search for log messages that include all terms. See the CloudWatch Logs documentation for more details.

fargate task stop

fargate task stop <task-group-name> [--task <task-id>]

Stop tasks

Stops all tasks within a task group if run with only a task group name or stops individual tasks if one or more tasks are passed via the --task flag. Specify --task with a task ID parameter multiple times to stop multiple specific tasks.

Services

Services manage long-lived instances of your containers that are run on AWS Fargate. If your container exits for any reason, the service scheduler will restart your containers and ensure your service has the desired number of tasks running. Services can be used in concert with a load balancer to distribute traffic amongst the tasks in your service.

list
create
deploy
info
logs
ps
scale
env set
env unset
env list
update
restart
destroy

fargate service list

fargate service list

List services

fargate service create

fargate service create <service name> [--cpu <cpu units>] [--memory <MiB>] [--port <port-expression>]
                                      [--lb <load-balancer-name>] [--rule <rule-expression>]
                                      [--image <docker-image>] [--env <key=value>] [--num <count>]
                                      [--task-role <task-role>] [--subnet-id <subnet-id>]
                                      [--security-group-id <security-group-id>]

Create a new service

CPU (CPU Units)	Memory (MiB)
256	512, 1024, or 2048
512	1024 through 4096 in 1GiB increments
1024	2048 through 8192 in 1GiB increments
2048	4096 through 16384 in 1GiB increments
4096	8192 through 30720 in 1GiB increments

If not specified, fargate will launch minimally sized tasks at 0.25 vCPU (256 CPU units) and 0.5GB (512 MiB) of memory.

The Docker container image to use in the service can be optionally specified via the --image flag. If not specified, fargate will build a new Docker container image from the current working directory and push it to Amazon ECR in a repository named for the task group. If the current working directory is a git repository, the container image will be tagged with the short ref of the HEAD commit. If not, a timestamp in the format of YYYYMMDDHHMMSS will be used.

To use the service with a load balancer, a port must be specified when the service is created. Specify a port by passing the --port flag and a port expression of protocol:port-number. For example, if the service listens on port 80 and uses HTTP, specify HTTP:80. Valid protocols are HTTP, HTTPS, and TCP. You can only specify a single port.

Services can optionally be configured to use a load balancer. To put a load balancer in front a service, pass the --lb flag with the name of a load balancer. If you specify a load balancer, you must also specify a port via the --port flag to which the load balancer should forward requests. Optionally, Application Load Balancers can be configured to route HTTP/HTTPS traffic to the service based upon a rule. Rules are configured by passing one or more rules by specifying the --rule flag along with a rule expression. Rule expressions are in the format of TYPE=VALUE. Type can either be PATH or HOST. PATH matches the PATH of the request and HOST matches the requested hostname in the HTTP request. Both PATH and HOST types can include up to three wildcard characters: * to match multiple characters and ? to match a single character. If rules are omitted, the service will be the load balancer's default action.

Environment variables can be specified via the --env flag. Specify --env with a key=value parameter multiple times to add multiple variables.

Specify the desired count of tasks the service should maintain by passing the --num flag with a number. If you omit this flag, fargate will configure a service with a desired number of tasks of 1.

Security groups can optionally be specified for the service by passing the --security-group-id flag with a security group ID. To add multiple security groups, pass --security-group-id with a security group ID multiple times. If --security-group-id is omitted, a permissive security group will be applied to the service.

By default, the service will be created in the default VPC and attached to the default VPC subnets for each availability zone. You can override this by specifying explicit subnets by passing the --subnet-id flag with a subnet ID.

A task role can be optionally specified via the --task-role flag by providing eith a full IAM role ARN or the name of an IAM role. The tasks run by the service will be able to assume this role.

fargate service deploy

fargate service deploy <service-name> [--image <docker-image>]

Deploy new image to service

fargate service info

fargate service info <service-name>

Inspect service

Show extended information for a service including load balancer configuration, active deployments, and environment variables.

Deployments show active versions of your service that are running. Multiple deployments are shown if a service is transitioning due to a deployment or update to configuration such a CPU, memory, or environment variables.

fargate service logs

fargate service logs <service-name> [--follow] [--start <time-expression>] [--end <time-expression>]
                                    [--filter <filter-expression>] [--task <task-id>]

Show logs from tasks in a service

Return either a specific segment of service logs or tail logs in real-time using the --follow option. Logs are prefixed by their log stream name which is in the format of "fargate/<service-name>/<task-id>."

