diff --git a/clients/client-ecs/src/commands/DeleteTaskDefinitionsCommand.ts b/clients/client-ecs/src/commands/DeleteTaskDefinitionsCommand.ts index 3668181ba6e5..8b513e635857 100644 --- a/clients/client-ecs/src/commands/DeleteTaskDefinitionsCommand.ts +++ b/clients/client-ecs/src/commands/DeleteTaskDefinitionsCommand.ts @@ -231,6 +231,7 @@ export interface DeleteTaskDefinitionsCommandOutput extends DeleteTaskDefinition * // "": "STRING_VALUE", * // }, * // }, + * // credentialSpecs: "", * // }, * // ], * // family: "STRING_VALUE", diff --git a/clients/client-ecs/src/commands/DeregisterTaskDefinitionCommand.ts b/clients/client-ecs/src/commands/DeregisterTaskDefinitionCommand.ts index 5e90622249f0..2098f33d172e 100644 --- a/clients/client-ecs/src/commands/DeregisterTaskDefinitionCommand.ts +++ b/clients/client-ecs/src/commands/DeregisterTaskDefinitionCommand.ts @@ -231,6 +231,7 @@ export interface DeregisterTaskDefinitionCommandOutput extends DeregisterTaskDef * // "": "STRING_VALUE", * // }, * // }, + * // credentialSpecs: "", * // }, * // ], * // family: "STRING_VALUE", diff --git a/clients/client-ecs/src/commands/DescribeTaskDefinitionCommand.ts b/clients/client-ecs/src/commands/DescribeTaskDefinitionCommand.ts index 5b3b1591909a..23f2a03f3498 100644 --- a/clients/client-ecs/src/commands/DescribeTaskDefinitionCommand.ts +++ b/clients/client-ecs/src/commands/DescribeTaskDefinitionCommand.ts @@ -224,6 +224,7 @@ export interface DescribeTaskDefinitionCommandOutput extends DescribeTaskDefinit * // "": "STRING_VALUE", * // }, * // }, + * // credentialSpecs: "", * // }, * // ], * // family: "STRING_VALUE", diff --git a/clients/client-ecs/src/commands/RegisterTaskDefinitionCommand.ts b/clients/client-ecs/src/commands/RegisterTaskDefinitionCommand.ts index cc07d47e476e..14bee7717ebf 100644 --- a/clients/client-ecs/src/commands/RegisterTaskDefinitionCommand.ts +++ b/clients/client-ecs/src/commands/RegisterTaskDefinitionCommand.ts @@ -228,6 +228,7 @@ export interface RegisterTaskDefinitionCommandOutput extends RegisterTaskDefinit * "": "STRING_VALUE", * }, * }, + * credentialSpecs: "", * }, * ], * volumes: [ // VolumeList @@ -478,6 +479,7 @@ export interface RegisterTaskDefinitionCommandOutput extends RegisterTaskDefinit * // "": "STRING_VALUE", * // }, * // }, + * // credentialSpecs: "", * // }, * // ], * // family: "STRING_VALUE", diff --git a/clients/client-ecs/src/models/models_0.ts b/clients/client-ecs/src/models/models_0.ts index 4beb05891736..f1e9d3bca7bf 100644 --- a/clients/client-ecs/src/models/models_0.ts +++ b/clients/client-ecs/src/models/models_0.ts @@ -3893,6 +3893,8 @@ export interface FirelensConfiguration { * *

You can view the health status of both individual containers and a task with the * DescribeTasks API operation or when viewing the task details in the console.

+ *

The health check is designed to make sure that your containers survive + * agent restarts, upgrades, or temporary unavailability.

*

The following describes the possible healthStatus values for a * container:

*
    @@ -3940,6 +3942,14 @@ export interface FirelensConfiguration { *

    The following are notes about container health check support:

    *
      *
    • + *

      When the Amazon ECS agent cannot connect to the Amazon ECS service, the + * service reports the container as UNHEALTHY.

      + *
      • + *
    • + *

      The health check statuses are the "last heard from" response from the Amazon ECS agent. There + * are no assumptions made about the status of the container health checks.

      + *
      • + *
    • *

      Container health checks require version 1.17.0 or greater of the Amazon ECS * container agent. For more information, see Updating the * Amazon ECS container agent.

      @@ -5305,6 +5315,24 @@ export interface ContainerDefinition { * in the Amazon Elastic Container Service Developer Guide.

      */ firelensConfiguration?: FirelensConfiguration; + + /** + *

      A list of ARNs in SSM or Amazon S3 to a credential spec + * (credspeccode>) file that configures a container for Active Directory + * authentication. This parameter is only used with domainless authentication.

