Attini::Deploy::Runner
The Attini::Deploy::Runner
resource only works in conjunction with the
Attini deployment plan. See
AttiniRunnerJob
for more information.
The Attini::Deploy::Runner
can only be created in the
Attini init deploy stack.
Type: Attini::Deploy::Runner
Properties:
TaskDefinitionArn: String
ContainerName: String
EcsCluster: String
RoleArn: String
Image: String
Memory: Integer
Cpu: Integer
Ec2Configuration:
Ami: String
InstanceType: String
InstanceProfileName: String
RunnerConfiguration:
MaxConcurrentJobs: Number
IdleTimeToLive: Number
JobTimeout: Number
LogLevel: String
AwsVpcConfiguration:
Subnets: String,String
SecurityGroups: String,String
AssignPublicIp: String
Startup:
Commands:
- String
CommandsTimeout: Number
Type: String
ECS task definition that the Attini Runner should use.
The container image ENTRYPOINT or ECS task definition Entrypoint, must NOT be configured. If the ENTRYPOINT is configured, it will cause the Attini Runner not to start properly.
Depending on the ENTRYPOINT content, it can cause zombie ECS tasks.
Container image CMD and ECS task definition Command will be overwritten by the RunTask API call that Attini will call on your behalf.
To run commands from the Attini Runner, use the Attini::Deploy::DeploymentPlan AttiniRunnerJob type.
If you want to use CloudFormation to define the task definition, see AWS::ECS::TaskDefinition for more information.
Your TaskDefinitions IAM Role requires a basic execution policy called:
arn:aws:iam::${AccountId}:policy/attini-runner-basic-execution-policy-${Region}
The “TaskDefinitionArn” configuration can not be combined with the “Image” configuration.
If “TaskDefinitionArn” and “Image” is omitted, default task definition will be used.
Required: No
Type: String
The name of the container in the task definition that should run the runner jobs. This is required if there is more than one container definition in the specified task definition.
Required: Conditional
Type: String
The name of the Attini Runners ECS Cluster.
Required: No
Default: attini-default
Type: String
This IAM Role will override the IAM Role from the TaskDefinition.
This IAM Role requires a basic execution policy that allows the runner to communicate with the deployment plan:
arn:aws:iam::${AccountId}:policy/attini-runner-basic-execution-policy-${Region}
CloudFormation example:
AttiniRunnerRole:
Type: AWS::IAM::Role
Properties:
Description: Attini runner task role
Path: /attini/
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
-
Effect: Allow
Principal:
Service: ecs-tasks.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns:
- !Sub arn:aws:iam::${AWS::AccountId}:policy/attini-runner-basic-execution-policy-${AWS::Region}
Required: No
Default: arn:aws:iam::{AccountId}:role/attini/attini-default-runner-role-{Region}
Type: String
A Container image that the runner should use. If you configure this value, Attini will configure a TaskDefinition for you with the following configuration:
{RunnerName}TaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
ContainerDefinitions:
- Name: Container
Image: ${Image}
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-group: !Ref {RunnerName}LogGroup
awslogs-region: !Ref AWS::Region
awslogs-stream-prefix: logs
Cpu: 512
ExecutionRoleArn: # Set to {RoleArn} or "Fn::Sub: arn:aws:iam::${AWS::AccountId}:role/attini/attini-default-runner-role-${AWS::Region}"
TaskRoleArn: # Set to {RoleArn} or "Fn::Sub: arn:aws:iam::${AWS::AccountId}:role/attini/attini-default-runner-role-${AWS::Region}"
Memory: 3072
NetworkMode: awsvpc
RequiresCompatibilities:
- FARGATE
{RunnerName}LogGroup:
Type: AWS::Logs::LogGroup
Properties:
RetentionInDays: 90
If you want to change any configuration, you can create your own task definition.
The “Image” configuration can not be combined with the “TaskDefinitionArn” configuration.
If “TaskDefinitionArn” and “Image” is omitted, default task definition will be used.
Required: No
Type: Number
This configuration will override the memory configuration from the TaskDefinition.
If the runner uses Fargate, this has to be a valid Fargate CPU and memory configuration.
If the runner uses EC2, we recommend the memory configuration to be ca 70-80% of the available memory of the EC2 Host so that there is some memory left for the Host OS. Exactly how much memory your Host OS needs depends on your workload so you might need to adjust this if you face any issues.
Required: No
Type: Number
This configuration will override the CPU configuration from the TaskDefinition.
If the runner uses Fargate, this has to be a valid Fargate CPU and memory configuration.
If the runner uses EC2, this value has to be smaller than the available Host CPU.
Required: No
Type: Ec2Configuration
Configuration for the runner EC2 Host.
If this EC2 configuration is set, the Attini runner will use ECS EC2 launch type, otherwise Fargate launch type will be used. Consequently, the task definition has to be compatible with the correct launch type.
Find more information in the .
Required: No
Configuration for the runner.
Required: No
Type: AwsVpcConfiguration
The VPC configuration for the Runner ECS task.
If AwsVpcConfiguration is omitted, Attini will use the default VPC and create a new security group resource in the init deploy stack. The security group will have no inbound rules (no openings), but allow all outgoing traffic.
Required: No
Type: StartupConfiguration
Startup instructions for the Attini Runner.
Required: No
Limitations
CloudFormation intrinsic functions
Some parts of the Attini::Deploy::Runner
configuration will be moved
into the
deployment plan state language definition
so that it can be used by when Attini runs the RunTask
API Call.
This means that some CloudFormation functions (ex Fn::Join
or
Fn::ImportValue
) might not work as expected. As a workaround, your can
use
deployment plan definition substitutions
and reference the substitutions
in the
Attini::Deploy::Runner
.