[ECS] [request]: Delete task definitions

[lawrencepit]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Tell us about your request Currently it is possible to deregister a task definition, after which its status becomes INACTIVE. However the task definition is still discoverable indefinitely. Old task definitions (in our case they are many years old) may contain sensitive information (added before the time SSM and Secrets Manager were available).

Which service(s) is this request for? ECS

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard? We wish to permanently delete old task definitions that may contain sensitive information.

Are you currently working around this issue? Impossible.

[ghost]

We moved a lot of sensitive data from plain text environment variables to SSM Parameter Store. But in old revisions the variables still available to read in plaintext even if the revision was deactivated. Our development team has access to ECS Task Definitions but do not have access to SSM Parameter Store and to KMS keys. So, the issue has potential security risks for us.

[lucazin]

Im facing this issue right now..

[007vasy]

same here

[black13spell]

Frustrating!! Please consider it.

[carellen]

Six years should be enough to implement 'delete' function, am I wrong?

[simbrams]

Still waiting for this feature.

[colinbut]

Please consider this feature request. It would be more than valuable to have this feature.

[dadvir]

WORKAROUND - deregister all versions of a task definition and it will disappear from the console

[maishsk]

@dadvir that is correct, but be please aware that if you register the task with the same task definition name (family), it will recreate the task - and bump the revision up one from the previous one that existed, and not start at Task Definition Name:1

[brycesteinhoff]

As @vitaliy-kravchenko mentioned it's problematic that configuration in task definitions is in plaintext and it's completely impossible to delete from the account.

@dadvir @maishsk, deregistering has some benefits, but the task definitions simply move to the "INACTIVE" status and tab in the console. None of the information is deleted.

Please add functionality for deleting task definitions for good.

[andriyzhurba]

Even if I delete the CloudFormation stack, the TaskDefinitions remain though are inactive. I want to get rid of them. Thus, 👍

[emmanuelnk]

Not only do they expose sensitive information, but inactive/undeleted tasks clutter the AWS resource count. It can make it hard to use Tag editor. That blue line is only because of task definitions. .

[Syntactical01]

Please update this. This ticket is nearly two years old and should have been something towards the top of the backlog as it leave security vulnerabilities.

[sr-murthy]

Please resolve this 👍

[vasili111]

It is hard to believe that deleting of the task is not possible.

[juniorro]

Please resolve this +1

[ahmedsuleman]

Can you please update if there is a plan to fix this?

[zarr12steven]

just wanted to delete inaction task definitions, please resolve this + 1

[timowilson-fluke]

task definition deletion is mandatory. Hard to believe it is so hard to get this implemented. +100

[cgustave897]

Please set up config to delete task definitions.

[azrulaham2020]

PLEASE ADD THE DELETE THINGY.

[kshafin]

I have created many tasks for practicing purposes now I can't remove them and its looking junks, PLEASE ADD DELETE OPTION

[ughstudios]

I work with some of the people at AWS, they have said they will never be implementing this feature because it doesn't make them any money!

[timowilson-fluke]

With an attitude like that, while it won't make them any money to implement it, they will start to loose money as people migrate to other providers that will listen to their customers.

[rudral]

We need this delete button...

[mreferre]

I know it's frustrating when issues are not being engaged but rest assured we read them all (and all their comments). We tend to post when there is value to add and not just "thanks for your patient, we are considering it".

So first off, thanks for your patient, we are considering it (but there isn't any material additional information we can provide at the moment). Perhaps the issue itself requires a bit more context because it's easy to think that it could be resolved by adding a delete button. ECS is a very sophisticated multi-tenant control plane and deleting a task definition entirely has a number of ramifications that are not immediately evident from a consumption perspective. I am not saying it's impossible to implement this workflow but it's more complex than just adding a api verb or ui element to the interface. We totally understand the need for this feature and @emmanuelnk has a great example mid-thread re why that is (thanks). I am not suggesting you stop posting that you need this feature but please rest assured that, if we do not respond, we are not ignoring the issue (or any other issue for that matter).

[klang]

.. been using Task Definitions wrong for years .. but have learned that it's "only" possible to have 1 million Task Definition versions under each family-prefix .. Have also learned that these counts as resources and will half a million of them will increase the cost of running Config by about $1100 a month ..

so, I got that going for me.

I'd like to be able to delete task definitions, though .. I'd really like that.

[paulschreiber]

I made a task definition to test things out. Now I'm stuck with it.

[DroidUnknown]

I made a task definition to test things out. Now I'm stuck with it, AS WELL

[zorbathut]

Adding another comment on why this is important: I'm currently building a system that involves running a large number of heterogenous temporary tasks on heterogenous temporary containers (starting at "dozens per day" and possibly going up dramatically in the future.) I'd like to use ECS because it seems like the system intended for this. But it turns out it's just not suited; every time we spawn a new temporary task, it will impose an eternal monthly cost on it by leaving a task definition hanging around that we can't ever remove.

In our case, this isn't "please implement this, we have tasks we want to get rid of". This is "this missing feature made ECS useless for us, so we either need to do this by hand via EC2 or move to Azure", and we're currently trying to figure out the best approach.