      + *

      The format for each ARN is + * credentialspecdomainless:MyARN. Replace + * MyARN with the ARN in SSM or Amazon S3.

      + *

      The credspec must provide a ARN in Secrets Manager for a secret + * containing the username, password, and the domain to connect to. For better security, + * the instance isn't joined to the domain for domainless authentication. Other + * applications on the instance can't use the domainless credentials. You can use this + * parameter to run tasks on the same instance, even it the tasks need to join different + * domains. For more information, see Using gMSAs for Windows + * Containers and Using gMSAs for Linux + * Containers.

      + */ + credentialSpecs?: string[]; } /** diff --git a/codegen/sdk-codegen/aws-models/ecs.json b/codegen/sdk-codegen/aws-models/ecs.json index 3b2fd3b72def..51475731790e 100644 --- a/codegen/sdk-codegen/aws-models/ecs.json +++ b/codegen/sdk-codegen/aws-models/ecs.json @@ -2483,6 +2483,12 @@ "traits": { "smithy.api#documentation": "

      The FireLens configuration for the container. This is used to specify and configure a\n\t\t\tlog router for container logs. For more information, see Custom Log Routing\n\t\t\tin the Amazon Elastic Container Service Developer Guide.

      " } + }, + "credentialSpecs": { + "target": "com.amazonaws.ecs#StringList", + "traits": { + "smithy.api#documentation": "

      A list of ARNs in SSM or Amazon S3 to a credential spec\n\t\t\t(credspeccode>) file that configures a container for Active Directory\n\t\t\tauthentication. This parameter is only used with domainless authentication.

      \n

      The format for each ARN is\n\t\t\t\t\tcredentialspecdomainless:MyARN. Replace\n\t\t\t\tMyARN with the ARN in SSM or Amazon S3.

      \n

      The credspec must provide a ARN in Secrets Manager for a secret\n\t\t\tcontaining the username, password, and the domain to connect to. For better security,\n\t\t\tthe instance isn't joined to the domain for domainless authentication. Other\n\t\t\tapplications on the instance can't use the domainless credentials. You can use this\n\t\t\tparameter to run tasks on the same instance, even it the tasks need to join different\n\t\t\tdomains. For more information, see Using gMSAs for Windows\n\t\t\t\tContainers and Using gMSAs for Linux\n\t\t\t\tContainers.

      " + } } }, "traits": { @@ -5672,7 +5678,7 @@ } }, "traits": { - "smithy.api#documentation": "

      An object representing a container health check. Health check parameters that are\n\t\t\tspecified in a container definition override any Docker health checks that exist in the\n\t\t\tcontainer image (such as those specified in a parent image or from the image's\n\t\t\tDockerfile). This configuration maps to the HEALTHCHECK parameter of docker run.

      \n \n

      The Amazon ECS container agent only monitors and reports on the health checks specified\n\t\t\t\tin the task definition. Amazon ECS does not monitor Docker health checks that are\n\t\t\t\tembedded in a container image and not specified in the container definition. Health\n\t\t\t\tcheck parameters that are specified in a container definition override any Docker\n\t\t\t\thealth checks that exist in the container image.

      \n       \n

      You can view the health status of both individual containers and a task with the\n\t\t\tDescribeTasks API operation or when viewing the task details in the console.

      \n

      The following describes the possible healthStatus values for a\n\t\t\tcontainer:

      \n
        \n
      • \n

        \n HEALTHY-The container health check has passed\n\t\t\t\t\tsuccessfully.

        \n
        • \n
      • \n

        \n UNHEALTHY-The container health check has failed.

        \n
        • \n
      • \n

        \n UNKNOWN-The container health check is being evaluated or\n\t\t\t\t\tthere's no container health check defined.

        \n
        • \n
      \n

      The following describes the possible healthStatus values for a task. The\n\t\t\tcontainer health check status of\n\t\t\tnon-essential containers don't have an effect on the health status of a task.

      \n
        \n
      • \n

        \n HEALTHY-All essential containers within the task have\n\t\t\t\t\tpassed their health checks.

        \n
        • \n
      • \n

        \n UNHEALTHY-One or more essential containers have failed\n\t\t\t\t\ttheir health check.

        \n
        • \n
      • \n

        \n UNKNOWN-The essential containers within the task are still\n\t\t\t\t\thaving their health checks evaluated, there are only nonessential containers\n\t\t\t\t\twith health checks defined, or there are no container health checks\n\t\t\t\t\tdefined.

