Cleanup AWS ECS Task Definitions #1
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Cleanup AWS ECS Task Definitions | |
on: | |
schedule: | |
- cron: '0 0 * * 0' # weekly -- Sunday at 00:00 UTC | |
workflow_dispatch: | |
inputs: | |
dry_run: | |
description: 'Perform a dry run without deregistering task definitions' | |
required: true | |
default: false | |
type: boolean | |
jobs: | |
cleanup-task-definitions: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v3 | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-access-key-id: ${{ secrets.VAEC_AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.VAEC_AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-gov-west-1 | |
role-to-assume: ${{ secrets.VAEC_DEPLOY_ROLE }} | |
role-skip-session-tagging: true | |
role-duration-seconds: 1800 | |
- name: Install AWS CLI (if not using the pre-installed version) | |
run: | | |
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" | |
unzip awscliv2.zip | |
sudo ./aws/install | |
aws --version | |
- name: Cleanup Old ECS Task Definitions | |
env: | |
AWS_REGION: ${{ secrets.AWS_REGION }} | |
DRY_RUN: ${{ github.event.inputs.dry_run || 'false' }} | |
run: | | |
#!/bin/bash | |
set -e | |
# Configuration | |
MAX_REV=10 | |
REGION=$AWS_REGION | |
DRY_RUN=$DRY_RUN | |
echo "Starting ECS Task Definitions cleanup in region: $REGION" | |
echo "Dry run mode: $DRY_RUN" | |
# Function to deregister task definitions or perform dry run | |
deregister_task_definition() { | |
local task_def=$1 | |
if [ "$DRY_RUN" = "true" ]; then | |
echo "[Dry Run] Would deregister task definition: $task_def" | |
else | |
echo "Deregistering task definition: $task_def" | |
aws ecs deregister-task-definition --task-definition "$task_def" --region "$REGION" | |
echo "Deregistered $task_def" | |
fi | |
} | |
# Function to list all task definitions with pagination | |
list_all_task_definitions() { | |
local family_filter=$1 | |
local next_token="" | |
local task_defs=() | |
while true; do | |
if [ -z "$family_filter" ]; then | |
response=$(aws ecs list-task-definitions \ | |
--region "$REGION" \ | |
--output json \ | |
--query 'taskDefinitionArns' \ | |
--max-items 1000) | |
else | |
response=$(aws ecs list-task-definitions \ | |
--region "$REGION" \ | |
--family-prefix "$family_filter" \ | |
--sort DESC \ | |
--output json \ | |
--query 'taskDefinitionArns' \ | |
--max-items 1000) | |
fi | |
# Extract task definitions | |
current_batch=$(echo "$response" | jq -r '.taskDefinitionArns[]') | |
task_defs+=($current_batch) | |
# Check for NextToken | |
next_token=$(echo "$response" | jq -r '.NextToken // empty') | |
if [ -z "$next_token" ]; then | |
break | |
fi | |
done | |
echo "${task_defs[@]}" | |
} | |
# Install jq for JSON parsing | |
sudo apt-get update && sudo apt-get install -y jq | |
# Retrieve all task definitions ARNs | |
echo "Fetching all ECS Task Definitions..." | |
TASK_DEFINITIONS=$(list_all_task_definitions) | |
declare -A TASK_FAMILY_MAP | |
# Organize task definitions by family, filtering only families with "api" in their name | |
for TD in $TASK_DEFINITIONS; do | |
FAMILY=$(echo $TD | awk -F':' '{print $7}' | awk -F'/' '{print $2}') | |
# Check if the family name contains "api" (case-insensitive) | |
if [[ "$FAMILY" =~ [Aa][Pp][Ii] ]]; then | |
TASK_FAMILY_MAP["$FAMILY"]+="$TD " | |
fi | |
done | |
# Iterate over each filtered family and deregister older revisions | |
for FAMILY in "${!TASK_FAMILY_MAP[@]}"; do | |
echo "Processing Task Family: $FAMILY" | |
# List all revisions for the family with pagination | |
REVISIONS=$(list_all_task_definitions "$FAMILY") | |
REV_COUNT=0 | |
for REV in $REVISIONS; do | |
REV_COUNT=$((REV_COUNT + 1)) | |
if [ "$REV_COUNT" -le "$MAX_REV" ]; then | |
echo "Keeping revision $REV_COUNT: $REV" | |
else | |
deregister_task_definition "$REV" | |
fi | |
done | |
done | |
echo "ECS Task Definitions cleanup completed successfully." |