- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
account_id
Type: STRING
compatibilities
Type: UNORDERED_LIST_STRING
Provider name: compatibilities
Description: The task launch types the task definition validated against during task definition registration. For more information, see Amazon ECS launch types in the Amazon Elastic Container Service Developer Guide.
container_definitions
Type: UNORDERED_LIST_STRUCT
Provider name: containerDefinitions
Description: A list of container definitions in JSON format that describe the different containers that make up your task. For more information about container definition parameters and defaults, see Amazon ECS Task Definitions in the Amazon Elastic Container Service Developer Guide.
command
UNORDERED_LIST_STRING
command
Cmd
in the Create a container section of the Docker Remote API and the COMMAND
parameter to docker run. For more information, see https://docs.docker.com/engine/reference/builder/#cmd. If there are multiple arguments, each argument is a separated string in the array.cpu
INT32
cpu
cpu
units reserved for the container. This parameter maps to CpuShares
in the Create a container section of the Docker Remote API and the –cpu-shares
option to docker run. This field is optional for tasks using the Fargate launch type, and the only requirement is that the total amount of CPU reserved for all containers within a task be lower than the task-level cpu
value. 0
, which Windows interprets as 1% of one CPU.credential_specs
UNORDERED_LIST_STRING
credentialSpecs
CredSpec
) file that configures the container for Active Directory authentication. We recommend that you use this parameter instead of the dockerSecurityOptions
. The maximum number of ARNs is 1. There are two formats for each ARN.credentialspecdomainless:MyARN
to provide a CredSpec
with an additional section for a secret in Secrets Manager. You provide the login credentials to the domain in the secret. Each task that runs on any container instance can join different domains. You can use this format without joining the container instance to a domain.credentialspec:MyARN
to provide a CredSpec
for a single domain. You must join the container instance to the domain before you start any tasks that use this task definition.MyARN
with the ARN in SSM or Amazon S3. If you provide a credentialspecdomainless:MyARN
, the credspec
must provide a ARN in Secrets Manager for a secret containing the username, password, and the domain to connect to. For better security, the instance isn’t joined to the domain for domainless authentication. Other applications on the instance can’t use the domainless credentials. You can use this parameter to run tasks on the same instance, even it the tasks need to join different domains. For more information, see Using gMSAs for Windows Containers and Using gMSAs for Linux Containers.depends_on
UNORDERED_LIST_STRUCT
dependsOn
ecs-init
package. If your container instances are launched from version 20190301
or later, then they contain the required versions of the container agent and ecs-init
. For more information, see Amazon ECS-optimized Linux AMI in the Amazon Elastic Container Service Developer Guide. For tasks using the Fargate launch type, the task or service requires the following platforms:1.3.0
or later.1.0.0
or later.condition
STRING
condition
START
- This condition emulates the behavior of links and volumes today. It validates that a dependent container is started before permitting other containers to start.COMPLETE
- This condition validates that a dependent container runs to completion (exits) before permitting other containers to start. This can be useful for nonessential containers that run a script and then exit. This condition can’t be set on an essential container.SUCCESS
- This condition is the same as COMPLETE
, but it also requires that the container exits with a zero
status. This condition can’t be set on an essential container.HEALTHY
- This condition validates that the dependent container passes its Docker health check before permitting other containers to start. This requires that the dependent container has health checks configured. This condition is confirmed only at task startup.container_name
STRING
containerName
disable_networking
BOOLEAN
disableNetworking
NetworkDisabled
in the Create a container section of the Docker Remote API. dns_search_domains