        \n
        • \n
      \n

      If a task is run manually, and not as part of a service, the task will continue its\n\t\t\tlifecycle regardless of its health status. For tasks that are part of a service, if the\n\t\t\ttask reports as unhealthy then the task will be stopped and the service scheduler will\n\t\t\treplace it.

      \n

      The following are notes about container health check support:

      \n
        \n
      • \n

        Container health checks require version 1.17.0 or greater of the Amazon ECS\n\t\t\t\t\tcontainer agent. For more information, see Updating the\n\t\t\t\t\t\tAmazon ECS container agent.

        \n
        • \n
      • \n

        Container health checks are supported for Fargate tasks if\n\t\t\t\t\tyou're using platform version 1.1.0 or greater. For more\n\t\t\t\t\tinformation, see Fargate\n\t\t\t\t\t\tplatform versions.

        \n
        • \n
      • \n

        Container health checks aren't supported for tasks that are part of a service\n\t\t\t\t\tthat's configured to use a Classic Load Balancer.

        \n
        • \n
      " + "smithy.api#documentation": "

      An object representing a container health check. Health check parameters that are\n\t\t\tspecified in a container definition override any Docker health checks that exist in the\n\t\t\tcontainer image (such as those specified in a parent image or from the image's\n\t\t\tDockerfile). This configuration maps to the HEALTHCHECK parameter of docker run.

      \n \n

      The Amazon ECS container agent only monitors and reports on the health checks specified\n\t\t\t\tin the task definition. Amazon ECS does not monitor Docker health checks that are\n\t\t\t\tembedded in a container image and not specified in the container definition. Health\n\t\t\t\tcheck parameters that are specified in a container definition override any Docker\n\t\t\t\thealth checks that exist in the container image.

      \n       \n

      You can view the health status of both individual containers and a task with the\n\t\t\tDescribeTasks API operation or when viewing the task details in the console.

      \n

      The health check is designed to make sure that your containers survive\n\t\t\tagent restarts, upgrades, or temporary unavailability.

      \n

      The following describes the possible healthStatus values for a\n\t\t\tcontainer:

      \n
        \n
      • \n

        \n HEALTHY-The container health check has passed\n\t\t\t\t\tsuccessfully.

        \n
        • \n
      • \n

        \n UNHEALTHY-The container health check has failed.

        \n
        • \n
      • \n

        \n UNKNOWN-The container health check is being evaluated or\n\t\t\t\t\tthere's no container health check defined.

        \n
        • \n
      \n

      The following describes the possible healthStatus values for a task. The\n\t\t\tcontainer health check status of\n\t\t\tnon-essential containers don't have an effect on the health status of a task.

      \n
        \n
      • \n

        \n HEALTHY-All essential containers within the task have\n\t\t\t\t\tpassed their health checks.

        \n
        • \n
      • \n

        \n UNHEALTHY-One or more essential containers have failed\n\t\t\t\t\ttheir health check.

        \n
        • \n
      • \n

        \n UNKNOWN-The essential containers within the task are still\n\t\t\t\t\thaving their health checks evaluated, there are only nonessential containers\n\t\t\t\t\twith health checks defined, or there are no container health checks\n\t\t\t\t\tdefined.

        \n
        • \n
      \n

      If a task is run manually, and not as part of a service, the task will continue its\n\t\t\tlifecycle regardless of its health status. For tasks that are part of a service, if the\n\t\t\ttask reports as unhealthy then the task will be stopped and the service scheduler will\n\t\t\treplace it.

      \n

      The following are notes about container health check support:

      \n
        \n
      • \n

        When the Amazon ECS agent cannot connect to the Amazon ECS service, the\n\t\t\t\t\tservice reports the container as UNHEALTHY.

        \n
        • \n
      • \n

        The health check statuses are the \"last heard from\" response from the Amazon ECS agent. There\n\t\t\t\t\tare no assumptions made about the status of the container health checks.

        \n
        • \n
      • \n

        Container health checks require version 1.17.0 or greater of the Amazon ECS\n\t\t\t\t\tcontainer agent. For more information, see Updating the\n\t\t\t\t\t\tAmazon ECS container agent.

        \n
        • \n
      • \n

        Container health checks are supported for Fargate tasks if\n\t\t\t\t\tyou're using platform version 1.1.0 or greater. For more\n\t\t\t\t\tinformation, see Fargate\n\t\t\t\t\t\tplatform versions.

        \n
        • \n
      • \n

        Container health checks aren't supported for tasks that are part of a service\n\t\t\t\t\tthat's configured to use a Classic Load Balancer.

        \n
        • \n
      " } }, "com.amazonaws.ecs#HealthStatus": {