Allow bulk deletion of ECS Task Definitions

[gregharvey]

Summary

When developers are done with an ECS service that presents a feature branch of the app they are working on, I would like to be able to remove all aspects of that feature branch automatically. At the moment I can do almost everything except for the ECS Task Definitions. It seems it is currently not possible to retrieve a list of revisions of a Task Definition with the Ansible module, nor is it possible to delete them (we can only deregister).

Issue Type

Feature Idea

Component Name

ecs_taskdefinition_info
ecs_taskdefinition

Additional Information

It looks like support for deletion of Task Definitions is pretty new, see:

• https://aws.amazon.com/blogs/containers/announcing-amazon-ecs-task-definition-deletion

In order to do this we need two things.

ecs_taskdefinition_info

We need the info module to be able to return all revisions of a Task Definition, not just the latest one. This is possible with the CLI, like so:

aws ecs list-task-definitions --family-prefix my-test-feature
{
    "taskDefinitionArns": [
        "arn:aws:ecs:eu-west-2:XXXXXXXXXXXX:task-definition/my-test-feature:1",
        "arn:aws:ecs:eu-west-2:XXXXXXXXXXXX:task-definition/my-test-feature:2",
        "arn:aws:ecs:eu-west-2:XXXXXXXXXXXX:task-definition/my-test-feature:3"
    ]
}

So it would be nice if you could ask the ecs_taskdefinition_info module for all the revisions by passing family, e.g.

- name: Get task definition details.
  community.aws.ecs_taskdefinition_info:
    region: eu-west-2
    profile: my-account
    family: my-test-feature
  register: _task_definition_info

And if the response contained a list of ARNs of all the Task Definitions in that family, like this:

{
    "msg": {
        "changed": false,


        "task_definition_arns": [
            "arn:aws:ecs:eu-west-2:XXXXXXXXXXXX:task-definition/my-test-feature:1",
            "arn:aws:ecs:eu-west-2:XXXXXXXXXXXX:task-definition/my-test-feature:2",
            "arn:aws:ecs:eu-west-2:XXXXXXXXXXXX:task-definition/my-test-feature:3"
        ],


    }
}

ecs_taskdefinition

Then on the manipulation side we need more than the current two status options. We currently have present and absent, but absent really means deregistered, not deleted. I would suggest adding a deleted status so we don't change any existing behaviour. If deleted were an option that called the necessary API method, e.g.

aws ecs delete-task-definitions --task-definitions arn:aws:ecs:eu-west-2:XXXXXXXXXXXX:task-definition/my-test-feature:3

Then it would be possible to achieve deleting all the revisions of a whole Task Definition doing something like this:

# This requires a new 'family' option that returns all task definitions
- name: Get task definition details.
  community.aws.ecs_taskdefinition_info:
    region: eu-west-2
    profile: my-account
    family: my-test-feature
  register: _task_definition_info

# This would already work if we can build a list of ARNs of task definitions, but we can't easily
- name: Deregister task definitions.
  community.aws.ecs_taskdefinition:
    region: eu-west-2
    profile: my-account
    arn: "{{ item }}"
    containers: []
    state: absent
  with_items: "{{ _task_definition_info.task_definition_arns }}"

# This does not exist yet, but can be implemented since the feature release in February 2023
- name: Delete task definitions.
  community.aws.ecs_taskdefinition:
    region: eu-west-2
    profile: my-account
    arn: "{{ item }}"
    containers: []
    state: deleted
  with_items: "{{ _task_definition_info.task_definition_arns }}"

Code of Conduct

• I agree to follow the Ansible Code of Conduct

[gregharvey]

If anyone is interested in a workaround, this is how I implemented this feature using the AWS CLI:

• https://github.com/codeenigma/ce-deploy/blob/devel/roles/deploy_container/tasks/action-destroy.yml#L121-L185