UNORDERED_LIST_STRING
dnsSearchDomains
DnsSearch
in the Create a container section of the Docker Remote API and the –dns-search
option to docker run. dns_servers
UNORDERED_LIST_STRING
dnsServers
Dns
in the Create a container section of the Docker Remote API and the –dns
option to docker run. docker_labels
MAP_STRING_STRING
dockerLabels
Labels
in the Create a container section of the Docker Remote API and the –label
option to docker run. This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version –format ‘{{.Server.APIVersion}}’
docker_security_options
UNORDERED_LIST_STRING
dockerSecurityOptions
SecurityOpt
in the Create a container section of the Docker Remote API and the –security-opt
option to docker run. ECS_SELINUX_CAPABLE=true
or ECS_APPARMOR_CAPABLE=true
environment variables before containers placed on that instance can use these security options. For more information, see Amazon ECS Container Agent Configuration in the Amazon Elastic Container Service Developer Guide. entry_point
UNORDERED_LIST_STRING
entryPoint
entryPoint
parameters. If you have problems using entryPoint
, update your container agent or enter your commands and arguments as command
array items instead. Entrypoint
in the Create a container section of the Docker Remote API and the –entrypoint
option to docker run. For more information, see https://docs.docker.com/engine/reference/builder/#entrypoint.environment
UNORDERED_LIST_STRUCT
environment
Env
in the Create a container section of the Docker Remote API and the –env
option to docker run. name
STRING
name
value
STRING
value
environment_files
UNORDERED_LIST_STRUCT
environmentFiles
–env-file
option to docker run. You can specify up to ten environment files. The file must have a .env
file extension. Each line in an environment file contains an environment variable in VARIABLE=VALUE
format. Lines beginning with #
are treated as comments and are ignored. For more information about the environment variable file syntax, see Declare default environment variables in file. If there are environment variables specified using the environment
parameter in a container definition, they take precedence over the variables contained within an environment file. If multiple environment files are specified that contain the same variable, they’re processed from the top down. We recommend that you use unique variable names. For more information, see Specifying Environment Variables in the Amazon Elastic Container Service Developer Guide.type
STRING
type
s3
.value
STRING
value
essential
BOOLEAN
essential
essential
parameter of a container is marked as true
, and that container fails or stops for any reason, all other containers that are part of the task are stopped. If the essential
parameter of a container is marked as false
, its failure doesn’t affect the rest of the containers in a task. If this parameter is omitted, a container is assumed to be essential. All tasks must have at least one essential container. If you have an application that’s composed of multiple containers, group containers that are used for a common purpose into components, and separate the different components into multiple task definitions. For more information, see Application Architecture in the Amazon Elastic Container Service Developer Guide.extra_hosts
UNORDERED_LIST_STRUCT
extraHosts
/etc/hosts
file on the container. This parameter maps to ExtraHosts
in the Create a container section of the Docker Remote API and the –add-host
option to docker run. awsvpc
network mode.hostname
STRING
hostname
/etc/hosts
entry.ip_address
STRING
ipAddress
/etc/hosts
entry.firelens_configuration
STRUCT
firelensConfiguration
options
MAP_STRING_STRING
options
“options”:{“enable-ecs-log-metadata”:“true|false”,“config-file-type:“s3|file”,“config-file-value”:“arn:aws:s3:::mybucket/fluent.conf|filepath”}
. For more information, see Creating a task definition that uses a FireLens configuration in the Amazon Elastic Container Service Developer Guide. file
configuration file type.type
STRING
type
fluentd
or fluentbit
.health_check
STRUCT
healthCheck
HealthCheck
in the Create a container section of the Docker Remote API and the HEALTHCHECK
parameter of docker run.command
UNORDERED_LIST_STRING
command
CMD
to run the command arguments directly, or CMD-SHELL
