AWS::ECS::Cluster - control AWSVPC Trunking

[trav-c]

1. Title

AWS::ECS::Cluster / AWS::ECS::AccountSettings / AWS::IAM::Role-ECSAccountSettings

2. Scope of request

It is possible to opt in or out of the AWSVPC Trunking feature supported on nitro based EC2 instances either at an AWS account level, or at an InstanceProfile / Role level for the role used by the ECS Cluster instances.

There appears to be no way to control this at a CloudFormation level however, ideally it would be possible to control whether a Cluster uses AWSVPC trunking either as an attribute of the InstanceProfile / Role used to launch the Cluster EC2 instances or possibly on the Cluster itself.

Users may want to opt specific clusters or cluster instances out of ECS AWSVPC Trunking to prevent the creation of additional ENIs which must be considered for security groups and other security compliance impacts.

3. Expected behaviour

Provide the ability to control the effective opt in/out of a cluster or the relevant EC2 InstanceProfile / IAM role via CloudFormation to the ECS AWSVPC Trunking feature.

6. Category (required) - Will help with tagging and be easier to find by other users to +1

Compute (EC2, ECS, EKS, Lambda...)

7. Any additional context (optional)

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/container-instance-eni.html https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-account-settings.html

[Daniel-ZA]

+1 to this feature

[Daniel-ZA]

Hi Team,

I can see that this has been shipped. Any details on where this property can be modified via CFN?