https://pulumi.com logo
#aws
Title
# aws
s

sparse-teacher-52109

12/31/2023, 12:21 PM
Hey, when using AWSX trying to run
pulumi up
on ecs task definition (fargate) and service (FargateService) with environment variables, it always tries to update all the ECS services and not just the service that was modified. This causes immense problems for me. Putting ignoreChanges on the containerDefinitions.environment doesn't change a thing. For reference, here is the task definition:
Copy code
export const auditing_TDX = new awsx.ecs.FargateTaskDefinition("auditing-TD", {
    taskRole: {roleArn: iam_roles.us_east_1_ECS_ECSTaskRole.arn},
    executionRole: {roleArn: iam_roles.us_east_1_ECS_ECSExecutionRole.arn},
    family: `${config.env_name}-auditing-TD`,
    container: {
        name: "auditing",
        image: `270046177949.dkr.ecr.us-east-1.amazonaws.com/${config.ecsImagesVersions.get("Auditing_Service")}`,
        cpu: 1024,
        memory: 2048,
        memoryReservation: 400,
        essential: true,
        portMappings: [
            {
                containerPort: 8011,
                hostPort: 8011,
                protocol: "tcp"
            }
        ],
        environment: pulumi.all([websites.siteUrlCdn, config.env_name, config.SECURITY_JWTPUBLICKEY, config.rdsPassword, rdsserverless.endpoint, config.rdsUsername, app_integration.SyncPermissionsQueue.name]).apply(([frontend_url, env_name, jwt_public_key, rdsPassword, rdsEndpoint, rdsUsername, syncPermissionsQueue]) => [
            { "name": "SPRING_APPLICATION_LOGAPPENDER", "value": "ASYNCJSON" },
            { "name": "SECURITY_JWTPUBLICKEY", "value": jwt_public_key },
            { "name": "SECURITY_CORSALLOWEDORIGINPATTERNS", "value": frontend_url },
            { "name": "SPRING_DATASOURCE_PASSWORD", "value": rdsPassword },
            { "name": "SPRING_DATASOURCE_URL", "value": `jdbc:mysql://${rdsEndpoint}:3306/AuditingService?useSSL=false&createDatabaseIfNotExist=true` },
            { "name": "LOG4J_FORMAT_MSG_NO_LOOKUPS", "value": "true" },
            { "name": "SYNCPERMISSIONS_ENABLED", "value": "false" },
            { "name": "SPRING_DATASOURCE_USERNAME", "value": rdsUsername },
            { "name": "JAVA_OPTS", "value": "" },
            { "name": "SPRING_DATASOURCE_DRIVERCLASSNAME", "value": "org.mariadb.jdbc.Driver" },
            { "name": "AUDITING_DAYSTOEXPIRE", "value": "365" },
            { "name": "SYNCPERMISSIONS_QUEUENAME", "value": syncPermissionsQueue }
        ]),
        logConfiguration: {
            logDriver: "awslogs",
            options: {
                
                "awslogs-group": `/${config.env_name}/auditing`,
                "awslogs-region": "us-east-1",
                "awslogs-stream-prefix": "auditing"
            }
        }
    },
}, {ignoreChanges: ["container.environment"]});
For making my question clearer - I want to cause just the image version to change, preserving all the environment variables that existed when creating the task definition (the JWT, rds password, etc must not change)