Follow will continue to run and return logs until interrupted by Control-C. If --follow is passed --end cannot be specified.

Logs can be returned for specific tasks within a service by passing a task ID via the --task flag. Pass --task with a task ID multiple times in order to retrieve logs from multiple specific tasks.

A specific window of logs can be requested by passing --start and --end options with a time expression. The time expression can be either a duration or a timestamp:

Duration (e.g. -1h [one hour ago], -1h10m30s [one hour, ten minutes, and thirty seconds ago], 2h [two hours from now])
Timestamp with optional timezone in the format of YYYY-MM-DD HH:MM:SS [TZ]; timezone will default to UTC if omitted (e.g. 2017-12-22 15:10:03 EST)

fargate service ps

fargate service ps <service-name>

List running tasks for a service

fargate service scale

fargate service scale <service-name> <scale-expression>

Scale number of tasks in a service

Changes the number of desired tasks to be run in a service by the given scale expression. A scale expression can either be an absolute number or a delta specified with a sign such as +5 or -2.

fargate service env set

fargate service env set <service-name> --env <key=value>

Set environment variables

At least one environment variable must be specified via the --env flag. Specify --env with a key=value parameter multiple times to add multiple variables.

fargate service env unset

fargate service env unset <service-name> --key <key-name>

Unset environment variables

Unsets the environment variable specified via the --key flag. Specify --key with a key name multiple times to unset multiple variables.

fargate service env list

fargate service env list <service-name>

Show environment variables

fargate service update

fargate service update <service-name> [--cpu <cpu-units>] [--memory <MiB>]

Update service configuration

CPU and memory settings are specified as CPU units and mebibytes respectively using the --cpu and --memory flags. Every 1024 CPU units is equivilent to a single vCPU. AWS Fargate only supports certain combinations of CPU and memory configurations:

CPU (CPU Units)	Memory (MiB)
256	512, 1024, or 2048
512	1024 through 4096 in 1GiB increments
1024	2048 through 8192 in 1GiB increments
2048	4096 through 16384 in 1GiB increments
4096	8192 through 30720 in 1GiB increments

At least one of --cpu or --memory must be specified.

fargate service restart

fargate service restart <service-name>

Restart service

Creates a new set of tasks for the service and stops the previous tasks. This is useful if your service needs to reload data cached from an external source, for example.

fargate service destroy

fargate service destroy <service-name>

Destroy service

In order to destroy a service, it must first be scaled to 0 running tasks.

Load Balancers

Load balancers distribute incoming traffic between the tasks within a service for HTTP/HTTPS and TCP applications. HTTP/HTTPS load balancers can route to multiple services based upon rules you specify when you create a new service.

list
create
destroy
alias
info

fargate lb list

fargate lb list

List load balancers

fargate lb create

fargate lb create <load-balancer-name> --port <port-expression> [--certificate <certificate-name>]
                                       [--subnet-id <subnet-id>] [--security-group-id <security-group-id>]
                                       [--scheme <lb-scheme>]

Create a load balancer

At least one port must be specified for the load balancer listener via the --port flag and a port expression of protocol:port-number. For example, if you wanted an HTTP load balancer to listen on port 80, you would specify HTTP:80. Valid protocols are HTTP, HTTPS, and TCP. You can specify multiple listeners by passing the --port flag with a port expression multiple times. You cannot mix TCP ports with HTTP/HTTPS ports on a single load balancer.

You can optionally include certificates to secure HTTPS ports by passed the --certificate flag along with a certificate name. This option can be specified multiple times to add additional certificates to a single load balancer which uses Service Name Identification (SNI) to select the appropriate certificate for the request.

By default, the load balancer will be created in the default VPC and attached to the default VPC subnets for each availability zone. You can override this by specifying explicit subnets by passing the --subnet-id flag with a subnet ID. HTTP/HTTPS load balancers require at least two subnets attached while a TCP load balancer requires only one. You may only specify a single subnet from each availability zone.

