DEV Community

Optimizing AWS ECS: Deregistering and Deleting Unused Task Definition Revisions

Deregistering and Deleting Unused Task Definition Revisions via AWS CLI

Amazon Web Services (AWS) Elastic Container Service (ECS) offers a robust platform for containerized applications, allowing seamless deployment and scaling. While ECS maintains multiple revisions of task definitions to facilitate rollbacks, managing an excessive amount of unused revisions can become cumbersome over time. In this article, we’ll explore the process of deregistering and deleting unused task definition revisions efficiently using the AWS CLI, especially when dealing with a large number of revisions.

Understanding Task Definition States

Before diving into the deregistration and deletion process, let’s briefly review the different states a task definition revision can be in:

  1. ACTIVE : The task definition revision is currently in use by one or more ECS tasks or services.

  2. INACTIVE : The task definition revision has been deregistered and is no longer in use. It is marked for potential deletion.

  3. DELETE_IN_PROGRESS: Once you’ve initiated the deletion of a task definition, it moves from the INACTIVE state to DELETE_IN_PROGRESS. In this state, Amazon ECS regularly checks if any active tasks or deployments still reference the target task definition. Once it confirms there are none, the task definition is permanently deleted. During the DELETE_IN_PROGRESS state, you’re unable to run new tasks or create new services using that task definition. Importantly, you can initiate the deletion of a task definition at any time without affecting existing tasks and services.

Why Deregister and Delete?

Task definition revisions play a crucial role in versioning and maintaining the history of changes. However, as your application evolves, you may accumulate numerous revisions that are no longer in use. Clearing out these unused revisions not only declutters your ECS environment but also optimizes resource utilization.

Deregistering Task Definition Revisions

Before deleting unused revisions, it’s essential to deregister them. Deregistering makes a task definition revision inactive, marking it for potential deletion.

aws ecs --profile <your_aws_profile> deregister-task-definition --task-definition <your-task-definition-arn>
Enter fullscreen mode Exit fullscreen mode

Deleting Task Definition Revisions

Once you’ve deregistered the revisions, you can proceed with deletion. However, keep in mind that only inactive (deregistered) task definitions can be deleted

aws ecs --profile <your_aws_profile> delete-task-definitions --task-definition <your-task-definition-arn>
Enter fullscreen mode Exit fullscreen mode

Managing Large-Scale Cleanup

While AWS Console provides a graphical interface for managing ECS resources, manually deregistering and deleting task definition revisions becomes impractical when dealing with a high volume of revisions. The AWS CLI proves to be a more efficient solution, especially in scenarios where automation and scripting are crucial.

Scripting : Utilize scripting languages like Bash, Python, or PowerShell to automate the process of deregistering and deleting task definitions. Iterate through a list of inactive revisions and execute the necessary CLI commands or API calls.

Let’s write a simple bash script named deleteandderegistertaskdefs.sh to deregister and delete ECS task definitions using a specified substring/part of the string in the family name;

touch deleteandderegistertaskdefs.sh
chmod u+x deleteandderegistertaskdefs.sh
vi deleteandderegistertaskdefs.sh
Enter fullscreen mode Exit fullscreen mode
#!/bin/bash

# Check if the profile argument is provided
if [ -z "$1" ] || [ -z "$2" ]; then
  echo "Usage: $0 <aws_profile> <substring>"
  exit 1
fi

# AWS profile
AWS_PROFILE="$1"

# Replace with the substring you want to match in the family name
SUBSTRING="$2"

# Function to extract family and revision from a task definition ARN
extract_family_revision() {
  local task_definition_arn="$1"
  local family=$(echo "$task_definition_arn" | awk -F'/' '{print $NF}')
  local revision=$(echo "$family" | awk -F':' '{print $NF}')
  family=$(echo "$family" | awk -F':' '{$NF=""; print $0}' | sed 's/ $//')
  echo "$family:$revision"
}

# Deregister task definitions
deregister_task_definitions() {
  local status="$1"
  local query="taskDefinitionArns[?contains(@, '$SUBSTRING')]"
  local task_definition_arns=$(aws --profile "$AWS_PROFILE" ecs list-task-definitions --status "$status" --query "$query" --output json)

  # Loop through each task definition ARN and initiate their deregistration
  echo "Deregistration of $status Taskdefs has started"
  for task_definition_arn in $(echo "$task_definition_arns" | jq -r '.[]'); do
    family_revision=$(extract_family_revision "$task_definition_arn")

    # Deregister the specific revision of the task definition
    aws --profile "$AWS_PROFILE" ecs deregister-task-definition --task-definition "$family_revision"
  done
  echo "$status Deregistration has finished"
}

# Deregister active task definitions
deregister_task_definitions "ACTIVE"


# Get a list of inactive task definition ARNs matching the family name substring
task_definition_arns=$(aws --profile "$AWS_PROFILE" ecs list-task-definitions --status 'INACTIVE' --query "taskDefinitionArns[?contains(@, '$SUBSTRING')]" --output json)

# Loop through each task definition ARN and initiate their deletion
echo "Deletion has started"
for task_definition_arn in $(echo "$task_definition_arns" | jq -r '.[]'); do
  family_revision=$(extract_family_revision "$task_definition_arn")

  # Deleting the specific revision of the task definition
  aws --profile "$AWS_PROFILE" ecs delete-task-definitions --task-definition "$family_revision"
done
echo "Deletion has finished"
Enter fullscreen mode Exit fullscreen mode

In summary, the script performs the following steps:

  • Checks for command-line arguments.

  • Sets AWS profile and substring.

  • Defines a function to extract family and revision.

  • Defines a function to deregister task definitions based on status.

  • Deregisters active task definitions.

  • Gets a list of inactive task definition ARNs.

Now, you can run the script by providing the AWS profile and substring as command line arguments:

./deleteandderegistertaskdefs.sh profile1 testtaskdef
Enter fullscreen mode Exit fullscreen mode

In this command:

  • profile1 is the AWS profile argument.

  • testtaskdef is the substring or part of the string used to filter ECS task definitions.

If you are executing this script within an EC2 instance or application that utilizes an IAM role, it is necessary to modify the code by excluding the profile argument entirely. Run the script as follows:

./deregistertaskdefs.sh testtaskdef
Enter fullscreen mode Exit fullscreen mode




Conclusion

Efficient management of ECS resources, including task definition revisions, is essential for maintaining a streamlined and cost-effective containerized environment. Leveraging the AWS CLI for deregistering and deleting task definition revisions ensures a systematic and automated approach, particularly when dealing with a large number of unused revisions. By incorporating these practices into your ECS maintenance routine, you can optimize resource utilization and keep your containerized applications running smoothly.

Top comments (3)

Collapse
 
preichl profile image
Petr Reichl

Great article, just what I was looking for. I created a tool that, among other things, cleans up unused task definitions. See github.com/meap/runecs?tab=readme-...

Now, I'm looking for inspiration on improving everything and, ideally, have an automated solution that can be easily deployed to workloads.

Collapse
 
trojan20 profile image
Rayyan C

Amazing, great article

Collapse
 
awsfanboy profile image
Arshad Zackeriya πŸ‡³πŸ‡Ώ ☁️

good one