Load Balanced Web Service
List of all available properties for a 'Load Balanced Web Service'
manifest.
Sample manifest for a frontend service
# Your service name will be used in naming your resources like log groups, ECS services, etc.
name: frontend
type: Load Balanced Web Service
# Distribute traffic to your service.
http:
path: '/'
healthcheck:
path: '/_healthcheck'
healthy_threshold: 3
unhealthy_threshold: 2
interval: 15s
timeout: 10s
stickiness: false
allowed_source_ips: ["10.24.34.0/23"]
# Configuration for your containers and service.
image:
build:
dockerfile: ./frontend/Dockerfile
context: ./frontend
port: 80
cpu: 256
memory: 512
count:
range: 1-10
cpu_percentage: 70
memory_percentage: 80
requests: 10000
response_time: 2s
exec: true
variables:
LOG_LEVEL: info
secrets:
GITHUB_TOKEN: GITHUB_TOKEN
# You can override any of the values defined above by environment.
environments:
production:
count: 2
name
String
The name of your service.
type
String
The architecture type for your service. A Load Balanced Web Service is an internet-facing service that's behind a load balancer, orchestrated by Amazon ECS on AWS Fargate.
http
Map
The http section contains parameters related to integrating your service with an Application Load Balancer.
http.path
String
Requests to this path will be forwarded to your service. Each Load Balanced Web Service should listen on a unique path.
http.healthcheck
String or Map
If you specify a string, Copilot interprets it as the path exposed in your container to handle target group health check requests. The default is "/".
http:
healthcheck: '/'
http:
healthcheck:
path: '/'
healthy_threshold: 3
unhealthy_threshold: 2
interval: 15s
timeout: 10s
http.healthcheck.healthy_threshold
Integer
The number of consecutive health check successes required before considering an unhealthy target healthy. The Copilot default is 2. Range: 2-10.
http.healthcheck.unhealthy_threshold
Integer
The number of consecutive health check failures required before considering a target unhealthy. The Copilot default is 2. Range: 2-10.
http.healthcheck.interval
Duration
The approximate amount of time, in seconds, between health checks of an individual target. The Copilot default is 10s. Range: 5s–300s.
http.healthcheck.timeout
Duration
The amount of time, in seconds, during which no response from a target means a failed health check. The Copilot default is 5s. Range 5s-300s.
http.target_container
String
A sidecar container that takes the place of a service container.
http.stickiness
Boolean
Indicates whether sticky sessions are enabled.
http.allowed_source_ips
Array of Strings
CIDR IP addresses permitted to access your service.
http:
allowed_source_ips: ["192.0.2.0/24", "198.51.100.10/32"]
image
Map
The image section contains parameters relating to the Docker build configuration and exposed port.
image.build
String or Map
If you specify a string, Copilot interprets it as the path to your Dockerfile. It will assume that the dirname of the string you specify should be the build context. The manifest:
image:
build: path/to/dockerfile
$ docker build --file path/to/dockerfile path/to
You can also specify build as a map:
image:
build:
dockerfile: path/to/dockerfile
context: context/dir
target: build-stage
cache_from:
- image:tag
args:
key: value
$ docker build --file path/to/dockerfile --target build-stage --cache-from image:tag --build-arg key=value context/dir
.
You can omit fields and Copilot will do its best to understand what you mean. For example, if you specify context
but not dockerfile
, Copilot will run Docker in the context directory and assume that your Dockerfile is named "Dockerfile." If you specify dockerfile
but no context
, Copilot assumes you want to run Docker in the directory that contains dockerfile
.
All paths are relative to your workspace root.
image.location
String
Instead of building a container from a Dockerfile, you can specify an existing image name. Mutually exclusive with image.build
.
The location
field follows the same definition as the image
parameter in the Amazon ECS task definition.
image.port
Integer
The port exposed in your Dockerfile. Copilot should parse this value for you from your EXPOSE
instruction.
entrypoint
String or Array of Strings
Override the default entrypoint in the image.