Security groups can optionally be specified for HTTP/HTTPS load balancers by passing the --security-group-id flag with a security group ID. To add multiple security groups, pass --security-group-id with a security group ID multiple times. If --security-group-id is omitted, a permissive security group will be applied to the load balancer.

You can also choose the scheme type for load balancer via the --scheme flag. By default, load balancers are internet-facing.

fargate lb destroy

fargate lb destroy <load-balancer-name>

Destroy load balancer

fargate lb alias

fargate lb alias <load-balancer-name> <hostname>

Create a load balancer alias record

Create an alias record to the load balancer for domains that are hosted within Amazon Route 53 and within the same AWS account. If you're using another DNS provider or host your domains in a different account, you will need to manually create this record.

fargate lb info

fargate lb info <load-balancer-name>

Inspect load balancer

Returns extended information about a load balancer including a list of listeners, rules, and certificates in use by the load balancer.

Certificates

Certificates are TLS certificates issued by or imported into AWS Certificate Manager for use in securing traffic between load balancers and end users. ACM provides TLS certificates free of charge for use within AWS resources.

list
import
request
info
validate
destroy

fargate certificate list

fargate certificate list

List certificates

fargate certificate import

fargate certificate import <domain-name> --certificate <filename> --key <filename> [--chain <filename>]

Import a certificate

Upload a certificate from a certificate file, a private key file, and optionally an intermediate certificate chain file. The files must be PEM-encoded and the private key must not be encrypted or protected by a passphrase. See the AWS Certificate Manager documentation for more details.

fargate certificate request

fargate certificate request <domain-name> [--alias <domain-name>]

Request a certificate

Certificates can be for a fully qualified domain name (e.g. www.example.com) or a wildcard domain name (e.g. *.example.com). You can add aliases to a certificate by specifying additional domain names via the --alias flag. To add multiple aliases, pass --alias multiple times. By default, AWS Certificate Manager has a limit of 10 domain names per certificate, but this limit can be raised by AWS support.

fargate certificate info

fargate certificate info <domain-name>

Inspect certificate

Show extended information for a certificate. Includes each validation for the certificate which shows DNS records which must be created to validate domain ownership.

fargate certificate validate

fargate certificate validate <domain-name>

Validate certificate ownership

fargate will automatically create DNS validation record to verify ownership for any domain names that are hosted within Amazon Route 53. If your certificate has aliases, a validation record will be attempted per alias. Any records whose domains are hosted in other DNS hosting providers or in other DNS accounts and cannot be automatically validated will have the necessary records output. These records are also available in fargate certificate info \<domain-name>.

AWS Certificate Manager may take up to several hours after the DNS records are created to complete validation and issue the certificate.

fargate certificate destroy

fargate certificate destroy <domain-name>

Destroy certificate

In order to destroy a certificate, it must not be in use by any load balancers or any other AWS resources.

fargatecli's People

Contributors

Stargazers

Watchers

Forkers

mgrennan varunsamineni brentley rnzsgh hawkeye02 dshamanthreddy nathanpeck jdupl123 onophris claytonsilva arihant15 ragraw26 tarekcheikh johnmariquit samhays tisba turnerlabs ramirantala dhanesh strumwolf oba11 almamedia mrname amith1893 pahud miseyu saurabh-agarwals maziadi mgajda yamaszone mparaz illyabusigin paddlehq gleclaire leaanthony cloudposse-archives zsims sam-skelton kivol pinpt blutack hookercookerman herezad tk3369 tirasmuturi 10kft bnusunny kolanos astuk hwchiu mhausenblas subfuzion nodesocket scottstensland yjst2012 servernoj etsangsplk chankh joyoyoyoyoyo edwardjrp cc4i gitmor bgindikagamage vickatte shakedaskayo aaron-freeman strong-roots-capital scavedale slaskis jpdamen vicendominguez pareshpateldfw senglin n0n0x jalawala sampathkolachana opencollector funikov vebr transmitlive stjordanis z00dev lgh521 drobit syllogy stefanorg ywsfay ekmixon nicola5588 ambientai johnawsca ii0 trivedisorabh iq-scm testwill

fargatecli's Issues

Panic when CreateCluster fails

I ran fargate task list.

