istioctl ecs add-service

Enroll Amazon ECS workloads into your ambient mesh.

Synopsis

‘istioctl ecs add-service’ extends your ambient mesh to include workloads running in an Amazon Elastic Container Service (ECS) cluster. This command automatically bootstraps existing ECS services with a ztunnel sidecar container, which uses IAM roles to authenticate with your Istio installation. The workloads in ECS can then use the ztunnel to communicate with the in-mesh services in your Kubernetes cluster as well as securely communicate over mTLS to other ECS workloads.

  istioctl ecs add-service [flags]

Examples 

    # Enroll the 'demo' service in the 'my-ecs-cluster' ECS cluster into your ambient mesh.
  # Once enrolled, the service is reachable through the 'demo.my-ecs-cluster.<domain>' hostname,
  # where <domain> is the domain associated with the AWS account as registered with istiod.
  istioctl ecs add-service demo --cluster my-ecs-cluster

Options 

        --cluster string              The ECS cluster name.
      --external                    The workload is external to the network. This is useful when the ECS service is in a different network than Istio, so that all requests are proxied through the east-west gateway in Kubernetes.
      -h, --help                    help for add-service
      --hostname string             The DNS hostname to expose the ECS service on in the mesh. Defaults to '<service_name>.<ecs_cluster_name>.<ECS_domain>'. You can set multiple ECS services as the same hostname to load balance requests between the services automatically.
      -p, --platform string         The ECS runtime platform you want to use. Supported values: [ecs, ecs-ec2] (default "ecs")
      --ports string                Port configuration for the service as a forward slash-separated list of 'protocol:port[:targetPort]' pairs, such as 'http:80:8080/tcp:9090'.
      --profile string              The AWS CLI profile to use. Defaults to the default AWS CLI profile.
      -s, --service-account string  The Kubernetes service account in the namespace that the ECS service runs as. The service account is associated with the task execution role of the ECS service. (default "default")

Options inherited from parent commands 

        --as string                  Username to impersonate for the operation. User could be a regular user or a service account in a namespace
      --as-group stringArray       Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
      --as-uid string              UID to impersonate for the operation.
      --context string             Kubernetes configuration context
      -i, --istioNamespace string  Istio system namespace (default "istio-system")
      --kubeclient-timeout string  Kubernetes client timeout as a time.Duration string, defaults to 15 seconds. (default "15s")
      -c, --kubeconfig string      Kubernetes configuration file
      -n, --namespace string       Kubernetes namespace
      --out string                 output directory (default "/tmp/istioctl-cli-docs/1.29")