github.com/awslabs/fargate@v0.2.3/README.md (about) 1 # Fargate CLI 2 3 ![](doc/media/fargate.png) 4 5 Deploy serverless containers onto the cloud from your command line 6 7 ## Usage 8 9 ### Configuration 10 11 #### Region 12 13 By default, fargate uses *us-east-1* as this is the single region where AWS 14 Fargate is available. The CLI accepts a --region parameter for future use and 15 will honor *AWS_REGION* and *AWS_DEFAULT_REGION* environment settings. Note that 16 specifying a region where all required services aren't available will return an 17 error. 18 19 See the [Region Table][region-table] for a breakdown of what services are 20 available in which regions. 21 22 #### Credentials 23 24 fargate is built using the [AWS SDK for Go][go-sdk] which looks for credentials 25 in the following locations: 26 27 1. [Environment Variables][go-env-vars] 28 29 1. [Shared Credentials File][go-shared-credentials-file] 30 31 1. [EC2 Instance Profile][go-iam-roles-for-ec2-instances] 32 33 For more information see [Specifying Credentials][go-specifying-credentials] in 34 the AWS SDK for Go documentation. 35 36 ### Commands 37 38 - [Tasks](#tasks) 39 - [Services](#services) 40 - [Load Balancers](#load-balancers) 41 - [Certificates](#certificates) 42 43 #### Global Flags 44 45 | Flag | Default | Description | 46 | --- | --- | --- | 47 | --cluster | fargate | ECS cluster name | 48 | --region | us-east-1 | AWS region | 49 | --no-color | false | Disable color output | 50 | --verbose | false | Verbose output | 51 52 #### Tasks 53 54 Tasks are one-time executions of your container. Instances of your task are run 55 until you manually stop them either through AWS APIs, the AWS Management 56 Console, or `fargate task stop`, or until they are interrupted for any reason. 57 58 - [list](#fargate-task-list) 59 - [run](#fargate-task-run) 60 - [info](#fargate-task-info) 61 - [ps](#fargate-task-ps) 62 - [logs](#fargate-task-logs) 63 - [stop](#fargate-task-stop) 64 65 ##### fargate task list 66 67 ```console 68 fargate task list 69 ``` 70 71 List running task groups 72 73 ##### fargate task run 74 75 ```console 76 fargate task run <task-group-name> [--num <count>] [--cpu <cpu-units>] [--memory <MiB>] 77 [--image <docker-image>] [--env <key=value>] 78 [--subnet-id <subnet-id>] [--security-group-id <security-group-id>] 79 ``` 80 81 Run new tasks 82 83 You must specify a task group name in order to interact with the task(s) in 84 subsequent commands to view logs, stop and inspect tasks. Task group names do 85 not have to be unique -- multiple configurations of task instances can be 86 started with the same task group. 87 88 Multiple instances of a task can be run by specifying a number in the --num 89 flag. If no number is specified, a single task instance will be run. 90 91 CPU and memory settings can be optionally specified as CPU units and mebibytes 92 respectively using the --cpu and --memory flags. Every 1024 CPU units is 93 equivilent to a single vCPU. AWS Fargate only supports certain combinations of 94 CPU and memory configurations: 95 96 | CPU (CPU Units) | Memory (MiB) | 97 | --------------- | ------------------------------------- | 98 | 256 | 512, 1024, or 2048 | 99 | 512 | 1024 through 4096 in 1GiB increments | 100 | 1024 | 2048 through 8192 in 1GiB increments | 101 | 2048 | 4096 through 16384 in 1GiB increments | 102 | 4096 | 8192 through 30720 in 1GiB increments | 103 104 If not specified, fargate will launch minimally sized tasks at 0.25 vCPU (256 105 CPU units) and 0.5GB (512 MiB) of memory. 106 107 The Docker container image to use in the task can be optionally specified via 108 the --image flag. If not specified, fargate will build a new Docker container 109 image from the current working directory and push it to Amazon ECR in a 110 repository named for the task group. If the current working directory is a git 111 repository, the container image will be tagged with the short ref of the HEAD 112 commit. If not, a timestamp in the format of YYYYMMDDHHMMSS will be used. 113 114 Environment variables can be specified via the --env flag. Specify --env with a 115 key=value parameter multiple times to add multiple variables. 