Resolving locale, route permissions, and workspace projection.
Current scope: Guest
Category: 80_chain | Version: v1.0.0
Owner: DOCUMENT_CUSTODIAN | Review cycle: 60 days
Approval authority: GOVERNANCE_ADMIN, CHAIN_OFFICER
Documentation portal is read-only. Editing and mutation endpoints are disabled.
Kvary platform is originally created in Georgian. Where a Georgian version exists, Georgian is authoritative for platform UI, documentation, and legal interpretation.
Translations into other languages are provided for convenience. Some records may originate in other languages and carry their own source or legal locale for a specific flow, but where a Georgian version is available, the Georgian version prevails for platform-level wording and interpretation.
Metadata incomplete: Change Log
Document ID: GOS-80-CHAIN-AWS-ECS-ENV-BLOCKS Version: 0.1.0 Status: DRAFT Owner Role: CHAIN_OFFICER Last Review Date: 2026-03-04 Next Review Date: 2026-04-04
Provide copy/paste-ready ECS containerDefinitions[].environment blocks for Kafka orchestration workloads on AWS.
secrets (SSM/Secrets Manager), not in environment.<region> and broker DNS values with real MSK endpoints.environment Block[
{ "name": "NODE_ENV", "value": "development" },
{ "name": "KAFKA_BROKERS", "value": "b-1.kvary-dev-msk.<region>.amazonaws.com:9098,b-2.kvary-dev-msk.<region>.amazonaws.com:9098" },
{ "name": "KAFKA_DEMO_CLIENT_ID", "value": "kvary-kafka-demo-dev" },
{ "name": "KAFKA_DEMO_GROUP_ID", "value": "kvary-demo-dev" },
{ "name": "KAFKA_DEMO_TOPIC", "value": "mint.requested" },
{ "name": "KAFKA_DEMO_TIMEOUT_MS", "value": "30000" },
{ "name": "KAFKA_DEMO_WARMUP_MS", "value": "1500" }
]
environment Block[
{ "name": "NODE_ENV", "value": "staging" },
{ "name": "KAFKA_BROKERS", "value": "b-1.kvary-stage-msk.<region>.amazonaws.com:9098,b-2.kvary-stage-msk.<region>.amazonaws.com:9098" },
{ "name": "KAFKA_DEMO_CLIENT_ID", "value": "kvary-kafka-demo-stage" },
{ "name": "KAFKA_DEMO_GROUP_ID", "value": "kvary-demo-stage" },
{ "name": "KAFKA_DEMO_TOPIC", "value": "mint.requested" },
{ "name": "KAFKA_DEMO_TIMEOUT_MS", "value": "30000" },
{ "name": "KAFKA_DEMO_WARMUP_MS", "value": "1500" }
]
environment Block[
{ "name": "NODE_ENV", "value": "production" },
{ "name": "KAFKA_BROKERS", "value": "b-1.kvary-prod-msk.<region>.amazonaws.com:9098,b-2.kvary-prod-msk.<region>.amazonaws.com:9098,b-3.kvary-prod-msk.<region>.amazonaws.com:9098" },
{ "name": "KAFKA_DEMO_CLIENT_ID", "value": "kvary-kafka-demo-prod" },
{ "name": "KAFKA_DEMO_GROUP_ID", "value": "kvary-demo-prod" },
{ "name": "KAFKA_DEMO_TOPIC", "value": "mint.requested" },
{ "name": "KAFKA_DEMO_TIMEOUT_MS", "value": "45000" },
{ "name": "KAFKA_DEMO_WARMUP_MS", "value": "2000" }
]
secrets Block (Template)[
{ "name": "KAFKA_SASL_USERNAME", "valueFrom": "arn:aws:ssm:<region>:<account-id>:parameter/kvary/<env>/kafka/sasl/username" },
{ "name": "KAFKA_SASL_PASSWORD", "valueFrom": "arn:aws:ssm:<region>:<account-id>:parameter/kvary/<env>/kafka/sasl/password" }
]
