Search code examples
amazon-web-servicesamazon-ecsaws-step-functions

AWS Step Function ContainerOverrides clearing out already defined environment variables

I'm using an AWS Step Function to invoke a Fargate container. The ECS Task Definition has several environment variables defined, some with fixed values and some coming from Systems Manager Parameter Store. The State Machine adds one additional environment variable using ContainerOverrides.

Unfortunately this seems to replace, not add to, the environment variables specified within the task definition.

If I don't define any environment variables in the step definition, then those from the task definition exist at runtime. If I define even one variable at the step definition, then only those from the step definition exist at runtime.

How can I get Fargate/ECS/Step Functions to merge the environment variable instead of replacing all?

State Machine

{
  "Comment": "Sample State Machine",
  "StartAt": "Prerequisites",
  "States": {
    "Prerequisites": {
      "Type": "Task",
      "Resource": "arn:aws:states:::ecs:runTask.sync",
      "Parameters": {
        "Cluster": "arn:aws:ecs:us-west-2:1232123123:cluster/step-function-executor",
        "TaskDefinition": "step-function-generic-script-executor",
        "LaunchType":"FARGATE",
        "NetworkConfiguration": {
          "AwsvpcConfiguration" : {
            "AssignPublicIp" : "DISABLED",
            "SecurityGroups" : [
              "sg-123",
              "sg-456"
            ],
            "Subnets" : [
              "subnet-123" ,
              "subnet-456"
            ]
          }
        },
        "Overrides": {
          "ContainerOverrides": [
            {
              "Name": "step-function-generic-script-container",
              "Environment": [ 
                {
                  "Name": "STEP_SCRIPT_NAME",
                  "Value": "db-daily-backup-01-prereq"
                }
              ]
            }
          ]
        }
      },
      "End": true
    }
  }
}

Task Definition

ECS Container Definition for Task Definition

Solution

  • This is the way ContainerOverrides work, contrary to what it should work like. You have two options to solve this:

    1. Create a Lambda Function that starts the State Machine.

      • Invoke the Lambda Function when you want to invoke the State Machine.
      • That Lambda function will call the describe_task_definition ECS SDK function to get the complete details of your task definition and while calling start_execution function for step functions, pass all the content of Parameters along with the new/updated environment variables.
      • The Lambda function can be scheduled or run on demand.

    2. List all the Environment Variables in the State Machine.

      • Just like you mentioned the new variable, you may mention all the previous variables as well. (It has a disadvantage of redundancy)
      • You may use SSM parameter store for all your variables and then mention all the paths in your State Machine Task definition as well.

    First option will need some custom implementation, but will save you from manual configurations.