116 117 Security groups can optionally be specified for the task by passing the 118 --security-group-id flag with a security group ID. To add multiple security 119 groups, pass --security-group-id with a security group ID multiple times. If 120 --security-group-id is omitted, a permissive security group will be applied to 121 the task. 122 123 By default, the task will be created in the default VPC and attached to the 124 default VPC subnets for each availability zone. You can override this by 125 specifying explicit subnets by passing the --subnet-id flag with a subnet ID. 126 127 ##### fargate task info 128 129 ```console 130 fargate task info <task-group-name> [--task <task-id>] 131 ``` 132 133 Inspect tasks 134 135 Shows extended information for each running task within a task group or for 136 specific tasks specified with the --task flag. Information includes environment 137 variables which could differ between tasks in a task group. To inspect multiple 138 specific tasks within a task group specific --task with a task ID multiple 139 times. 140 141 ##### fargate task ps 142 143 ```console 144 fargate task ps <task-group-name> 145 ``` 146 147 List running tasks 148 149 ##### fargate task logs 150 151 ```console 152 fargate task logs <task-group-name> [--follow] [--start <time-expression>] [--end <time-expression>] 153 [--filter <filter-expression>] [--task <task-id>] 154 ``` 155 156 Show logs from tasks 157 158 Return either a specific segment of task logs or tail logs in real-time using 159 the --follow option. Logs are prefixed by their log stream name which is in the 160 format of "fargate/\<task-group-name>/\<task-id>." 161 162 Follow will continue to run and return logs until interrupted by Control-C. If 163 --follow is passed --end cannot be specified. 164 165 Logs can be returned for specific tasks within a task group by passing a task 166 ID via the --task flag. Pass --task with a task ID multiple times in order to 167 retrieve logs from multiple specific tasks. 168 169 A specific window of logs can be requested by passing --start and --end options 170 with a time expression. The time expression can be either a duration or a 171 timestamp: 172 173 - Duration (e.g. -1h [one hour ago], -1h10m30s [one hour, ten minutes, and 174 thirty seconds ago], 2h [two hours from now]) 175 - Timestamp with optional timezone in the format of YYYY-MM-DD HH:MM:SS [TZ]; 176 timezone will default to UTC if omitted (e.g. 2017-12-22 15:10:03 EST) 177 178 You can filter logs for specific term by passing a filter expression via the 179 --filter flag. Pass a single term to search for that term, pass multiple terms 180 to search for log messages that include all terms. See the [CloudWatch Logs 181 documentation][cwl-filter-expression] for more details. 182 183 ##### fargate task stop 184 185 ```console 186 fargate task stop <task-group-name> [--task <task-id>] 187 ``` 188 189 Stop tasks 190 191 Stops all tasks within a task group if run with only a task group name or stops 192 individual tasks if one or more tasks are passed via the --task flag. Specify 193 --task with a task ID parameter multiple times to stop multiple specific tasks. 194 195 #### Services 196 197 Services manage long-lived instances of your containers that are run on AWS 198 Fargate. If your container exits for any reason, the service scheduler will 199 restart your containers and ensure your service has the desired number of 200 tasks running. Services can be used in concert with a load balancer to 201 distribute traffic amongst the tasks in your service. 