Configuration with already created security group

metadata:
  appname: "helloworld"
security_group_id: "sg-xxxxxxx"
role:
  managed_policies: []
  statements:
    - sid: "ssmactions"
      resources: ["*"]
      actions: ["ssmmessages:CreateControlChannel", "ssmmessages:CreateDataChannel", "ssmmessages:OpenControlChannel", "ssmmessages:OpenDataChannel", "secretsmanager:*"]
      effect: "Allow"
execution_role:
  managed_policies: ["service-role/AmazonECSTaskExecutionRolePolicy", "AmazonEC2ContainerRegistryReadOnly"]
  statements:
    - sid: "secretmanageractions"
      resources: ["*"]
      actions: ["secretsmanager:GetSecretValue"]
      effect: "Allow"
    - sid: "s3actions"
      resources: ["*"]
      actions: ["s3:*"]
      effect: "Allow"
task_definition:
  resources:
    limits:
      cpu: 2
      memory: 4096
  containers:
    - name: helloworld
      image: docker.io/library/debian
      user: root
      tty: true
      command: "/bin/bash"
      resources:
        limits:
          cpu: 1
          memory: 2048
      volumes:
        - "./easyecs:/root/easyecs"
        - "./ecs.yml:/root/ecs.yml"
      port_forward:
        - "8000:8000"
      env: []
      secrets: []

Let's break down the provided YAML file, field by field:

1. metadata:

   • appname: It describes the name of the application. In this case, it's set to "helloworld".

2. role:

   • managed_policies: This is an array that is meant to contain the names of the AWS managed policies that should be attached to this role. Right now, it's empty.
   • statements: A list of policies.
     • sid: A unique identifier for the policy statement.
     • resources: A list indicating to which AWS resources the statement applies. The "*" means it applies to all resources.
     • actions: A list of AWS actions that are allowed by this statement.
     • effect: Specifies whether the action is allowed or denied. In this case, it's "Allow".

3. execution_role:

   • managed_policies: This contains AWS managed policies to attach to the execution role. It includes two managed policies related to Amazon ECS task execution and Amazon EC2 container registry.
   • statements: Contains custom policy statements.
     • (Details for sid, resources, actions, and effect are similar to what's defined under role.)

4. task_definition:

   • resources:
     • limits: Specifies the limits for the resources.
       • cpu: The maximum amount of CPU units the task is allowed to use.
       • memory: The maximum amount of memory (in MB) the task is allowed to use.
   • containers: A list of container definitions.
     • name: The name of the container.
     • image: The Docker image for the container.
     • tty: If set to true, it allocates a pseudo-TTY. This can be useful for debugging.
     • command: The command to run inside the container. Here, it simply sleeps indefinitely.
     • resources:
       • limits: Contains CPU and memory limits for this specific container.
     • volumes: A list of volumes to synchronize from host to the container.
     • port_forward: Describes which ports on the host should be forwarded to which ports on the container.
     • env: List of environment variables for the container. Currently empty.
     • secrets: List of secrets to be made available to the container. Currently empty.