to run the command with the container’s default shell. When you use the Amazon Web Services Management Console JSON panel, the Command Line Interface, or the APIs, enclose the list of commands in double quotes and brackets. [ “CMD-SHELL”, “curl -f http://localhost/ || exit 1” ]
You don’t include the double quotes and brackets when you use the Amazon Web Services Management Console. CMD-SHELL, curl -f http://localhost/ || exit 1
An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see HealthCheck
in the Create a container section of the Docker Remote API.interval
INT32
interval
retries
INT32
retries
start_period
INT32
startPeriod
startPeriod
is off. startPeriod
, then the container is considered healthy and any subsequent failures count toward the maximum number of retries.timeout
INT32
timeout
hostname
STRING
hostname
Hostname
in the Create a container section of the Docker Remote API and the –hostname
option to docker run. hostname
parameter is not supported if you’re using the awsvpc
network mode.image
STRING
image
repository-url/image:tag
or repository-url/image@digest
. Up to 255 letters (uppercase and lowercase), numbers, hyphens, underscores, colons, periods, forward slashes, and number signs are allowed. This parameter maps to Image
in the Create a container section of the Docker Remote API and the IMAGE
parameter of docker run.registry/repository:tag
or registry/repository@digest
. For example, 012345678910.dkr.ecr.<region-name>.amazonaws.com/<repository-name>:latest
or 012345678910.dkr.ecr.<region-name>.amazonaws.com/<repository-name>@sha256:94afd1f2e64d908bc90dbca0035a5b567EXAMPLE
.ubuntu
or mongo
).amazon/amazon-ecs-agent
).quay.io/assemblyline/ubuntu
).interactive
BOOLEAN
interactive
true
, you can deploy containerized applications that require stdin
or a tty
to be allocated. This parameter maps to OpenStdin
in the Create a container section of the Docker Remote API and the –interactive
option to docker run.links
UNORDERED_LIST_STRING
links
links
parameter allows containers to communicate with each other without the need for port mappings. This parameter is only supported if the network mode of a task definition is bridge
. The name:internalName
construct is analogous to name:alias
in Docker links. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. For more information about linking Docker containers, go to Legacy container links in the Docker documentation. This parameter maps to Links
in the Create a container section of the Docker Remote API and the –link
option to docker run. linux_parameters
STRUCT
linuxParameters
capabilities
STRUCT
capabilities
capabilities
is supported for all platform versions but the add
parameter is only supported if using platform version 1.4.0 or later.add
UNORDERED_LIST_STRING
add
CapAdd
in the Create a container section of the Docker Remote API and the –cap-add
option to docker run. SYS_PTRACE
kernel capability. “ALL” | “AUDIT_CONTROL” | “AUDIT_WRITE” | “BLOCK_SUSPEND” | “CHOWN” | “DAC_OVERRIDE” | “DAC_READ_SEARCH” | “FOWNER” | “FSETID” | “IPC_LOCK” | “IPC_OWNER” | “KILL” | “LEASE” | “LINUX_IMMUTABLE” | “MAC_ADMIN” | “MAC_OVERRIDE” | “MKNOD” | “NET_ADMIN” | “NET_BIND_SERVICE” | “NET_BROADCAST” | “NET_RAW” | “SETFCAP” | “SETGID” | “SETPCAP” | “SETUID” | “SYS_ADMIN” | “SYS_BOOT” | “SYS_CHROOT” | “SYS_MODULE” | “SYS_NICE” | “SYS_PACCT” | “SYS_PTRACE” | “SYS_RAWIO” | “SYS_RESOURCE” | “SYS_TIME” | “SYS_TTY_CONFIG” | “SYSLOG” | “WAKE_ALARM”
drop
UNORDERED_LIST_STRING
drop
CapDrop
in the Create a container section of the Docker Remote API and the –cap-drop
option to docker run. Valid values: “ALL” | “AUDIT_CONTROL” | “AUDIT_WRITE” | “BLOCK_SUSPEND” | “CHOWN” | “DAC_OVERRIDE” | “DAC_READ_SEARCH” | “FOWNER” | “FSETID” | “IPC_LOCK” | “IPC_OWNER” | “KILL” | “LEASE” | “LINUX_IMMUTABLE” | “MAC_ADMIN” | “MAC_OVERRIDE” | “MKNOD” | “NET_ADMIN” | “NET_BIND_SERVICE” | “NET_BROADCAST” | “NET_RAW” | “SETFCAP” | “SETGID” | “SETPCAP” | “SETUID” | “SYS_ADMIN” | “SYS_BOOT” | “SYS_CHROOT” | “SYS_MODULE” | “SYS_NICE” | “SYS_PACCT” | “SYS_PTRACE” | “SYS_RAWIO” | “SYS_RESOURCE” | “SYS_TIME” | “SYS_TTY_CONFIG” | “SYSLOG” | “WAKE_ALARM”
devices
UNORDERED_LIST_STRUCT
devices
Devices
in the Create a container section of the Docker Remote API and the –device
option to docker run. devices
parameter isn’t supported.container_path
STRING
containerPath
host_path
STRING
hostPath
permissions
UNORDERED_LIST_STRING
permissions
read
, write
, and mknod
for the device.init_process_enabled