202 203 - [list](#fargate-service-list) 204 - [create](#fargate-service-create) 205 - [deploy](#fargate-service-deploy) 206 - [info](#fargate-service-info) 207 - [logs](#fargate-service-logs) 208 - [ps](#fargate-service-ps) 209 - [scale](#fargate-service-scale) 210 - [env set](#fargate-service-env-set) 211 - [env unset](#fargate-service-env-unset) 212 - [env list](#fargate-service-env-list) 213 - [update](#fargate-service-update) 214 - [restart](#fargate-service-restart) 215 - [destroy](#fargate-service-destroy) 216 217 ##### fargate service list 218 219 ```console 220 fargate service list 221 ``` 222 223 List services 224 225 ##### fargate service create 226 227 ```console 228 fargate service create <service name> [--cpu <cpu units>] [--memory <MiB>] [--port <port-expression>] 229 [--lb <load-balancer-name>] [--rule <rule-expression>] 230 [--image <docker-image>] [--env <key=value>] [--num <count>] 231 [--security-group-id <security-group-id>] [--subnet-id <subnet-id] 232 ``` 233 234 Create a new service 235 236 CPU and memory settings can be optionally specified as CPU units and mebibytes 237 respectively using the --cpu and --memory flags. Every 1024 CPU units is 238 equivilent to a single vCPU. AWS Fargate only supports certain combinations of 239 CPU and memory configurations: 240 241 | CPU (CPU Units) | Memory (MiB) | 242 | --------------- | ------------------------------------- | 243 | 256 | 512, 1024, or 2048 | 244 | 512 | 1024 through 4096 in 1GiB increments | 245 | 1024 | 2048 through 8192 in 1GiB increments | 246 | 2048 | 4096 through 16384 in 1GiB increments | 247 | 4096 | 8192 through 30720 in 1GiB increments | 248 249 If not specified, fargate will launch minimally sized tasks at 0.25 vCPU (256 250 CPU units) and 0.5GB (512 MiB) of memory. 251 252 The Docker container image to use in the service can be optionally specified 253 via the --image flag. If not specified, fargate will build a new Docker 254 container image from the current working directory and push it to Amazon ECR in 255 a repository named for the task group. If the current working directory is a 256 git repository, the container image will be tagged with the short ref of the 257 HEAD commit. If not, a timestamp in the format of YYYYMMDDHHMMSS will be used. 258 259 To use the service with a load balancer, a port must be specified when the 260 service is created. Specify a port by passing the --port flag and a port 261 expression of protocol:port-number. For example, if the service listens on port 262 80 and uses HTTP, specify HTTP:80. Valid protocols are HTTP, HTTPS, and TCP. 263 You can only specify a single port. 264 265 Services can optionally be configured to use a load balancer. To put a load 266 balancer in front a service, pass the --lb flag with the name of a load 267 balancer. If you specify a load balancer, you must also specify a port via the 268 --port flag to which the load balancer should forward requests. Optionally, 269 Application Load Balancers can be configured to route HTTP/HTTPS traffic to the 270 service based upon a rule. Rules are configured by passing one or more rules by 271 specifying the --rule flag along with a rule expression. Rule expressions are 272 in the format of TYPE=VALUE. Type can either be PATH or HOST. PATH matches the 273 PATH of the request and HOST matches the requested hostname in the HTTP 274 request. Both PATH and HOST types can include up to three wildcard characters: 275 \* to match multiple characters and ? to match a single character. If rules are 276 omitted, the service will be the load balancer's default action. 277 278 Environment variables can be specified via the --env flag. Specify --env with a 279 key=value parameter multiple times to add multiple variables. 280 281 Specify the desired count of tasks the service should maintain by passing the 282 --num flag with a number. If you omit this flag, fargate will configure a 283 service with a desired number of tasks of 1. 284 285 Security groups can optionally be specified for the service by passing the 286 --security-group-id flag with a security group ID. To add multiple security 287 groups, pass --security-group-id with a security group ID multiple times. If 288 --security-group-id is omitted, a permissive security group will be applied to 289 the service. 