AwsCLI
Automate AWS services with the AWS CLI.
type: "io.kestra.plugin.aws.cli.AwsCLI"Run a simple AWS CLI command and capture the output.
id: aws_cli
namespace: company.team
tasks:
- id: cli
type: io.kestra.plugin.aws.cli.AwsCLI
accessKeyId: "{{ secret('AWS_ACCESS_KEY_ID') }}"
secretKeyId: "{{ secret('AWS_SECRET_ACCESS_KEY') }}"
region: "us-east-1"
commands:
- aws sts get-caller-identity | tr -d '
' | xargs -0 -I {} echo '::{"outputs":{}}::'Create a simple S3 bucket.
id: aws_cli
namespace: company.team
tasks:
- id: cli
type: io.kestra.plugin.aws.cli.AwsCLI
accessKeyId: "<access-key>"
secretKeyId: "<secret-key>"
region: "eu-central-1"
commands:
- aws s3 mb s3://test-bucket
List all S3 buckets as the task's output.
id: aws_cli
namespace: company.team
tasks:
- id: cli
type: io.kestra.plugin.aws.cli.AwsCLI
accessKeyId: "<access-key>"
secretKeyId: "<secret-key>"
region: "eu-central-1"
commands:
- aws s3api list-buckets | tr -d '
' | xargs -0 -I {} echo '::{"outputs":{}}::'
NOThe AWS commands to run.
YESAccess Key Id in order to connect to AWS.
If no credentials are defined, we will use the default credentials provider chain to fetch credentials.
YESYESamazon/aws-cliThe task runner container image, only used if the task runner is container-based.
NODeprecated, use 'taskRunner' instead
YESThe endpoint with which the SDK should communicate.
This property allows you to use a different S3 compatible storage backend.
YESAdditional environment variables for the current process.
YESThe files to create on the local filesystem. It can be a map or a JSON object.
NOInject namespace files.
Inject namespace files to this task. When enabled, it will, by default, load all namespace files into the working directory. However, you can use the include or exclude properties to limit which namespace files will be injected.
YESThe files from the local filesystem to send to Kestra's internal storage.
Must be a list of glob expressions relative to the current working directory, some examples: my-dir/**, my-dir/*/** or my-dir/my-file.txt.
NOJSONJSONTEXTTABLEYAMLExpected output format for AWS commands (can be overridden with --format parameter).
YESAWS region with which the SDK should communicate.
YESSecret Key Id in order to connect to AWS.
If no credentials are defined, we will use the default credentials provider chain to fetch credentials.
YESAWS session token, retrieved from an AWS token service, used for authenticating that this user has received temporary permissions to access a given resource.
If no credentials are defined, we will use the default credentials provider chain to fetch credentials.
NOENVIRONMENTEC2_INSTANCE_METADATAECS_CONTAINERYESThe AWS STS endpoint with which the SDKClient should communicate.
YESAWS STS Role.
The Amazon Resource Name (ARN) of the role to assume. If set the task will use the StsAssumeRoleCredentialsProvider. If no credentials are defined, we will use the default credentials provider chain to fetch credentials.
YESAWS STS External Id.
A unique identifier that might be required when you assume a role in another account. This property is only used when an stsRoleArn is defined.
YESPT15MdurationAWS STS Session duration.
The duration of the role session (default: 15 minutes, i.e., PT15M). This property is only used when an stsRoleArn is defined.
YESAWS STS Session name.
This property is only used when an stsRoleArn is defined.
NO{
"type": "io.kestra.plugin.scripts.runner.docker.Docker"
}The task runner to use.
Task runners are provided by plugins, each have their own properties.
0The exit code of the entire flow execution.
The output files' URIs in Kestra's internal storage.
The value extracted from the output of the executed commands.
YEStrueYESA list of filters to exclude matching glob patterns. This allows you to exclude a subset of the Namespace Files from being downloaded at runtime. You can combine this property together with include to only inject a subset of files that you need into the task's working directory.
YESA list of filters to include only matching glob patterns. This allows you to only load a subset of the Namespace Files into the working directory.
YESYESThe maximum amount of kernel memory the container can use.
The minimum allowed value is 4MB. Because kernel memory cannot be swapped out, a container which is starved of kernel memory may block host machine resources, which can have side effects on the host machine and on other containers. See the kernel-memory docs for more details.
YESThe maximum amount of memory resources the container can use.
Make sure to use the format number + unit (regardless of the case) without any spaces.
The unit can be KB (kilobytes), MB (megabytes), GB (gigabytes), etc.
Given that it's case-insensitive, the following values are equivalent:
"512MB""512Mb""512mb""512000KB""0.5GB"
It is recommended that you allocate at least 6MB.
YESAllows you to specify a soft limit smaller than memory which is activated when Docker detects contention or low memory on the host machine.
If you use memoryReservation, it must be set lower than memory for it to take precedence. Because it is a soft limit, it does not guarantee that the container doesn’t exceed the limit.
YESThe total amount of memory and swap that can be used by a container.
If memory and memorySwap are set to the same value, this prevents containers from using any swap. This is because memorySwap includes both the physical memory and swap space, while memory is only the amount of physical memory that can be used.
YESA setting which controls the likelihood of the kernel to swap memory pages.
By default, the host kernel can swap out a percentage of anonymous pages used by a container. You can set memorySwappiness to a value between 0 and 100 to tune this percentage.
YESYES1Docker image to use.
YESDocker configuration file.
Docker configuration file that can set access credentials to private container registries. Usually located in ~/.docker/config.json.
NOLimits the CPU usage to a given maximum threshold value.
By default, each container’s access to the host machine’s CPU cycles is unlimited. You can set various constraints to limit a given container’s access to the host machine’s CPU cycles.
YESYESDocker entrypoint to use.
YESExtra hostname mappings to the container network interface configuration.
YESDocker API URI.
NOLimits memory usage to a given maximum threshold value.
Docker can enforce hard memory limits, which allow the container to use no more than a given amount of user or system memory, or soft limits, which allow the container to use as much memory as it needs unless certain conditions are met, such as when the kernel detects low memory or contention on the host machine. Some of these options have different effects when used alone or when more than one option is set.
YESDocker network mode to use e.g. host, none, etc.
YESYESALWAYSIF_NOT_PRESENTALWAYSNEVERThe image pull policy for a container image and the tag of the image, which affect when Docker attempts to pull (download) the specified image.
YESSize of /dev/shm in bytes.
The size must be greater than 0. If omitted, the system uses 64MB.
YESUser in the Docker container.
YESList of volumes to mount.
Must be a valid mount expression as string, example : /home/user:/app.
Volumes mount are disabled by default for security reasons; you must enable them on server configuration by setting kestra.tasks.scripts.docker.volume-enabled to true.
YESThe registry authentication.
The auth field is a base64-encoded authentication string of username: password or a token.
YESThe identity token.
YESThe registry password.
YESThe registry URL.
If not defined, the registry will be extracted from the image name.
YESThe registry token.
YESThe registry username.
YESA list of capabilities; an OR list of AND lists of capabilities.
YESYESYESYESDriver-specific options, specified as key/value pairs.
These options are passed directly to the driver.