BOOLEAN
initProcessEnabled
init
process inside the container that forwards signals and reaps processes. This parameter maps to the –init
option to docker run. This parameter requires version 1.25 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version –format ‘{{.Server.APIVersion}}’
max_swap
INT32
maxSwap
–memory-swap
option to docker run where the value would be the sum of the container memory plus the maxSwap
value. If a maxSwap
value of 0
is specified, the container will not use swap. Accepted values are 0
or any positive integer. If the maxSwap
parameter is omitted, the container will use the swap configuration for the container instance it is running on. A maxSwap
value must be set for the swappiness
parameter to be used. maxSwap
parameter isn’t supported. If you’re using tasks on Amazon Linux 2023 the swappiness
parameter isn’t supported.shared_memory_size
INT32
sharedMemorySize
/dev/shm
volume. This parameter maps to the –shm-size
option to docker run. sharedMemorySize
parameter is not supported.swappiness
INT32
swappiness
swappiness
value of 0
will cause swapping to not happen unless absolutely necessary. A swappiness
value of 100
will cause pages to be swapped very aggressively. Accepted values are whole numbers between 0
and 100
. If the swappiness
parameter is not specified, a default value of 60
is used. If a value is not specified for maxSwap
then this parameter is ignored. This parameter maps to the –memory-swappiness
option to docker run. swappiness
parameter isn’t supported. If you’re using tasks on Amazon Linux 2023 the swappiness
parameter isn’t supported.tmpfs
UNORDERED_LIST_STRUCT
tmpfs
–tmpfs
option to docker run. tmpfs
parameter isn’t supported.container_path
STRING
containerPath
mount_options
UNORDERED_LIST_STRING
mountOptions
“defaults” | “ro” | “rw” | “suid” | “nosuid” | “dev” | “nodev” | “exec” | “noexec” | “sync” | “async” | “dirsync” | “remount” | “mand” | “nomand” | “atime” | “noatime” | “diratime” | “nodiratime” | “bind” | “rbind” | “unbindable” | “runbindable” | “private” | “rprivate” | “shared” | “rshared” | “slave” | “rslave” | “relatime” | “norelatime” | “strictatime” | “nostrictatime” | “mode” | “uid” | “gid” | “nr_inodes” | “nr_blocks” | “mpol”
size
INT32
size
log_configuration
STRUCT
logConfiguration
LogConfig
in the Create a container section of the Docker Remote API and the –log-driver
option to docker run. By default, containers use the same logging driver that the Docker daemon uses. However the container can use a different logging driver than the Docker daemon by specifying a log driver with this parameter in the container definition. To use a different logging driver for a container, the log system must be configured properly on the container instance (or on a different log server for remote logging options). For more information about the options for different supported log drivers, see Configure logging drivers in the Docker documentation. sudo docker version –format ‘{{.Server.APIVersion}}’
ECS_AVAILABLE_LOGGING_DRIVERS
environment variable before containers placed on that instance can use these log configuration options. For more information, see Amazon ECS Container Agent Configuration in the Amazon Elastic Container Service Developer Guide.log_driver
STRING
logDriver
awslogs
, splunk
, and awsfirelens
. For tasks hosted on Amazon EC2 instances, the supported log drivers are awslogs
, fluentd
, gelf
, json-file
, journald
, logentries
,syslog
, splunk
, and awsfirelens
. For more information about using the awslogs
log driver, see Using the awslogs log driver in the Amazon Elastic Container Service Developer Guide. For more information about using the awsfirelens
log driver, see Custom log routing in the Amazon Elastic Container Service Developer Guide. options
MAP_STRING_STRING
options
sudo docker version –format ‘{{.Server.APIVersion}}’
secret_options
UNORDERED_LIST_STRUCT
secretOptions
name
STRING
name
value_from
STRING
valueFrom
memory
INT32
memory
memory
value, if one is specified. This parameter maps to Memory
in the Create a container section of the Docker Remote API and the –memory
option to docker run. If using the Fargate launch type, this parameter is optional. If using the EC2 launch type, you must specify either a task-level memory value or a container-level memory value. If you specify both a container-level memory