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x166dafa]

goroutine 1 [running]:
github.com/jpignata/fargate/ecs.(*ECS).CreateCluster(0xc0000bd220, 0x1a7f1f0, 0x37, 0x0, 0x0)
        /Users/john/go/src/github.com/jpignata/fargate/ecs/cluster.go:15 +0xaa
github.com/jpignata/fargate/cmd.glob..func12(0x22fa6e0, 0x231e190, 0x0, 0x0)
        /Users/john/go/src/github.com/jpignata/fargate/cmd/root.go:153 +0x3ff
github.com/spf13/cobra.(*Command).execute(0x22fa6e0, 0x231e190, 0x0, 0x0, 0x22fa6e0, 0x231e190)
        /Users/john/go/src/github.com/spf13/cobra/command.go:746 +0x242
github.com/spf13/cobra.(*Command).ExecuteC(0x22f7c20, 0xc00013ff88, 0x10071f0, 0xc000090058)
        /Users/john/go/src/github.com/spf13/cobra/command.go:852 +0x2fd
github.com/spf13/cobra.(*Command).Execute(0x22f7c20, 0x0, 0x0)
        /Users/john/go/src/github.com/spf13/cobra/command.go:800 +0x2b
github.com/jpignata/fargate/cmd.Execute()
        /Users/john/go/src/github.com/jpignata/fargate/cmd/root.go:166 +0x56
main.main()
        /Users/john/git/bitfield/fargate/main.go:8 +0x20

JSON output

Awesome tool! JSON output would be really useful for scripting.

Parameterized or Environment Variable Fargate Task Launches?

Yet another question :)

I have an ECR container that handles document processing, and the goal is to have an S3 upload of a document trigger a Lambda function, which in turn launches a parameterized Fargate task using the name of the document uploaded to S3.

I have an Amazon Linux development AMI setup where I could compile and include the fargate CLI within the Lambda bundle. So the million dollar question is, could your fargate CLI be used to launch a parameterized Fargate task using the name of the file uploaded to S3, perhaps using environment variables such as those in the advanced configuration options for Fargate task definitions?

Question about Continuous Integration / Automated Builds

I apologize in advance if this is not the right forum for questions, I didn't see any reference to a mailing list on your github.

I have a Continuous Integration pipeline in place for automating the build process for our Golang-based Docker images. Basically whenever there is any type of a code commit to the web application framework, new Go binaries are built followed by an updated Dockerfile and with all of those changes pushed to the Amazon private ECR where our Fargate tasks are cancelled and then relaunched with the latest Docker ECR image.

Does your fargate CLI have any support yet for detecting when a Fargate task image has been updated, so that those running tasks can be cancelled and then re-launched (preferably one at a time within a load balancer so as not to disrupt the application)?

Or should I just integrate the fargate CLI into the task reload process once the updated Docker image has been pushed to ECR?

Thanks in advance!

Lb complains if security group not specified, but says SGs are only for http LBs if I specify one

I'm trying to create a LB for my ECS Service, but I'm stuck here:

fargate lb create name --port 8000 --subnet-id subnet-a218a38d
[!] Could not find EC2 security group

fargate lb create name --port 8000 --security-group-id sg-d1d0cca5 --subnet-id subnet-a218a38d
[!] Security groups can only be specified for HTTP/HTTPS load balancers

I've read somewhere that LBs require two subnets, but providing them in those commands doesn't help either.

Am I missing something? Is there a workaround?
Thanks!

docker stats for container in task?

I have a task which is made up of 2 containers.
From the task I can see the container id for each container.
Is it possible to get docker stats for a container within a task?
CloudWatch only shows me CPU utilization at the service level.

Document IAM permissions required per command

Hi, Can you post your IAM roles required for running a task by a user. I seem to have caught an error. Heres the error


[!] Couldn't register ECS task definition
AccessDeniedException: User: arn:aws:iam::*******:user/<username> is not author                                                                                                                     ized to perform: iam:PassRole on resource: arn:aws:iam::*********:role/ecsTas                                                                                                                     kExecutionRole
        status code: 400, request id: f31c6334-03e8-11e8-aaf9-1f6bfe37bc80

I am sure there will be more errors after i give the required IAMroles. Since, I'm not admin. I would like to know all the required IAM roles for running a docker on fargate.