290 291 By default, the service will be created in the default VPC and attached 292 to the default VPC subnets for each availability zone. You can override this by 293 specifying explicit subnets by passing the --subnet-id flag with a subnet ID. 294 295 ##### fargate service deploy 296 297 ```console 298 fargate service deploy <service-name> [--image <docker-image>] 299 ``` 300 301 Deploy new image to service 302 303 The Docker container image to use in the service can be optionally specified 304 via the --image flag. If not specified, fargate will build a new Docker 305 container image from the current working directory and push it to Amazon ECR in 306 a repository named for the task group. If the current working directory is a 307 git repository, the container image will be tagged with the short ref of the 308 HEAD commit. If not, a timestamp in the format of YYYYMMDDHHMMSS will be used. 309 310 ##### fargate service info 311 312 ```console 313 fargate service info <service-name> 314 ``` 315 316 Inspect service 317 318 Show extended information for a service including load balancer configuration, 319 active deployments, and environment variables. 320 321 Deployments show active versions of your service that are running. Multiple 322 deployments are shown if a service is transitioning due to a deployment or 323 update to configuration such a CPU, memory, or environment variables. 324 325 ##### fargate service logs 326 327 ```console 328 fargate service logs <service-name> [--follow] [--start <time-expression>] [--end <time-expression>] 329 [--filter <filter-expression>] [--task <task-id>] 330 ``` 331 332 Show logs from tasks in a service 333 334 Return either a specific segment of service logs or tail logs in real-time 335 using the --follow option. Logs are prefixed by their log stream name which is 336 in the format of "fargate/\<service-name>/\<task-id>." 337 338 Follow will continue to run and return logs until interrupted by Control-C. If 339 --follow is passed --end cannot be specified. 340 341 Logs can be returned for specific tasks within a service by passing a task ID 342 via the --task flag. Pass --task with a task ID multiple times in order to 343 retrieve logs from multiple specific tasks. 344 345 A specific window of logs can be requested by passing --start and --end options 346 with a time expression. The time expression can be either a duration or a 347 timestamp: 348 349 - Duration (e.g. -1h [one hour ago], -1h10m30s [one hour, ten minutes, and 350 thirty seconds ago], 2h [two hours from now]) 351 - Timestamp with optional timezone in the format of YYYY-MM-DD HH:MM:SS [TZ]; 352 timezone will default to UTC if omitted (e.g. 2017-12-22 15:10:03 EST) 353 354 You can filter logs for specific term by passing a filter expression via the 355 --filter flag. Pass a single term to search for that term, pass multiple terms 356 to search for log messages that include all terms. See the [CloudWatch Logs 357 documentation][cwl-filter-expression] for more details. 358 359 ##### fargate service ps 360 361 ```console 362 fargate service ps <service-name> 363 ``` 364 365 List running tasks for a service 366 367 ##### fargate service scale 368 369 ```console 370 fargate service scale <service-name> <scale-expression> 371 ``` 372 373 Scale number of tasks in a service 374 375 Changes the number of desired tasks to be run in a service by the given scale 376 expression. A scale expression can either be an absolute number or a delta 377 specified with a sign such as +5 or -2. 378 379 ##### fargate service env set 380 381 ```console 382 fargate service env set <service-name> --env <key=value> 383 ``` 384 385 Set environment variables 386 387 At least one environment variable must be specified via the --env flag. Specify 388 --env with a key=value parameter multiple times to add multiple variables. 389 390 ##### fargate service env unset 391 392 ```console 393 fargate service env unset <service-name> --key <key-name> 394 ``` 395 396 Unset environment variables 397 398 Unsets the environment variable specified via the --key flag. Specify --key with 399 a key name multiple times to unset multiple variables. 