and memoryReservation
value, memory
must be greater than memoryReservation
. If you specify memoryReservation
, then that value is subtracted from the available memory resources for the container instance where the container is placed. Otherwise, the value of memory
is used. The Docker 20.10.0 or later daemon reserves a minimum of 6 MiB of memory for a container. So, don’t specify less than 6 MiB of memory for your containers. The Docker 19.03.13-ce or earlier daemon reserves a minimum of 4 MiB of memory for a container. So, don’t specify less than 4 MiB of memory for your containers.memory_reservation
INT32
memoryReservation
memory
parameter (if applicable), or all of the available memory on the container instance, whichever comes first. This parameter maps to MemoryReservation
in the Create a container section of the Docker Remote API and the –memory-reservation
option to docker run. If a task-level memory value is not specified, you must specify a non-zero integer for one or both of memory
or memoryReservation
in a container definition. If you specify both, memory
must be greater than memoryReservation
. If you specify memoryReservation
, then that value is subtracted from the available memory resources for the container instance where the container is placed. Otherwise, the value of memory
is used. For example, if your container normally uses 128 MiB of memory, but occasionally bursts to 256 MiB of memory for short periods of time, you can set a memoryReservation
of 128 MiB, and a memory
hard limit of 300 MiB. This configuration would allow the container to only reserve 128 MiB of memory from the remaining resources on the container instance, but also allow the container to consume more memory resources when needed. The Docker 20.10.0 or later daemon reserves a minimum of 6 MiB of memory for a container. So, don’t specify less than 6 MiB of memory for your containers. The Docker 19.03.13-ce or earlier daemon reserves a minimum of 4 MiB of memory for a container. So, don’t specify less than 4 MiB of memory for your containers.mount_points
UNORDERED_LIST_STRUCT
mountPoints
Volumes
in the Create a container section of the Docker Remote API and the –volume
option to docker run. Windows containers can mount whole directories on the same drive as $env:ProgramData
. Windows containers can’t mount directories on a different drive, and mount point can’t be across drives.container_path
STRING
containerPath
read_only
BOOLEAN
readOnly
true
, the container has read-only access to the volume. If this value is false
, then the container can write to the volume. The default value is false
.source_volume
STRING
sourceVolume
name
parameter of task definition volume
.name
STRING
name
name
of one container can be entered in the links
of another container to connect the containers. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. This parameter maps to name
in the Create a container section of the Docker Remote API and the –name
option to docker run.port_mappings
UNORDERED_LIST_STRUCT
portMappings
awsvpc
network mode, only specify the containerPort
. The hostPort
can be left blank or it must be the same value as the containerPort
. Port mappings on Windows use the NetNAT
gateway address rather than localhost
. There’s no loopback for port mappings on Windows, so you can’t access a container’s mapped port from the host itself. This parameter maps to PortBindings
in the Create a container section of the Docker Remote API and the –publish
option to docker run. If the network mode of a task definition is set to none
, then you can’t specify port mappings. If the network mode of a task definition is set to host
, then host ports must either be undefined or they must match the container port in the port mapping. RUNNING
status, manual and automatic host and container port assignments are visible in the Network Bindings section of a container description for a selected task in the Amazon ECS console. The assignments are also visible in the networkBindings
section DescribeTasks responses.app_protocol
STRING
appProtocol
appProtocol
is immutable in a Service Connect service. Updating this field requires a service deletion and redeployment. Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see Service Connect in the Amazon Elastic Container Service Developer Guide.container_port
INT32
containerPort
awsvpc
or host
