New Sciple is live. Connect your AWS in 10 minutes and explore the platform with a sandbox workspace. Book a demo
sciple

ECS dashboard

The ECS dashboard is the operational view for the ECS clusters Sciple discovers from your connected AWS accounts. Browse clusters, services, tasks, and task definitions. Service and task state is always live; task definitions are cached. Stream CloudWatch logs and open an interactive shell into running containers when you need to.

What you see

  • Clusters page at /ecs. A table of registered ECS clusters with name, provider, region, status, active service count, and running and pending task counts. Filter by name, AWS account, or region.
  • Cluster detail at /ecs/clusters/:id with three tabs:
    • Services: live service list with desired, running, and pending counts, launch type (Fargate or EC2), task definition, and status. Drift is visible at a glance from the desired vs. running gap. Click a service for the raw boto describe payload.
    • Tasks: live tasks grouped by task-definition family, with desired status (RUNNING or STOPPED), last status, CPU and memory, the node or container instance, and health status. Click a task to describe it, stream logs (when the task uses the awslogs driver), or open an interactive shell (when the task was launched with enableExecuteCommand: true).
    • Task definitions: cached list of families and their latest revisions with CPU, memory, network mode, architecture, OS family, and status. Sorted by family name.

Prerequisites

  • A Sciple workspace where you hold the settings.manage permission for cluster setup, or dashboard.view to browse.
  • At least one AWS account registered via the Cloud (AWS) dashboard. ECS clusters are discovered from that account.
  • For exec sessions: tasks launched with enableExecuteCommand: true and the role permissions that ECS Exec requires. Exec can not be enabled retroactively on a running task.

Step 1. Discover clusters

Open ECS and click Discover against an AWS account. Sciple syncs the cluster registry and refreshes task definitions from the account. Re-run discovery when clusters are created or destroyed; Sciple reconciles the registry.

Step 2. Browse services and tasks

Open a cluster. The Services and Tasks tabs hit the AWS API on every load to surface live state, so what you see is exactly what ECS reports right now. The Task Definitions tab reads from the cached snapshot that the cluster sync writes.

Drill into a task to stream logs from CloudWatch, or to open an interactive shell over WebSocket through SSM Session Manager. Both actions inherit your workspace identity and land in the audit trail.

Data flow

Cluster metadata and task definitions are cached in Sciple's database after each sync and read from the snapshot on subsequent loads. Services and tasks are fetched live on every page load (no caching) so what you see matches the ECS control plane at that instant. Logs are pulled live from CloudWatch.

Interactive shell sessions go through SSM Session Manager rather than direct task networking, so they work the same way regardless of whether the cluster is on Fargate or EC2-backed.

Permissions and audit

Browsing clusters, services, tasks, task definitions, describe drawers, and logs requires dashboard.view. Discovering clusters and deleting them from the registry require settings.manage. The interactive shell is gated separately by the ecs.exec permission, which is not included in the default Tenant role.

Cluster discovery and sync activity emit cloud.account.updated in the same audit log as the rest of the platform, in the same transaction as the change.

Limits

  • Live API on every page load. Services and tasks are not cached. On very large clusters the page can take a moment to render while ECS responds.
  • Manual refresh. There is no auto-poll on the dashboard; click refresh to re-fetch.
  • Read-only. Stopping a task, scaling a service, or registering a task definition is not exposed; the dashboard is browse-only outside the exec session.
  • Logs require the awslogs driver. Tasks using other log drivers (splunk, awsfirelens, fluentd) are not surfaced in the in-app log viewer.
  • Exec requires opt-in at launch. Set enableExecuteCommand: true on the task definition or service. It can not be added to an already-running task.
  • Task-definition history. Only the latest revision is summarised in the table today; the full revision history is not yet a first-class view.
  • No ECS-specific audit events yet. Discovery and sync reuse the cloud.account.updated action.

What is next