BTW, great project! loved it

CLI should support roles and MFA

See this post for implementation details.

Certificate Validation Uses Wrong Zone

what

fargate certificate validate picks wrong zone

why

Presumably it picks the first zone matching the substring, rather than picking the longest matching zone based on substring

Can't add environment variable that contains a comma

If we enter:

fargate service env set myapp --env MY_VAR=has,comma

The result is:

[!] Invalid environment variable
comma must be in the form of KEY=value

This is an issue because I'm trying to supply a mongodb string, ie:

MONGO_URL=mongodb://user:pass@host1,host2/db?auth=123&key=456

Can the value portion be escaped somehow?

Communication between services, what hostname?

Thanks for making this great tool. I have a question I'm hoping will have a simple answer. I'm experimenting with this tool trying to set up a number of HTTP REST APIs. I am able to make requests from a client through the load balancer just fine, using the DNS name from the load balancer, but I'm not sure how I can make requests between services.

I have services (servicea, serviceb) and their containers are exposing ports 8001 and 8002. I would like servicea to be able to make HTTP requests to serviceb without having to go through the load balancer. I've tried using e.g. http://localhost:8002 and http://serviceb:8002 and neither one of those work (ENOTFOUND) is there any way to set it up so that the services can reach each other over HTTP using information that is available at the time the containers are built?

Thanks for your time!

Service update returning error

From @nathanpeck:

I notice that whenever I try to vertically scale a service using the CLI I get a response like this:

fargate service update locations --cpu 1024 --memory 2048
[!] Could not describe ECS task definition
InvalidParameterException: Task Definition can not be blank.
	status code: 400, request id: 7884accc-f729-11e7-ba7a-c7393d0e382f

FarGate to EC2

FarGate is currently expensive compared to EC2, so we can expect that, after getting something configured correctly using FarGate, a user might want to migrate it to EC2.

Are you aware of any scripts for doing this auto-magically, and if not, might this be within the scope of this project? thanks :-)

Load Balancer Problem with Pre-Existing Target Group

Ok based on your previous response I was able to successfully create a load balancer on port 8080 and then create a service with an alias that mapped http://example.com:8080 -> lb -> two Fargate tasks. Awesome!

So then I destroyed the load balancer and the service, and then went back to create the load balancer again but this time specifying port 443, and got this error message:

$ fargate lb create testapp --certificate example.com --port 443 --verbose
[d] Creating ECS cluster
[d] Created ECS cluster fargate
[d] Creating ELB load balancer
[d] Creating ELB target group
[!] Could not create ELB target group
DuplicateTargetGroupName: A target group with the same name 'testapp-default' exists, but with different settings
        status code: 400, request id: 1234-2345-345678

My current architecture is just a Docker image on the backend listening on port 8080 (no SSL currently). I am trying to create a load balancer that will accept connections on 443 with our Amazon Route 53 SSL certs, and then forward those requests to the Fargate Docker tasks that have exposed port 8080.

Is this a possible scenario or have anything to do with this error message above? Do the external application load balancer ports have to map to the Fargate task ports with a 1:1 mapping, e.g. lb:443 -> task:443?

zsh completion

Got some basic zsh completion working using babysnakes PR (spf13/cobra#646)

https://github.com/rsteube/fargate-completion

Add certificate create command

Encapsulate the "happy path" of request and validate in one command

How to specify AssignPublicIpEnabled ?

Digging around the code, I could not find a way to override this setting when creating services.

Is it possible to deploy services without a public IP?

Enable auto-scaling based on CloudWatch Events

It would be great to enable service auto-scaling based upon CloudWatch events. For example, CPU or memory usage reaching a certain threshold.

Allow roles to be specified for tasks and services

Enable X-Ray integration

Until sidecar containers are supported, or even after they're supported, it would be useful to enable X-Ray integration using a flag. This could be something during service create command.

Download links on http://somanymachines.com/fargate/ is wrong

Link points to -> https://github.com/jpignata/fargate/releases/download/v0.1.1/fargate-0.1.1-darwin-amd64.zip

Should point to -> https://github.com/jpignata/fargate/releases/download/v0.1.1/fargate--darwin-amd64.zip

Automatically create cluster if ClusterNotFoundException

Hello,

Thank you for the CLI. It seems super awesome so far.