[KrustyHack]

Ay,

I was testing AWS with my labs project and falling on this bug. This is hilarious, really... I'm know stuck with INACTIVE task definitions i can't delete. Fortunately it's a lab project, not a production one...

I'm coming from GCP and I'm a little disconcerted how AWS is built, especially its UI which is sometimes very strange, like with these task definitions.

A fix would be welcome.

[RealKanashii]

I upvote also to delete task definitions. The CI/CD make this a must, I will not use Fargate in our company projects paying resources that we don't use.

[rodrix]

Please, implement it!

[rodrix]

Hire me and I will implement for us. <.<

[klang]

@lawrencepit, hire @rodrix to implement this! :-)

This issue has been an issue for far too long now.

[speer-kinjo]

+1 .. sloppy experience

[m-chandler]

+1...

I have an ElasticContainerService Security notification in my Personal Health Dashboard in multiple accounts, with a bunch of old resources listed under Affected resources. The only trace of these I can find in the ECS dashboard is as Inactive Task Definitions. Tried to delete them for good... ended up here.

It's beside the point, but why is AWS nagging me about inactive resources in the first place?

p.s. hire @rodrix to fix!

[valentevidal]

Please make the option to delete inactive tasks definitions

[ahnaf-zamil]

I'm waiting for this to be implemented. I seriously need an option for deleting my unused tasks, because they clutter up even though I deregister them.

[turingbeing]

I see a lot of complaints here about this, and I do sympathise, but this is really easy to script, I wrote a 15 line script, that grabs the unique task prefixes, created a mapfile and enumerates the tasks and de-registers them. Have it setup in a pipeline as a recurring task, simple.

I don't think this is anyones top priority at the moment, so use the tools you've got

[m-chandler]

I see a lot of complaints here about this, and I do sympathise, but this is really easy to script, I wrote a 15 line script, that grabs the unique task prefixes, created a mapfile and enumerates the tasks and de-registers them. Have it setup in a pipeline as a recurring task, simple.

I don't think this is anyones top priority at the moment, so use the tools you've got

Thanks @turingbeing. Happy to be corrected but I'm almost certain you'll find this doesn't delete them; they're simply marked as inactive. They're still present in the console.

[turingbeing]

I see a lot of complaints here about this, and I do sympathise, but this is really easy to script, I wrote a 15 line script, that grabs the unique task prefixes, created a mapfile and enumerates the tasks and de-registers them. Have it setup in a pipeline as a recurring task, simple.

I don't think this is anyones top priority at the moment, so use the tools you've got

Thanks @turingbeing. Happy to be corrected but I'm almost certain you'll find this doesn't delete them; they're simply marked as inactive. They're still present in the console.

You're not wrong, I think they would only get deleted if you deleted the task itself, but it at least moves them out of the Active status tab

[Hyurt]

Question is - are inactive tasks still billed ?

On 12 Jan 2022, at 12:34, David Gilmore @.***> wrote:

I see a lot of complaints here about this, and I do sympathise, but this is really easy to script, I wrote a 15 line script, that grabs the unique task prefixes, created a mapfile and enumerates the tasks and de-registers them. Have it setup in a pipeline as a recurring task, simple.

I don't think this is anyones top priority at the moment, so use the tools you've got

Thanks @turingbeing https://github.com/turingbeing. Happy to be corrected but I'm almost certain you'll find this doesn't delete them; they're simply marked as inactive. They're still present in the console.

You're not wrong, I think they would only get deleted if you deleted the task itself, but it at least moves them out of the Active status tab

— Reply to this email directly, view it on GitHub https://github.com/aws/containers-roadmap/issues/685#issuecomment-1010948907, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACZ2DXURI6OMNXY7S2AVKU3UVVRK7ANCNFSM4KEP2DUA. Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. You are receiving this because you are subscribed to this thread.

[arun6445]

Unless this is fixed, what I have done as an alternative is used the "Task override Defintion" of the ECS Plugin in Jenkins.

I have specified a random (possibly latest) revision of the Task to override is all the time. E.g.

I know its not a great solution but at least would help overcome the limit of creating new Task definition everytime

[klang]

@Hyurt - if the Task Definitions are scanned by Config, you are billed for the scanning, regardless of them being ACTIVE or INACTIVE. Scanning half a million Task Definitions will run up a bill of about $1100.

@arun6445 - a good temporary fix, going forward.

@turingbeing - Each call of deregister-task-definition takes about 1.325s to complete. I have more than 2 million ACTIVE Task Definitions, because I've been using the ECS Plugin for Jenkins wrong (@arun6445) for years. DROP TABLE Task_Definitions shouldn't take 15+ days to run and should be easy to implement (hire @rodrix to implement this!)

So .. I appreciate the OCD involved in having INACTIVE Task Definitions that can't be deleted, but this problem actually goes deeper and it's been hanging for more than a year now.

It's time to get this fixed @lawrencepit

[forensicmike]

Actually it's been more than a year.... https://forums.aws.amazon.com/thread.jspa?threadID=170378&start=0&tstart=0 This thread started in Jan 2015 lol

[nagarjunr]

👍

[rmaharjan77]

Please set up config to delete task definitions.

[anonymous234]

God damn it Amazon it's been 7 years.

[JaoMarcos]

PLEASE ADD DELETE OPTION