Amazon Elastic Container Services (Amazon ECS) has introduced new functionality that enables users to permanently delete task definition revisions that are no longer needed or contain undesirable configurations. In this post, we'll explore how to use this new functionality and how it can help simplify resource management and improve security posture.
A task definition serves as a blueprint for running tasks and services on Amazon ECS. Customers can update task definitions to create new revisions and deregister old revisions that are no longer needed. Deregistered task definition revisions are marked INACTIVE by Amazon ECS and cannot be used for creating new services or running standalone tasks. Until now, users could only deregister task definition revisions, which removed them from the ListTaskDefinition API calls or Amazon ECS, except for inactive ones. The accumulation of inactive resources over time and the management of sensitive information were the two main challenges highlighted by users.
Starting today, Amazon ECS allows users to delete task definition revisions permanently using the DeleteTaskDefinition API. The feature is available through the AWS Command Line Interface (CLI), AWS Cloud Development Kit (CDK), and AWS SDKs that users are familiar with. The following steps explain how to use this feature:
- Use the DeregisterTaskDefinition API call to deregister task definitions that you no longer want to use to launch new tasks or services.
- Use the ListTaskDefinitions API call to list all the task definitions that have a state of INACTIVE. Use the following command in the AWS CLI to list all INACTIVE task definitions:
aws ecs list-task-definitions --status INACTIVE --no-cli-pager
- Use the** DeleteTaskDefinition API** to delete your task revisions and inactive revisions. You can delete a single task definition revision using the following AWS CLI command:
aws ecs delete-task-definition --task-definition <task name:revision>
- If you need to delete multiple task definition revisions, you can use a script to batch these operations. The following script can be used to manage these operations at scale:
#!/bin/bash -ex TASKNAME=<task name> START=1 # the first number of the task revision to loop through END=1000 # The last number to stop the delete loop at for (( x=$START; x<=$END; x++ )) do aws ecs delete-task-definition --task-definition $TASKNAME:$x --no-cli-pager sleep 5 echo "The task $TASKNAME and revision $x has been deleted" done
- Once a task definition revision has been deleted, it transitions from the INACTIVE state to DELETE_IN_PROGRESS. Use the DescribeTaskDefinition API or the following AWS CLI command to check the status:
aws ecs describe-task-definition --task-definition <task name:revision>
- To combine both the deregister and delete operations into a single script, use the following script:
#!/bin/bash -ex TASKNAME=<task name> START=1 # the first number of the task revision to loop through END=1000 # The last number to stop the delete loop at # This function will deregister the task definition for (( x=$START; x<=$END; x++ )) do aws ecs deregister-task-definition --task-definition $TASKNAME:$x --no-cli-pager sleep 5 echo "The task $TASKNAME and revision $x has been deregistered" done # This function will delete the task definition for (( y=$START; y<=$END; y++ )) do aws ecs delete-task-definition --task-definition $TASKNAME:$y --no-cli-pager sleep 5 echo "The task $TASKNAME and revision $y has been deleted" done
With this new functionality in Amazon ECS, customers can permanently delete task definition revisions that are no longer needed, making it easier to manage resources and improve security. You can use the new DeleteTaskDefinition API to delete your tasks revisions and delete INACTIVE revisions as well. You can do this using the AWS Command Line Interface (AWS CLI), AWS Cloud Development Kit (AWS CDK), and the AWS SDK’s that you are familiar with.