Updating AWS ECS task definition and scheduled tasks using aws-cli commands through deployment jobs

In this post, I will explain how to update or register a task definition in AWS ECS with new ECR image and to use the new task definition in ECS, scheduled tasks using aws-cli commands. Below setup was implemented through deployment jobs in Jenkins

Updating/Registering a task definition with new ECR image

  1. Copy the new ECR image from AWS ECR that needs to be updated in the task definition

NEW_ECR_IMAGE=${ECR_REPO_URL} //copy the image URI

2. Get the task definition which needs to be updated from the ECS and store it in a variable (format will be in JSON)

TASK_DEFINITION=$(aws ecs describe-task-definition — task-definition ${task-definition-name} — region=”ap-southeast-2")

3. Update the task definition with the new ECR image,

echo $ TASK_DEFINITION | jq ‘.containerDefinitions[0].image=’\”${ NEW_ECR_IMAGE }\” \ > task-def.json

4. Create or Register the new task definition which was updated. New revision will be found under ECS -> task definitions

aws ecs register-task-definition — family ${task-definition-name} — region=”ap-southeast-2" — cli-input-json file://task-def.json

Updating ECS Scheduled tasks with the new task definition

Use Case: Our aim is to update the above created new revision of task definition to ECS Cluster-> scheduled task

Field to be updated from the below screen shot: Task Definition

1. Get the revision of the task definition that was registered in the above section

TASK_REVISION=`aws ecs describe-task-definition — task-definition ${task-definition-name} | egrep “revision” | tr “/” “ “ | awk ‘{print $2}’ | sed ‘s/”$//’`

2. Get the event or the scheduled task in the form of JSON format

eventsrule=$(aws events list-targets-by-rule — rule “rds_tf_scheduled_task” — region “ap-southeast-2”)

3. Get the ‘TaskDefinitionArn’ from the scheduled task

taskdefinitionarn=$(aws events list-targets-by-rule — rule “rds_tf_scheduled_task” — region “ap-southeast-2” | egrep “TaskDefinitionArn” | tr “/” “ “ | awk ‘{print $2}’)

4. Get the ‘RoleArn’ from the scheduled task. Reason for getting the role is, when we try to update or put the scheduled task with new task definition version, the role may get changed with AWS generated value. This role generated will not have the required access and hence it will not run the scheduled task.

eventsRole=$(aws events list-targets-by-rule — rule “rds_tf_scheduled_task” — region “ap-southeast-2” | egrep “RoleArn” | tr “/” “ “ | awk ‘{print $2}’)

roleArn=”${eventsRole:1}/ecs-events-role”

Note: This role attached above ‘ecs-events-role’ was created through Terraform with the required policy to run the scheduled task. The below can be set manually through AWS IAM -> Roles

5. Set the new task definition arn with the new revision (use step 1 and 3)

newtaskdefinitionarn=”${taskdefinitionarn:1}/${task-definition-name}:${TASK_REVISION}”

6. Update the json (step 2) with the role and the new task definition arn and store it a new json file tempEvents.json

echo $eventsrule | jq ‘.Targets[0].EcsParameters.TaskDefinitionArn=’\”${newtaskdefinitionarn}\” | jq ‘.Targets[0].RoleArn=’\”${roleArn}\” > tempEvents.json

7. Update the scheduled task using put-targets

aws events put-targets — rule “rds_tf_scheduled_task” — cli-input-json file://tempEvents.json — region “ap-southeast-2

Troubleshooting:

1. There can be chances where you may encounter an error saying “ jq: command not found” in the build server or any box where you are executing the above aws cli commands.

>> sudo yum install jq

2. In ECS Cluster, under task section, sometimes you may not see the scheduled task configured running. Mostly it might be the access issue. To confirm, go to AWS Cloud Trail and check for the events. Click on your scheduled task event and reason for failure can be found.

Senior Software Engineer | Java | Microservices | AWS | Terraform