meta: note that Nushell requires ( .. ) around multi-line commands, and it doesn't support trailing slashes for line continuation
# Get clean task definition template (remove AWS-managed fields)
(aws ecs describe-task-definition --task-definition your-task-definition
| from json
| get taskDefinition
| reject taskDefinitionArn revision status registeredAt registeredBy compatibilities requiresAttributes
| to json)
# Register new revision and update service
(let new_def = (aws ecs describe-task-definition --task-definition your-task-definition
| from json
| get taskDefinition
| reject taskDefinitionArn revision status registeredAt registeredBy compatibilities requiresAttributes
| to json);
let new_revision = (echo $new_def
| aws ecs register-task-definition --cli-input-json -
| from json
| get taskDefinition.taskDefinitionArn);
aws ecs update-service --cluster your-cluster --service your-service --task-definition $new_revision)# Monitor deployment progress
(aws ecs describe-services
--cluster your-cluster
--services your-service
| from json
| get services.0.deployments
| where status == "PRIMARY"
| select rolloutState runningCount desiredCount failedTasks)
# Check recent service events
(aws ecs describe-services
--cluster your-cluster
--services your-service
| from json
| get services.0.events
| first 5)
# Watch new task startup
(aws ecs describe-tasks
--cluster your-cluster
--tasks (aws ecs list-tasks --cluster your-cluster --service your-service | from json | get taskArns.0)
| from json
| get tasks.0.lastStatus)# Get task ID
(aws ecs list-tasks
--cluster your-cluster
--service your-service
| from json
| get taskArns.0
| split row "/"
| last)
# Get shell access
(aws ecs execute-command
--cluster your-cluster
--task your-task-id
--container your-container
--command "/bin/bash"
--interactive)# Get IPs of running tasks
(aws ecs list-tasks
--cluster your-cluster
--service your-service
| from json
| get taskArns
| each {|task|
aws ecs describe-tasks --cluster your-cluster --tasks $task
| from json
| get tasks.0.attachments.0.details
| where name == "privateIPv4Address"
| get value.0
})# List load balancers
(aws elbv2 describe-load-balancers
| from json
| get LoadBalancers)
# View listener configuration
(aws elbv2 describe-listeners
--load-balancer-arn your-lb-arn
| from json
| get Listeners
| select Port Protocol DefaultActions)
# Check target groups
(aws elbv2 describe-target-groups
| from json
| get TargetGroups
| select TargetGroupName Protocol Port TargetType)
# View health check settings
(aws elbv2 describe-target-groups
--target-group-arn your-target-group-arn
| from json
| get TargetGroups.0
| select HealthCheckProtocol HealthCheckPort HealthCheckPath HealthCheckIntervalSeconds)# Check current load balancer configuration
(aws ecs describe-services
--cluster your-cluster
--services your-service
| from json
| get services.0.loadBalancers)
# Connect to load balancer
(aws ecs update-service
--cluster your-cluster
--service your-service
--load-balancers (
[
{
targetGroupArn: "your-target-group-arn",
containerName: "your-container-name",
containerPort: 3000
}
] | to json
))
# Remove load balancer if needed
(aws ecs update-service
--cluster your-cluster
--service your-service
--task-definition your-task-definition
--load-balancers [])# Example environment configuration
{
"environment": [
{
"name": "CADDYFILE",
"value": "{\n admin off\n auto_https off\n}\n\n:3000 {\n bind 0.0.0.0\n reverse_proxy target:3000\n log {\n output stdout\n format console\n level INFO\n }\n}"
},
{
"name": "XS_START",
"value": "echo \"$CADDYFILE\" > ./Caddyfile && caddy run --config ./Caddyfile"
}
]
}# Switch traffic to new target group
(aws elbv2 modify-listener
--listener-arn your-listener-arn
--default-actions Type=forward,TargetGroupArn=new-target-group-arn)
# Revert traffic if needed
(aws elbv2 modify-listener
--listener-arn your-listener-arn
--default-actions Type=forward,TargetGroupArn=original-target-group-arn)# TCP Health Checks (port connection only)
{
"HealthCheckProtocol": "TCP",
"HealthCheckPort": "traffic-port",
"HealthCheckEnabled": true,
"HealthCheckIntervalSeconds": 30
}
# HTTP Health Checks (with path)
{
"HealthCheckProtocol": "HTTP",
"HealthCheckPath": "/health",
"HealthCheckPort": 3000,
"HealthCheckIntervalSeconds": 30
}-
Task Definition Registration
- Remove AWS-managed fields (use reject command shown above)
- Verify JSON format
- Check required fields present
-
Health Checks
- TCP: Verify port accepting connections
- HTTP: Check path returns 200
- Security groups allow health check traffic
-
Network Connectivity
- Tasks need internet access for images
- Public IP or NAT gateway required
- Security group ingress/egress rules
-
Service Updates
- Check deployment events for errors
- Verify task definition compatibility
- Check service role permissions
-
Container Access
- Enable execute-command in task definition
- Task role needs SSM permissions
- AWS Session Manager plugin required locally
-
Load Balancer Setup
- Target group must be 'ip' type for Fargate
- Port configurations must match
- Security groups must allow traffic flow