Question.. Do I have to have the cluster already defined/created if I do not want to use the default Fargate cluster?

I am currently receiving ClusterNotFoundException if I do
fargate --cluster new_cluster task run long_running

Thanks
G

Should have a more distinctive name

This CLI looks pretty cool! However, if I was to think of or do a google search for Fargate, I'd probably end up at the AWS product (to which this speaks) rather than this very useful CLI. Would you consider renaming the project to something more distinctive or at least descriptive (fargatecli?) to reduce confusion with the "actual" Fargate?

Default task running doesn't work without additional configuration

Basic task run:
InvalidParameterException: subnets can not be empty.
Basic task run with subnets:
InvalidParameterException: security group cannot be blank

Allow scheduling of tasks

It would be nice if we could schedule a task via this cli?

[!] Could not find a default VPC

So we don't have a "default" VPC. (deleted it)
Need the ability to input the "awsvpc networking" as a command line option.

Add health check configuration to service create

anyway to add custom health checks configurations to loadbalancer create cmd?

We are using graphql so everything is under /graphql vs /

Ability to scale a service's desired tasks after creation

Please allow the cli to update the service to increase the desired task number after the service has been created.
Right now, we can only set the desired task numbers upon creation for services.

Can't destroy service with orphaned target group

If you destroy an lb before destroying a service that is configured within that lb, it'll orphan the service's target group which causes the CLI to throw an exception when you attempt to destroy the service.

Deploy a docker-compose.yml file?

Hey @jpignata, excellent work on this project! Thank you.

Question: what would you think about adding the ability to deploy application images and environment variables from a docker-compose.yml file? This would make it a bit more declarative and easier to use. You could also docker-compose up to run locally and then fargate deploy -f docker-compose.yml to be confident that you deployed the same config that you tested locally. Would you accept a PR for this?

version: "2"
services:
  my-app:
    build: .
    image: 618440173281.dkr.ecr.us-east-1.amazonaws.com/my-app:1.0
    ports:
    - 80:3000
    environment:
      FOO: bar
      BAR: baz

fargate --cluster fargate-poc service deploy -f docker-compose.yml

Request: Provide Homebrew Package

It would be super awesome if you could provide an "official" homebrew tap for fargate.

This way it would be very nice and simple to install fargate on macOS without having to have know anything about how to compile go or downloading things from GitHub releases.

You can do that e.g. by using https://github.com/goreleaser/goreleaser. Many options are available and I'd be happy to help if that's something you'd consider, @jpignata.

Expose multiple ports?

Is it possible to create/deploy a service with multiple ports exposed?
I think it would have to add additional targets with the addition ports to the target group that is created.

InvalidParameterException: Unable to assume the service linked role.

On the first run got this problem:

[!] Could not run ECS task
InvalidParameterException: Unable to assume the service linked role. Please verify that the ECS service linked role exists.
status code: 400, request id: 83d5f2a7-12bf-11e8-8f9d-3fc6a73cfa3d

Fixed using the guide bellow:
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service_IAM_role.html

ps: Nice project. Congratz! 🎉

Allow a command to be specified in one-shot task

See https://twitter.com/brandonmblack/status/948664769971662849 for use case.

Errors between different load balancer configurations

Testing out this CLI interface for Fargate, and from following along with the video there are a couple of errors I don't understand.

For starters, I am specifying the exact command line from the video but get this error:

$ fargate service create app --port HTTP:8080 --lb test-app --num 2
[!] Invalid load balancer and protocol
network load balancer web-app only supports TCP

This is a Docker instance launched from the private ECR registry:

$ fargate task run --image 123456.dkr.ecr.us-east-1.amazonaws.com/test-app/test-app --subnet-id subnet-123456a --subnet-id subnet-123456b -v

I am also getting different errors based upon the ports I am specifying, for example:

$  fargate lb create test-app --port 8080 --certificate example.com
[i] Created load balancer test-app
$ fargate lb destroy test-app
[i] Destroyed load balancer test-app
$  fargate lb create test-app --port 443 --certificate example.com
[!] Could not create ELB load balancer
ValidationError: At least two subnets in two different Availability Zones must be specified
        status code: 400, request id: 1234-567-8912345

The test-app was launched with two subnets attached to different availability zones...?