400 401 ##### fargate service env list 402 403 ```console 404 fargate service env list <service-name> 405 ``` 406 407 Show environment variables 408 409 ##### fargate service update 410 411 ```console 412 fargate service update <service-name> [--cpu <cpu-units>] [--memory <MiB>] 413 ``` 414 415 Update service configuration 416 417 CPU and memory settings are specified as CPU units and mebibytes respectively 418 using the --cpu and --memory flags. Every 1024 CPU units is equivilent to a 419 single vCPU. AWS Fargate only supports certain combinations of CPU and memory 420 configurations: 421 422 | CPU (CPU Units) | Memory (MiB) | 423 | --------------- | ------------------------------------- | 424 | 256 | 512, 1024, or 2048 | 425 | 512 | 1024 through 4096 in 1GiB increments | 426 | 1024 | 2048 through 8192 in 1GiB increments | 427 | 2048 | 4096 through 16384 in 1GiB increments | 428 | 4096 | 8192 through 30720 in 1GiB increments | 429 430 At least one of --cpu or --memory must be specified. 431 432 ##### fargate service restart 433 434 ```console 435 fargate service restart <service-name> 436 ``` 437 438 Restart service 439 440 Creates a new set of tasks for the service and stops the previous tasks. This 441 is useful if your service needs to reload data cached from an external source, 442 for example. 443 444 ##### fargate service destroy 445 446 ```console 447 fargate service destroy <service-name> 448 ``` 449 450 Destroy service 451 452 In order to destroy a service, it must first be scaled to 0 running tasks. 453 454 #### Load Balancers 455 456 Load balancers distribute incoming traffic between the tasks within a service 457 for HTTP/HTTPS and TCP applications. HTTP/HTTPS load balancers can route to 458 multiple services based upon rules you specify when you create a new service. 459 460 - [list](#fargate-lb-list) 461 - [create](#fargate-lb-create) 462 - [destroy](#fargate-lb-destroy) 463 - [alias](#fargate-lb-alias) 464 - [info](#fargate-lb-info) 465 466 ##### fargate lb list 467 468 ```console 469 fargate lb list 470 ``` 471 472 List load balancers 473 474 ##### fargate lb create 475 476 ```console 477 fargate lb create <load-balancer-name> --port <port-expression> [--certificate <certificate-name>] 478 [--subnet-id <subnet-id>] [--security-group-id <security-group-id>] 479 ``` 480 481 Create a load balancer 482 483 At least one port must be specified for the load balancer listener via the 484 --port flag and a port expression of protocol:port-number. For example, if you 485 wanted an HTTP load balancer to listen on port 80, you would specify HTTP:80. 486 Valid protocols are HTTP, HTTPS, and TCP. You can specify multiple listeners by 487 passing the --port flag with a port expression multiple times. You cannot mix 488 TCP ports with HTTP/HTTPS ports on a single load balancer. 489 490 You can optionally include certificates to secure HTTPS ports by passed the 491 --certificate flag along with a certificate name. This option can be specified 492 multiple times to add additional certificates to a single load balancer which 493 uses Service Name Identification (SNI) to select the appropriate certificate 494 for the request. 495 496 By default, the load balancer will be created in the default VPC and attached 497 to the default VPC subnets for each availability zone. You can override this by 498 specifying explicit subnets by passing the --subnet-id flag with a subnet ID. 499 HTTP/HTTPS load balancers require at least two subnets attached while a TCP 500 load balancer requires only one. You may only specify a single subnet from each 501 availability zone. 502 503 Security groups can optionally be specified for HTTP/HTTPS load balancers by 504 passing the --security-group-id flag with a security group ID. To add multiple 505 security groups, pass --security-group-id with a security group ID multiple 506 times. If --security-group-id is omitted, a permissive security group will be 507 applied to the load balancer. 508 509 ##### fargate lb destroy 510 511 ```console 512 fargate lb destroy <load-balancer-name> 513 ``` 514 515 Destroy load balancer 516 517 ##### fargate lb alias 518 519 ```console 520 fargate lb alias <load-balancer-name> <hostname> 521 ``` 522 523 Create a load balancer alias record 524 525 Create an alias record to the load balancer for domains that are hosted within 526 Amazon Route 53 and within the same AWS account. If you're using another DNS 527 provider or host your domains in a differnt account, you will need to manually 528 create this record. 