# String version.
entrypoint: "/bin/entrypoint --p1 --p2"
# Alteratively, as an array of strings.
entrypoint: ["/bin/entrypoint", "--p1", "--p2"]
command
String or Array of Strings
Override the default command in the image.
# String version.
command: ps au
# Alteratively, as an array of strings.
command: ["ps", "au"]
cpu
Integer
Number of CPU units for the task. See the Amazon ECS docs for valid CPU values.
memory
Integer
Amount of memory in MiB used by the task. See the Amazon ECS docs for valid memory values.
count
Integer or Map
If you specify a number:
count: 5
Alternatively, you can specify a map for setting up autoscaling:
count:
range: 1-10
cpu_percentage: 70
memory_percentage: 80
requests: 10000
response_time: 2s
count.range
String
Specify a minimum and maximum bound for the number of tasks your service should maintain.
count.cpu_percentage
Integer
Scale up or down based on the average CPU your service should maintain.
count.memory_percentage
Integer
Scale up or down based on the average memory your service should maintain.
count.requests
Integer
Scale up or down based on the request count handled per tasks.
count.response_time
Duration
Scale up or down based on the service average response time.
exec
Boolean
Enable running commands in your container. The default is false
. Required for $ copilot svc exec
. Please note that this will update the service's Fargate Platform Version to 1.4.0.
network
Map
The network
section contains parameters for connecting to AWS resources in a VPC.
network.vpc
Map
Subnets and security groups attached to your tasks.
network.vpc.placement
String
Must be one of 'public'
or 'private'
. Defaults to launching your tasks in public subnets.
Info
If you launch tasks in 'private'
subnets and use a Copilot-generated VPC, Copilot will add NAT Gateways to your environment. Alternatively, you can import a VPC with NAT Gateways when running copilot env init
for internet connectivity.
network.vpc.security_groups
Array of Strings
Additional security group IDs associated with your tasks. Copilot always includes a security group so containers within your environment
can communicate with each other.
variables
Map
Key-value pairs that represent environment variables that will be passed to your service. Copilot will include a number of environment variables by default for you.
secrets
Map
Key-value pairs that represent secret values from AWS Systems Manager Parameter Store that will be securely passed to your service as environment variables.
storage
Map
The Storage section lets you specify external EFS volumes for your containers and sidecars to mount. This allows you to access persistent storage across regions for data processing or CMS workloads. For more detail, see the storage page.
storage.volumes
Map
Specify the name and configuration of any EFS volumes you would like to attach. The volumes
field is specified as a map of the form:
volumes:
{{ volume name }}:
path: "/etc/mountpath"
efs:
...
storage.volumes.volume
Map
Specify the configuration of a volume.
volume.path
String
Required. Specify the location in the container where you would like your volume to be mounted. Must be fewer than 242 characters and must consist only of the characters a-zA-Z0-9.-_/
.
volume.read_only
Bool
Optional. Defaults to true
. Defines whether the volume is read-only or not. If false, the container is granted elasticfilesystem:ClientWrite
permissions to the filesystem and the volume is writable.
volume.efs
Map
Specify more detailed EFS configuration.
volume.efs.id
String
Required. The ID of the filesystem you would like to mount.
volume.efs.root_dir
String
Optional. Defaults to /
. Specify the location in the EFS filesystem you would like to use as the root of your volume. Must be fewer than 255 characters and must consist only of the characters a-zA-Z0-9.-_/
. If using an access point, root_dir
must be either empty or /
and auth.iam
must be true
.
volume.efs.auth
Map
Specify advanced authorization configuration for EFS.
volume.efs.auth.iam
Bool
Optional. Defaults to true
. Whether or not to use IAM authorization to determine whether the volume is allowed to connect to EFS.
volume.efs.auth.access_point_id
String
Optional. Defaults to ""
. The ID of the EFS access point to connect to. If using an access point, root_dir
must be either empty or /
and auth.iam
must be true
.
environments
Map
The environment section lets you override any value in your manifest based on the environment you're in. In the example manifest above, we're overriding the count parameter so that we can run 2 copies of our service in our prod environment.