Also, how does one go about launching two separate tasks within separate availability zones? I would assume that would be a requirement for the application load balancer? My goal is being able to use an alias so that https://example.com -> application load balancer -> Fargate tasks running web application

Thanks in advance, your project will be a big help if I can get it working properly!

does not accept AWS_PROFILE variable

I got that error when using AWS_PROFILE variable:
[!] Could not find your AWS credentials

aws cli working as expected.

Fargate Task Definition Increment Issue

Ok here's another question. Each time I run a task:

$ fargate task run testapp --verbose --image 1234567890.dkr.ecr.us-east-1.amazonaws.com/testapp

...the task definition for testapp is incrementing with each run (e.g. testapp:1, testapp:2 etc).

Is this standard behavior to create a new task definition with each call? Is there any way to just use testapp:1 for each invocation of fargate task run?

Cut New Release

what

Last release was cut in january

why

One month ago, cli was updated to support new regions; current release does not support us-west-2
Most users will use the binary release rather than build their own from source

references

#62 (comment)

git detection doesn't seem to work for me

I have a service running, created with this command:
fargate service create web -v --lb fargate --port 3000

$ fargate service list
NAME	IMAGE								CPU	MEMORY	LOAD BALANCER	DESIRED	RUNNING	PENDING
web	651426287273.dkr.ecr.us-east-1.amazonaws.com/web:20180102224503	256	512	fargate		1	1	0

Notice the image tag is date based, rather than being git-sha based.

yet I'm in a git repo:

$ git status
On branch master
Your branch is up to date with 'origin/master'.

nothing to commit, working tree clean

Support Synchronous Operations (--wait)

what

It would be great if all commands supported a --wait flag

why

Allow the operator to chain commands together (E.g. via a Makefile)

example

fargate certificate request $(DOMAIN) --alias $(HOSTNAME) --wait
fargate certificate validate $(DOMAIN) --wait
fargate lb create atlantis \
		--cluster $(CLUSTER) \
		--certificate $(DOMAIN) \
		--port HTTPS:443 \
                 --wait
fargate lb alias atlantis $(HOSTNAME) --wait
fargate service create atlantis \
		--cluster $(CLUSTER) \
		--lb atlantis \
		--num 1 \
		--cpu 256 \
		--memory 2048 \
		--port "HTTP:80" \
		--rule "PATH=/*" \
		--env "TEST=123" \
		--image nginx:latest \
                 --wait

Addition of volumes

I was looking forward to share data volumes between the fargate cluster. So far I've been able to find this, but have you tried to employ the same on your fargate-cli.

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_data_volumes.html

Improve error message for missing service name on `env list`

When running fargate service env list -- i.e. missing the name of the service that I wanted to list the env variables for -- I got the following error:

$ fargate service env list
panic: runtime error: index out of range

goroutine 1 [running]:
github.com/jpignata/fargate/cmd.glob..func16(0x1f424c0, 0x1f68320, 0x0, 0x0)
	/Users/jp/workspace/go/src/github.com/jpignata/fargate/cmd/service_env_list.go:18 +0x6c
github.com/spf13/cobra.(*Command).execute(0x1f424c0, 0x1f68320, 0x0, 0x0, 0x1f424c0, 0x1f68320)
	/Users/jp/workspace/go/src/github.com/spf13/cobra/command.go:750 +0x2c1
github.com/spf13/cobra.(*Command).ExecuteC(0x1f41740, 0xc42001e0b8, 0x0, 0xc420014f70)
	/Users/jp/workspace/go/src/github.com/spf13/cobra/command.go:831 +0x30e
github.com/spf13/cobra.(*Command).Execute(0x1f41740, 0x0, 0x0)
	/Users/jp/workspace/go/src/github.com/spf13/cobra/command.go:784 +0x2b
github.com/jpignata/fargate/cmd.Execute()
	/Users/jp/workspace/go/src/github.com/jpignata/fargate/cmd/root.go:149 +0x5e
main.main()
	/Users/jp/workspace/go/src/github.com/jpignata/fargate/main.go:8 +0x20

In comparison, running fargate service info (again missing service name), gives this much more helpful error message:

Error: accepts 1 arg(s), received 0
Usage:
  fargate service info <service-name> [flags]

Flags:
  -h, --help   help for info

Global Flags:
      --cluster string   ECS cluster name (default "fargate")
      --no-color         Disable color output
      --region string    AWS region (default "us-east-1")
  -v, --verbose          Verbose output

Would be good if the first was the same as the second.