intentId) across all environments.npm run kafka:smoke with Docker profile.npm run kafka:demo or service-level health checks.docs/80_chain/templates/ecs-task-kafka-orchestrator.dev.jsondocs/80_chain/templates/ecs-task-kafka-orchestrator.stage.jsondocs/80_chain/templates/ecs-task-kafka-orchestrator.prod.jsonRegister examples:
aws ecs register-task-definition --cli-input-json file://docs/80_chain/templates/ecs-task-kafka-orchestrator.dev.json
aws ecs register-task-definition --cli-input-json file://docs/80_chain/templates/ecs-task-kafka-orchestrator.stage.json
aws ecs register-task-definition --cli-input-json file://docs/80_chain/templates/ecs-task-kafka-orchestrator.prod.json
Set shared placeholders first:
AWS_REGION=<region>
ECS_CLUSTER=<ecs-cluster-name>
SUBNETS=subnet-aaa,subnet-bbb
SECURITY_GROUPS=sg-aaa
Dev:
aws ecs create-service \
--region $AWS_REGION \
--cluster $ECS_CLUSTER \
--service-name kvary-kafka-orchestrator-dev \
--task-definition kvary-kafka-orchestrator-dev \
--desired-count 1 \
--launch-type FARGATE \
--network-configuration "awsvpcConfiguration={subnets=[$SUBNETS],securityGroups=[$SECURITY_GROUPS],assignPublicIp=DISABLED}"
aws ecs update-service \
--region $AWS_REGION \
--cluster $ECS_CLUSTER \
--service kvary-kafka-orchestrator-dev \
--task-definition kvary-kafka-orchestrator-dev \
--force-new-deployment
Stage:
aws ecs create-service \
--region $AWS_REGION \
--cluster $ECS_CLUSTER \
--service-name kvary-kafka-orchestrator-stage \
--task-definition kvary-kafka-orchestrator-stage \
--desired-count 1 \
--launch-type FARGATE \
--network-configuration "awsvpcConfiguration={subnets=[$SUBNETS],securityGroups=[$SECURITY_GROUPS],assignPublicIp=DISABLED}"
aws ecs update-service \
--region $AWS_REGION \
--cluster $ECS_CLUSTER \
--service kvary-kafka-orchestrator-stage \
--task-definition kvary-kafka-orchestrator-stage \
--force-new-deployment
Prod:
aws ecs create-service \
--region $AWS_REGION \
--cluster $ECS_CLUSTER \
--service-name kvary-kafka-orchestrator-prod \
--task-definition kvary-kafka-orchestrator-prod \
--desired-count 2 \
--launch-type FARGATE \
--network-configuration "awsvpcConfiguration={subnets=[$SUBNETS],securityGroups=[$SECURITY_GROUPS],assignPublicIp=DISABLED}"
aws ecs update-service \
--region $AWS_REGION \
--cluster $ECS_CLUSTER \
--service kvary-kafka-orchestrator-prod \
--task-definition kvary-kafka-orchestrator-prod \
--force-new-deployment
Notes:
create-service once per environment; afterward use update-service for new task revisions.--load-balancers and the corresponding health check settings.Terraform templates:
docs/80_chain/templates/terraform/ecs-kafka-orchestrator/main.tfdocs/80_chain/templates/terraform/ecs-kafka-orchestrator/variables.tfdocs/80_chain/templates/terraform/ecs-kafka-orchestrator/dev.tfvarsdocs/80_chain/templates/terraform/ecs-kafka-orchestrator/stage.tfvarsdocs/80_chain/templates/terraform/ecs-kafka-orchestrator/prod.tfvarsQuick start:
cd docs/80_chain/templates/terraform/ecs-kafka-orchestrator
terraform init
terraform plan -var-file=dev.tfvars
terraform apply -var-file=dev.tfvars