network mode, specify the exposed ports using containerPort
. If you use containers in a task with the bridge
network mode and you specify a container port and not a host port, your container automatically receives a host port in the ephemeral port range. For more information, see hostPort
. Port mappings that are automatically assigned in this way do not count toward the 100 reserved ports limit of a container instance.container_port_range
STRING
containerPortRange
containerPortRange
:bridge
network mode or the awsvpc
network mode.ecs-init
packagehostPortRange
. The value of the hostPortRange
is set as follows:awsvpc
network mode, the hostPortRange
is set to the same value as the containerPortRange
. This is a static mapping strategy.bridge
network mode, the Amazon ECS agent finds open host ports from the default ephemeral range and passes it to docker to bind them to the container ports.containerPortRange
valid values are between 1 and 65535.DescribeTasks
to view the hostPortRange
which are the host ports that are bound to the container ports.host_port
INT32
hostPort
containerPortRange
, leave this field empty and the value of the hostPort
is set as follows:awsvpc
network mode, the hostPort
is set to the same value as the containerPort
. This is a static mapping strategy.bridge
network mode, the Amazon ECS agent finds open ports on the host and automatically binds them to the container ports. This is a dynamic mapping strategy.awsvpc
or host
network mode, the hostPort
can either be left blank or set to the same value as the containerPort
. If you use containers in a task with the bridge
network mode, you can specify a non-reserved host port for your container port mapping, or you can omit the hostPort
(or set it to 0
) while specifying a containerPort
and your container automatically receives a port in the ephemeral port range for your container instance operating system and Docker version. The default ephemeral port range for Docker version 1.6.0 and later is listed on the instance under /proc/sys/net/ipv4/ip_local_port_range
. If this kernel parameter is unavailable, the default ephemeral port range from 49153 through 65535 (Linux) or 49152 through 65535 (Windows) is used. Do not attempt to specify a host port in the ephemeral port range as these are reserved for automatic assignment. In general, ports below 32768 are outside of the ephemeral port range. The default reserved ports are 22 for SSH, the Docker ports 2375 and 2376, and the Amazon ECS container agent ports 51678-51680. Any host port that was previously specified in a running task is also reserved while the task is running. That is, after a task stops, the host port is released. The current reserved ports are displayed in the remainingResources
of DescribeContainerInstances output. A container instance can have up to 100 reserved ports at a time. This number includes the default reserved ports. Automatically assigned ports aren’t included in the 100 reserved ports quota.name
STRING
name
serviceConnectConfiguration
of a service. The name can include up to 64 characters. The characters can include lowercase letters, numbers, underscores (_), and hyphens (-). The name can’t start with a hyphen. For more information, see Service Connect in the Amazon Elastic Container Service Developer Guide.protocol
STRING
protocol
tcp
and udp
. The default is tcp
. protocol
is immutable in a Service Connect service. Updating this field requires a service deletion and redeployment.privileged
BOOLEAN
privileged
root
user). This parameter maps to Privileged
in the Create a container section of the Docker Remote API and the –privileged
option to docker run. pseudo_terminal
BOOLEAN
pseudoTerminal
true
, a TTY is allocated. This parameter maps to Tty
in the Create a container section of the Docker Remote API and the –tty
option to docker run.readonly_root_filesystem
BOOLEAN
readonlyRootFilesystem
ReadonlyRootfs
in the Create a container section of the Docker Remote API and the –read-only
option to docker run. repository_credentials
STRUCT
repositoryCredentials
credentials_parameter
STRING
credentialsParameter
resource_requirements
UNORDERED_LIST_STRUCT
resourceRequirements
type
STRING
type
value
STRING
value
GPU
, the value is the number of physical GPUs
