* add ecs provider * add ecs docs * fix test after rebase * add provider icon * add missing addProvider call * Fix for review * Fix documentation * Fix for review * Fix documentation * fix ctx usage * autoDiscoverClusters setDefaults false * Fix for review * review: doc. * Fix for review: add ctx in backoff retry * review: linter. Co-authored-by: Michael <michael.matur@gmail.com> Co-authored-by: romain <romain@containo.us> Co-authored-by: Fernandez Ludovic <ludovic@containo.us>
4 KiB
Traefik & AWS ECS
A Story of Labels & Elastic Containers {: .subtitle }
Attach labels to your ECS containers and let Traefik do the rest!
Configuration Examples
??? example "Configuring ECS provider"
Enabling the ECS provider:
```toml tab="File (TOML)"
[providers.ecs]
clusters = ["default"]
```
```yaml tab="File (YAML)"
providers:
ecs:
clusters:
- default
```
```bash tab="CLI"
--providers.ecs.clusters=default
```
Policy
Traefik needs the following policy to read ECS information:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "TraefikECSReadAccess",
"Effect": "Allow",
"Action": [
"ecs:ListClusters",
"ecs:DescribeClusters",
"ecs:ListTasks",
"ecs:DescribeTasks",
"ecs:DescribeContainerInstances",
"ecs:DescribeTaskDefinition",
"ec2:DescribeInstances"
],
"Resource": [
"*"
]
}
]
}
Provider configuration
autoDiscoverClusters
Optional, Default=false
[providers.ecs]
autoDiscoverClusters = true
# ...
providers:
ecs:
autoDiscoverClusters: true
# ...
--providers.ecs.autoDiscoverClusters=true
# ...
Search for services in all clusters. If set to true the configured clusters will be ignored and the clusters will be discovered. If set to false the services will be discovered only in configured clusters.
exposedByDefault
Optional, Default=true
[providers.ecs]
exposedByDefault = false
# ...
providers:
ecs:
exposedByDefault: false
# ...
--providers.ecs.exposedByDefault=false
# ...
Expose ECS services by default in Traefik.
If set to false, services that don't have a traefik.enable=true
label will be ignored from the resulting routing configuration.
defaultRule
Optional, Default=Host(`{{ normalize .Name }}`)
[providers.ecs]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
providers:
ecs:
defaultRule: "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
--providers.ecs.defaultRule=Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)
# ...
For a given container if no routing rule was defined by a label, it is defined by this defaultRule instead.
It must be a valid Go template,
augmented with the sprig template functions.
The service name can be accessed as the Name
identifier,
and the template has access to all the labels defined on this container.
refreshSeconds
Optional, Default=15
[providers.ecs]
refreshSeconds = 15
# ...
providers:
ecs:
refreshSeconds: 15
# ...
--providers.ecs.refreshSeconds=15
# ...
Polling interval (in seconds).
Credentials
Optional
[providers.ecs]
region = "us-east-1"
accessKeyID = "abc"
secretAccessKey = "123"
providers:
ecs:
region: us-east-1
accessKeyID: "abc"
secretAccessKey: "123"
# ...
--providers.ecs.region="us-east-1"
--providers.ecs.accessKeyID="abc"
--providers.ecs.secretAccessKey="123"
# ...
If accessKeyID
/ secretAccessKey
is not provided credentials will be resolved in the following order:
- From environment variables
AWS_ACCESS_KEY_ID
,AWS_SECRET_ACCESS_KEY
, andAWS_SESSION_TOKEN
. - Shared credentials, determined by
AWS_PROFILE
andAWS_SHARED_CREDENTIALS_FILE
, defaults to default and~/.aws/credentials
. - EC2 instance role or ECS task role