containers-roadmap
containers-roadmap copied to clipboard
aws
[ECS] [request]: Delete task definitions
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Tell us about your request Currently it is possible to deregister a task definition, after which its status becomes INACTIVE. However the task definition is still discoverable indefinitely. Old task definitions (in our case they are many years old) may contain sensitive information (added before the time SSM and Secrets Manager were available).
Which service(s) is this request for? ECS
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard? We wish to permanently delete old task definitions that may contain sensitive information.
Are you currently working around this issue? Impossible.
We moved a lot of sensitive data from plain text environment variables to SSM Parameter Store. But in old revisions the variables still available to read in plaintext even if the revision was deactivated. Our development team has access to ECS Task Definitions but do not have access to SSM Parameter Store and to KMS keys. So, the issue has potential security risks for us.
Please consider this feature request. It would be more than valuable to have this feature.
WORKAROUND - deregister all versions of a task definition and it will disappear from the console
@dadvir that is correct, but be please aware that if you register the task with the same task definition name (family), it will recreate the task - and bump the revision up one from the previous one that existed, and not start at Task Definition Name:1
As @vitaliy-kravchenko mentioned it's problematic that configuration in task definitions is in plaintext and it's completely impossible to delete from the account.
@dadvir @maishsk, deregistering has some benefits, but the task definitions simply move to the "INACTIVE" status and tab in the console. None of the information is deleted.
Please add functionality for deleting task definitions for good.
Even if I delete the CloudFormation stack, the TaskDefinitions remain though are inactive. I want to get rid of them. Thus, 👍
Not only do they expose sensitive information, but inactive/undeleted tasks clutter the AWS resource count. It can make it hard to use Tag editor. That blue line is only because of task definitions.
.
Please update this. This ticket is nearly two years old and should have been something towards the top of the backlog as it leave security vulnerabilities.
just wanted to delete inaction task definitions, please resolve this + 1
task definition deletion is mandatory. Hard to believe it is so hard to get this implemented. +100
I have created many tasks for practicing purposes now I can't remove them and its looking junks, PLEASE ADD DELETE OPTION
I work with some of the people at AWS, they have said they will never be implementing this feature because it doesn't make them any money!
With an attitude like that, while it won't make them any money to implement it, they will start to loose money as people migrate to other providers that will listen to their customers.
I know it's frustrating when issues are not being engaged but rest assured we read them all (and all their comments). We tend to post when there is value to add and not just "thanks for your patient, we are considering it".
So first off, thanks for your patient, we are considering it (but there isn't any material additional information we can provide at the moment). Perhaps the issue itself requires a bit more context because it's easy to think that it could be resolved by adding a delete button. ECS is a very sophisticated multi-tenant control plane and deleting a task definition entirely has a number of ramifications that are not immediately evident from a consumption perspective. I am not saying it's impossible to implement this workflow but it's more complex than just adding a api verb or ui element to the interface. We totally understand the need for this feature and @emmanuelnk has a great example mid-thread re why that is (thanks). I am not suggesting you stop posting that you need this feature but please rest assured that, if we do not respond, we are not ignoring the issue (or any other issue for that matter).
.. been using Task Definitions wrong for years .. but have learned that it's "only" possible to have 1 million Task Definition versions under each family-prefix .. Have also learned that these counts as resources and will half a million of them will increase the cost of running Config by about $1100 a month ..
so, I got that going for me.
I'd like to be able to delete task definitions, though .. I'd really like that.
I made a task definition to test things out. Now I'm stuck with it, AS WELL
Adding another comment on why this is important: I'm currently building a system that involves running a large number of heterogenous temporary tasks on heterogenous temporary containers (starting at "dozens per day" and possibly going up dramatically in the future.) I'd like to use ECS because it seems like the system intended for this. But it turns out it's just not suited; every time we spawn a new temporary task, it will impose an eternal monthly cost on it by leaving a task definition hanging around that we can't ever remove.
In our case, this isn't "please implement this, we have tasks we want to get rid of". This is "this missing feature made ECS useless for us, so we either need to do this by hand via EC2 or move to Azure", and we're currently trying to figure out the best approach.
