Amazon Web Services (AWS) Elastic Container Service (ECS) offers a robust platform for containerized applications, allowing seamless deployment and scaling. While ECS maintains multiple revisions of task definitions to facilitate rollbacks, managing an excessive amount of unused revisions can become cumbersome over time. In this article, weβll explore the process of deregistering and deleting unused task definition revisions efficiently using the AWS CLI, especially when dealing with a large number of revisions.
Understanding Task Definition States
Before diving into the deregistration and deletion process, letβs briefly review the different states a task definition revision can be in:
ACTIVE : The task definition revision is currently in use by one or more ECS tasks or services.
INACTIVE : The task definition revision has been deregistered and is no longer in use. It is marked for potential deletion.
DELETE_IN_PROGRESS: Once youβve initiated the deletion of a task definition, it moves from the INACTIVE state to DELETE_IN_PROGRESS. In this state, Amazon ECS regularly checks if any active tasks or deployments still reference the target task definition. Once it confirms there are none, the task definition is permanently deleted. During the DELETE_IN_PROGRESS state, youβre unable to run new tasks or create new services using that task definition. Importantly, you can initiate the deletion of a task definition at any time without affecting existing tasks and services.
Why Deregister and Delete?
Task definition revisions play a crucial role in versioning and maintaining the history of changes. However, as your application evolves, you may accumulate numerous revisions that are no longer in use. Clearing out these unused revisions not only declutters your ECS environment but also optimizes resource utilization.
Deregistering Task Definition Revisions
Before deleting unused revisions, itβs essential to deregister them. Deregistering makes a task definition revision inactive, marking it for potential deletion.
aws ecs --profile <your_aws_profile> deregister-task-definition --task-definition <your-task-definition-arn>
Deleting Task Definition Revisions
Once youβve deregistered the revisions, you can proceed with deletion. However, keep in mind that only inactive (deregistered) task definitions can be deleted
aws ecs --profile <your_aws_profile> delete-task-definitions --task-definition <your-task-definition-arn>
Managing Large-Scale Cleanup
While AWS Console provides a graphical interface for managing ECS resources, manually deregistering and deleting task definition revisions becomes impractical when dealing with a high volume of revisions. The AWS CLI proves to be a more efficient solution, especially in scenarios where automation and scripting are crucial.
Scripting : Utilize scripting languages like Bash, Python, or PowerShell to automate the process of deregistering and deleting task definitions. Iterate through a list of inactive revisions and execute the necessary CLI commands or API calls.
Letβs write a simple bash script named deleteandderegistertaskdefs.sh to deregister and delete ECS task definitions using a specified substring/part of the string in the family name;
touch deleteandderegistertaskdefs.sh
chmod u+x deleteandderegistertaskdefs.sh
vi deleteandderegistertaskdefs.sh
#!/bin/bash
# Check if the profile argument is provided
if [ -z "$1" ] || [ -z "$2" ]; then
echo "Usage: $0 <aws_profile> <substring>"
exit 1
fi
# AWS profile
AWS_PROFILE="$1"
# Replace with the substring you want to match in the family name
SUBSTRING="$2"
# Function to extract family and revision from a task definition ARN
extract_family_revision() {
local task_definition_arn="$1"
local family=$(echo "$task_definition_arn" | awk -F'/' '{print $NF}')
local revision=$(echo "$family" | awk -F':' '{print $NF}')
family=$(echo "$family" | awk -F':' '{$NF=""; print $0}' | sed 's/ $//')
echo "$family:$revision"
}
# Deregister task definitions
deregister_task_definitions() {
local status="$1"
local query="taskDefinitionArns[?contains(@, '$SUBSTRING')]"
local task_definition_arns=$(aws --profile "$AWS_PROFILE" ecs list-task-definitions --status "$status" --query "$query" --output json)
# Loop through each task definition ARN and initiate their deregistration
echo "Deregistration of $status Taskdefs has started"
for task_definition_arn in $(echo "$task_definition_arns" | jq -r '.[]'); do
family_revision=$(extract_family_revision "$task_definition_arn")
# Deregister the specific revision of the task definition
aws --profile "$AWS_PROFILE" ecs deregister-task-definition --task-definition "$family_revision"
done
echo "$status Deregistration has finished"
}
# Deregister active task definitions
deregister_task_definitions "ACTIVE"
# Get a list of inactive task definition ARNs matching the family name substring
task_definition_arns=$(aws --profile "$AWS_PROFILE" ecs list-task-definitions --status 'INACTIVE' --query "taskDefinitionArns[?contains(@, '$SUBSTRING')]" --output json)
# Loop through each task definition ARN and initiate their deletion
echo "Deletion has started"
for task_definition_arn in $(echo "$task_definition_arns" | jq -r '.[]'); do
family_revision=$(extract_family_revision "$task_definition_arn")
# Deleting the specific revision of the task definition
aws --profile "$AWS_PROFILE" ecs delete-task-definitions --task-definition "$family_revision"
done
echo "Deletion has finished"
In summary, the script performs the following steps:
Checks for command-line arguments.
Sets AWS profile and substring.
Defines a function to extract family and revision.
Defines a function to deregister task definitions based on status.
Deregisters active task definitions.
Gets a list of inactive task definition ARNs.
Now, you can run the script by providing the AWS profile and substring as command line arguments:
./deleteandderegistertaskdefs.sh profile1 testtaskdef
In this command:
profile1 is the AWS profile argument.
testtaskdef is the substring or part of the string used to filter ECS task definitions.
If you are executing this script within an EC2 instance or application that utilizes an IAM role, it is necessary to modify the code by excluding the profile argument entirely. Run the script as follows:
./deregistertaskdefs.sh testtaskdef
Conclusion
Efficient management of ECS resources, including task definition revisions, is essential for maintaining a streamlined and cost-effective containerized environment. Leveraging the AWS CLI for deregistering and deleting task definition revisions ensures a systematic and automated approach, particularly when dealing with a large number of unused revisions. By incorporating these practices into your ECS maintenance routine, you can optimize resource utilization and keep your containerized applications running smoothly.
Top comments (3)
Great article, just what I was looking for. I created a tool that, among other things, cleans up unused task definitions. See github.com/meap/runecs?tab=readme-...
Now, I'm looking for inspiration on improving everything and, ideally, have an automated solution that can be easily deployed to workloads.
Amazing, great article
good one