529 530 ##### fargate lb info 531 532 ```console 533 fargate lb info <load-balancer-name> 534 ``` 535 536 Inspect load balancer 537 538 Returns extended information about a load balancer including a list of 539 listeners, rules, and certificates in use by the load balancer. 540 541 542 #### Certificates 543 544 Certificates are TLS certificates issued by or imported into AWS Certificate 545 Manager for use in securing traffic between load balancers and end users. ACM 546 provides TLS certificates free of charge for use within AWS resources. 547 548 - [list](#fargate-certificate-list) 549 - [import](#fargate-certificate-import) 550 - [request](#fargate-certificate-request) 551 - [info](#fargate-certificate-info) 552 - [validate](#fargate-certificate-validate) 553 - [destroy](#fargate-certificate-destroy) 554 555 ##### fargate certificate list 556 557 ```console 558 fargate certificate list 559 ``` 560 561 List certificates 562 563 ##### fargate certificate import 564 565 ```console 566 fargate certificate import <domain-name> --certificate <filename> --key <filename> [--chain <filename>] 567 ``` 568 569 Import a certificate 570 571 Upload a certificate from a certificate file, a private key file, an optionally 572 an intermediate certificate chain file. The files must be PEM-encoded and the 573 private key must not be encrypted or protected by a passphrase. See the 574 [AWS Certificate Manager documentation][acm-import-cert] for more details. 575 576 ##### fargate certificate request 577 578 ```console 579 fargate certificate request <domain-name> [--alias <domain-name>] 580 ``` 581 582 Request a certificate 583 584 Certificates can be for a fully qualified domain name (e.g. www.example.com) or 585 a wildcard domain name (e.g. *.example.com). You can add aliases to a 586 certificate by specifying additional domain names via the --alias flag. To add 587 multiple aliases, pass --alias multiple times. By default, AWS Certificate 588 Manager has a limit of 10 domain names per certificate, but this limit can be 589 raised by AWS support. 590 591 ##### fargate certificate info 592 593 ```console 594 fargate certificate info <domain-name> 595 ``` 596 597 Inspect certificate 598 599 Show extended information for a certificate including each validation for the 600 certificate including any DNS records which must be created to validate 601 domain ownership. 602 603 ##### fargate certificate validate 604 605 ```console 606 fargate certificate validate <domain-name> 607 ``` 608 609 Validate certificate ownership 610 611 fargate will automatically create DNS validation record to verify ownership for 612 any domain names that are hosted within Amazon Route 53. If your certificate 613 has aliases, a validation record will be attempted per alias. Any records whose 614 domains are hosted in other DNS hosting providers or in other DNS accounts 615 and cannot be automatically validated will have the necessary records output. 616 These records are also available in `fargate certificate info \<domain-name>`. 617 618 AWS Certificate Manager may take up to several hours after the DNS records are 619 created to complete validation and issue the certificate. 620 621 ##### fargate certificate destroy 622 623 ```console 624 fargate certificate destroy <domain-name> 625 ``` 626 627 Destroy certificate 628 629 In order to destroy a service, it must not be in use by any load balancers or 630 any other AWS resources. 631 632 [region-table]: https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/ 633 [go-sdk]: https://aws.amazon.com/documentation/sdk-for-go/ 634 [go-env-vars]: http://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#environment-variables 635 [go-shared-credentials-file]: http://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#shared-credentials-file 636 [go-iam-roles-for-ec2-instances]: http://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#iam-roles-for-ec2-instances 637 [go-specifying-credentials]: http://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials 638 [cwl-filter-expression]: http://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html#matching-terms-events 639 [acm-import-cert]: http://docs.aws.amazon.com/acm/latest/APIReference/API_ImportCertificate.html