ECS backend
Træfɪk can be configured to use Amazon ECS as a backend configuration:
################################################################
# ECS configuration backend
################################################################
# Enable ECS configuration backend
#
# Optional
#
[ecs]
# ECS Cluster Name
#
# Optional
# Default: "default"
#
Cluster = "default"
# Enable watch ECS changes
#
# Optional
# Default: true
#
Watch = true
# Polling interval (in seconds)
#
# Optional
# Default: 15
#
RefreshSeconds = 15
# Expose ECS services by default in traefik
#
# Optional
# Default: true
#
ExposedByDefault = false
# Region to use when connecting to AWS
#
# Optional
#
# Region = "us-east-1"
# AccessKeyID to use when connecting to AWS
#
# Optional
#
# AccessKeyID = "abc"
# SecretAccessKey to use when connecting to AWS
#
# Optional
#
# SecretAccessKey = "123"
Labels can be used on task containers to override default behaviour:
traefik.protocol=https
: override the defaulthttp
protocoltraefik.weight=10
: assign this weight to the containertraefik.enable=false
: disable this container in Træfɪktraefik.frontend.rule=Host:test.traefik.io
: override the default frontend rule (Default:Host:{containerName}.{domain}
).traefik.frontend.passHostHeader=true
: forward clientHost
header to the backend.traefik.frontend.priority=10
: override default frontend prioritytraefik.frontend.entryPoints=http,https
: assign this frontend to entry pointshttp
andhttps
. OverridesdefaultEntryPoints
.
IfAccessKeyID
/SecretAccessKey
is not given credentials will be resolved in the following order:From environment variables;
AWS_ACCESS_KEY_ID
,AWS_SECRET_ACCESS_KEY
, andAWS_SESSION_TOKEN
.- Shared credentials, determined by
AWS_PROFILE
andAWS_SHARED_CREDENTIALS_FILE
, defaults todefault
and~/.aws/credentials
. - EC2 instance role or ECS task role
Træfɪk needs the following policy to read ECS information:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Traefik ECS read access",
"Effect": "Allow",
"Action": [
"ecs:ListTasks",
"ecs:DescribeTasks",
"ecs:DescribeContainerInstances",
"ecs:DescribeTaskDefinition",
"ec2:DescribeInstances"
],
"Resource": [
"*"
]
}
]
}