Amazon Elastic Container Service (ECS) is a fully-managed container orchestration service that makes it easy to run, stop, and manage Docker containers on a cluster.
In ECS, task definitions describe the container and task configuration for tasks that are run on the ECS service.
Over time, the number of inactive task definitions in the ECS service can accumulate and can clutter up the AWS Console user interface.
Fortunately, there is an easy way to clean up these inactive task definitions in all AWS regions using a simple Python script and the boto3 library.
In this tutorial, we will walk through the steps to clean up inactive task definitions in the ECS service in all AWS regions.
Table of Contents
How to delete inactive task definitions in the ECS service in all AWS Regions
Before you can start, you’re required to have done the following prerequisites before you can run the Python script on your AWS account.
- Install the AWS CLI and configure an AWS profile
- Setting up the Python Environment
If you’ve already done this, you can proceed to step 3.
1. Install AWS CLI and configure an AWS profile
The AWS CLI is a command line tool that allows you to interact with AWS services in your terminal.
Depending on if you’re running Linux, macOS, or Windows the installation goes like this:
# macOS install method:
brew install awscli
# Windows install method:
wget https://awscli.amazonaws.com/AWSCLIV2.msi
msiexec.exe /i https://awscli.amazonaws.com/AWSCLIV2.msi
# Linux (Ubuntu) install method:
sudo apt install awscli
In order to access your AWS account with the AWS CLI, you first need to configure an AWS Profile. There are 2 ways of configuring a profile:
- Access and secret key credentials from an IAM user
- AWS Single Sign-on (SSO) user
In this article, I’ll briefly explain how to configure the first method so that you can proceed with running the python script on your AWS account.
If you wish to set up the AWS profile more securely, then I’d suggest you read and apply the steps described in setting up AWS CLI with AWS Single Sign-On (SSO).
In order to configure the AWS CLI with your IAM user’s access and secret key credentials, you need to login to the AWS Console.
Go to IAM > Users, select your IAM user, and click on the Security credentials tab to create an access and secret key.
Then configure the AWS profile on the AWS CLI as follows:
➜ aws configure
AWS Access Key ID [None]: <insert_access_key>
AWS Secret Access Key [None]: <insert_secret_key>
Default region name [None]: <insert_aws_region>
Default output format [json]: json
Your was credentials are stored in ~/.aws/credentials and you can validate that your AWS profile is working by running the command:
➜ aws sts get-caller-identity
{
"UserId": "AIDA5BRFSNF24CDMD7FNY",
"Account": "012345678901",
"Arn": "arn:aws:iam::012345678901:user/test-user"
}
2. Setting up the Python Environment
To be able to run the Python boto3
script, you will need to have Python installed on your machine.
Depending on if you’re running Linux, macOS, or Windows the installation goes like this:
# macOS install method:
brew install python
# Windows install method:
wget https://www.python.org/ftp/python/3.11.2/python-3.11.2-amd64.exe
msiexec.exe /i https://www.python.org/ftp/python/3.11.2/python-3.11.2-amd64.exe
curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
python get-pip.py
# Linux (Ubuntu) install method:
sudo apt install python3 python3-pip
Once you have installed Python, you will need to install the Boto3 library.
You can install Boto3 using pip, the Python package manager, by running the following command in your terminal:
pip install boto3
3. Create the Python Script to delete inactive task definitions in the ECS service in all AWS Regions
Once you have our environment set up, you can create the Python script.
Copy the following code into a new file on the desired location and name it: delete_all_inactive_task_definitions.py
.
# https://github.com/dannysteenman/aws-toolbox
#
# License: MIT
#
# This script deletes all inactive task definitions in the ECS service in all AWS Regions.
import boto3
def get_inactive_task_definition_arns(region):
client = boto3.client("ecs", region_name=region)
response = client.list_task_definitions(status="INACTIVE")
return response.get("taskDefinitionArns", [])
def delete_task_definition(region, arn):
client = boto3.client("ecs", region_name=region)
client.delete_task_definitions(taskDefinitions=[arn])
def delete_inactive_task_definitions_in_all_regions():
ecs_regions = boto3.session.Session().get_available_regions("ecs")
for region in ecs_regions:
try:
arns = get_inactive_task_definition_arns(region)
if not arns:
print(f"No inactive task definitions found in region {region}")
else:
for arn in arns:
print(f"Deleting inactive task definition with ARN: {arn}")
delete_task_definition(region, arn)
except Exception:
print(f"No access to region: {region}")
continue
if __name__ == "__main__":
delete_inactive_task_definitions_in_all_regions()
The script first gets a list of all available regions in the AWS account using the get_available_regions()
method of the boto3.session.Session()
object.
It then iterates through each region and checks for inactive task definitions using the list_task_definitions()
method with a status of “INACTIVE”.
If inactive task definitions are found in the region, it loops through each ARN and deletes them using the delete_task_definitions()
method.
Overall, this script can help to maintain the cleanliness and efficiency of an ECS environment by removing unnecessary inactive task definitions.
4. Run the python script on your AWS account
To run the script, simply execute the following command in your terminal or command prompt:
python delete_all_inactive_task_definitions.py
The script will start running, and you should see output similar to the following:
✗ python ecs/delete_all_inactive_task_definitions.py
No access to region: af-south-1
No access to region: ap-east-1
No inactive task definitions found in region ap-northeast-1
No inactive task definitions found in region ap-northeast-2
No inactive task definitions found in region ap-northeast-3
No inactive task definitions found in region ap-south-1
No access to region: ap-south-2
No inactive task definitions found in region ap-southeast-1
No inactive task definitions found in region ap-southeast-2
No access to region: ap-southeast-3
No access to region: ap-southeast-4
No inactive task definitions found in region ca-central-1
Deleting inactive task definition with ARN: arn:aws:ecs:eu-central-1:123456789012:task-definition/nginx:1
Deleting inactive task definition with ARN: arn:aws:ecs:eu-central-1:123456789012:task-definition/test:1
No access to region: eu-central-2
No inactive task definitions found in region eu-north-1
No access to region: eu-south-1
No access to region: eu-south-2
No inactive task definitions found in region eu-west-1
No inactive task definitions found in region eu-west-2
No inactive task definitions found in region eu-west-3
No access to region: me-central-1
No access to region: me-south-1
No inactive task definitions found in region sa-east-1
No inactive task definitions found in region us-east-1
No inactive task definitions found in region us-east-2
No inactive task definitions found in region us-west-1
No inactive task definitions found in region us-west-2
As you can see in the output, the script will automatically detect all AWS regions where ECS is available and delete all inactive task definitions in each region.
Conclusion
Cleaning up inactive task definitions in the ECS service is an important task that can help in keeping your AWS account organized and optimized.
In this blog post, we’ve gone through the steps on how to set up and run a Python script using Boto3 to delete inactive task definitions in all AWS regions.
By following the steps outlined in this guide, you can automate the cleanup process and therefore save time.