Ability to choose scheme type for the elb

We need the elb to be internal vs internet-facing. Could there be a way to specify the scheme in this cmd fargate lb create $ELB_NAME --scheme 'internal' ?

Enable new regions (3 more).

According to https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/ there are 4 regions where fargate is supported now:
Northern Virginia | Ohio | Oregon | Ireland
I made changes locally and everything works for me. I can share my changes - diff is attached.
diff --git a/README.md b/README.md
index 3ba3401..ab67bb1 100644
--- a/README.md
+++ b/README.md
@@ -13,8 +13,8 @@

Region

-By default, fargate uses us-east-1. Also available us-west-2, us-east-2, eu-west-1.
-The CLI accepts a --region parameter for future use and
+By default, fargate uses us-east-1 as this is the single region where AWS
+Fargate is available. The CLI accepts a --region parameter for future use and
will honor AWS_REGION and AWS_DEFAULT_REGION environment settings. Note that
specifying a region where all required services aren't available will return an
error.
diff --git a/cmd/root.go b/cmd/root.go
index bca26b2..994ed22 100644
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -45,7 +45,7 @@ CPU (CPU Units) Memory (MiB)
4096 8192 through 30720 in 1GiB increments
`)

-var validRegions = []string{"us-east-1", "us-west-2", "us-east-2", "eu-west-1"}
+var validRegions = []string{"us-east-1"}

var (
clusterName string
@@ -105,16 +105,12 @@ CloudWatch Logs, and Amazon Route 53 into an easy-to-use CLI.`,
}
}

          region_is_valid := false
          for _, validRegion := range validRegions {
                  if region == validRegion {

                          region_is_valid = true
                          break
                  }

```
          }
```
```
          if !region_is_valid {
```

                  console.IssueExit("Invalid region: '%s' [valid regions: %s]", region, strings.Join(validRegions, ", "))

                  console.IssueExit("Invalid region: %s [valid regions: %s]", region, strings.Join(validRegions, ", "))
          }

          config := &aws.Config{

Add user agent to AWS client calls

Easy installation for cli

Having issues with automatic installation on CI/CD platform.
I can download the zip file via curl but am unable to successful extract it End-of-central-directory signature not found.
So i had to download it through the UI and check in the executable in order to get it successfully installed on CI/CD platform.

Creating a service fails with previously working setup

I have been successfully using fargate for a while now, an awesome tool by the way!

However, yesterday it started throwing an error as if my credentials were not set up right:

[!] Could not create Cloudwatch Logs log group
SubscriptionRequiredException: The AWS Access Key Id needs a subscription for the service
	status code: 400, request id: 7f6464c9-16fe-11e8-b99d-2d585cda5bb0

I checked that the permissions on the AWS account did not change and the environment variables are available (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) in the shell.

Since I have not changed anything in the environment where I ran the commands, I'm not sure what went wrong. Do you have any idea where else could the issue lie?

awslabs / fargatecli Goto Github PK

fargatecli's Introduction

Fargate CLI

NOTICE

Screencast

Usage

Configuration

Region

Credentials

Commands

Global Flags

Tasks

fargate task list

fargate task run

fargate task info

fargate task ps

fargate task logs

fargate task stop

Services

fargate service list

fargate service create

fargate service deploy

fargate service info

fargate service logs

fargate service ps

fargate service scale

fargate service env set

fargate service env unset

fargate service env list

fargate service update

fargate service restart

fargate service destroy

Load Balancers

fargate lb list

fargate lb create

fargate lb destroy

fargate lb alias

fargate lb info

Certificates

fargate certificate list

fargate certificate import

fargate certificate request

fargate certificate info

fargate certificate validate

fargate certificate destroy

fargatecli's People

Contributors

Stargazers

Watchers

Forkers

fargatecli's Issues

what

why

what

why

references

what

why

example

Region

Recommend Projects

Recommend Topics

Recommend Org