the Amazon ECS container agent reserves for the container. The number of GPUs that’s reserved for all containers in a task can’t exceed the number of available GPUs on the container instance that the task is launched on. When the type is InferenceAccelerator
, the value
matches the deviceName
for an InferenceAccelerator specified in a task definition.secrets
UNORDERED_LIST_STRUCT
secrets
name
STRING
name
value_from
STRING
valueFrom
start_timeout
INT32
startTimeout
COMPLETE
, SUCCESS
, or HEALTHY
status. If a startTimeout
value is specified for containerB and it doesn’t reach the desired status within that time then containerA gives up and not start. This results in the task transitioning to a STOPPED
state. ECS_CONTAINER_START_TIMEOUT
container agent configuration variable is used, it’s enforced independently from this start timeout value. 1.3.0
or later.1.0.0
or later.1.26.0
of the container agent to use a container start timeout value. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see Updating the Amazon ECS Container Agent in the Amazon Elastic Container Service Developer Guide. If you’re using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1
of the ecs-init
package. If your container instances are launched from version 20190301
or later, then they contain the required versions of the container agent and ecs-init
. For more information, see Amazon ECS-optimized Linux AMI in the Amazon Elastic Container Service Developer Guide. The valid values are 2-120 seconds.stop_timeout
INT32
stopTimeout
1.3.0
or later.1.0.0
or later.stopTimeout
parameter isn’t specified, the value set for the Amazon ECS container agent configuration variable ECS_CONTAINER_STOP_TIMEOUT
is used. If neither the stopTimeout
parameter or the ECS_CONTAINER_STOP_TIMEOUT
agent configuration variable are set, then the default values of 30 seconds for Linux containers and 30 seconds on Windows containers are used. Your container instances require at least version 1.26.0 of the container agent to use a container stop timeout value. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see Updating the Amazon ECS Container Agent in the Amazon Elastic Container Service Developer Guide. If you’re using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the ecs-init
package. If your container instances are launched from version 20190301
or later, then they contain the required versions of the container agent and ecs-init
. For more information, see Amazon ECS-optimized Linux AMI in the Amazon Elastic Container Service Developer Guide. The valid values are 2-120 seconds.system_controls
UNORDERED_LIST_STRUCT
systemControls
Sysctls
in the Create a container section of the Docker Remote API and the –sysctl
option to docker run. For example, you can configure net.ipv4.tcp_keepalive_time
setting to maintain longer lived connections.namespace
STRING
namespace
value
for.value
STRING
value
value
for. Valid IPC namespace values: “kernel.msgmax” | “kernel.msgmnb” | “kernel.msgmni” | “kernel.sem” | “kernel.shmall” | “kernel.shmmax” | “kernel.shmmni” | “kernel.shm_rmid_forced”
, and Sysctls
that start with “fs.mqueue."
Valid network namespace values: Sysctls
that start with “net."
All of these values are supported by Fargate.ulimits
UNORDERED_LIST_STRUCT
ulimits
ulimits
to set in the container. If a ulimit
value is specified in a task definition, it overrides the default values set by Docker. This parameter maps to Ulimits
in the Create a container section of the Docker Remote API and the –ulimit
option to docker run. Valid naming values are displayed in the Ulimit data type. Amazon ECS tasks hosted on Fargate use the default resource limit values set by the operating system with the exception of the nofile
resource limit parameter which Fargate overrides. The nofile
resource limit sets a restriction on the number of open files that a container can use. The default nofile
soft limit is 1024
and the default hard limit is 65535
. This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version –format ‘{{.Server.APIVersion}}’
hard_limit
INT32
hardLimit
ulimit
type.name
STRING
name
type
of the ulimit
.soft_limit
INT32
softLimit
ulimit
type.user
STRING
user
User
in the Create a container section of the Docker Remote API and the –user
option to docker run. host
network mode, don’t run containers using the root user (UID 0). We recommend using a non-root user for better security. user
using the following formats. If specifying a UID or GID, you must specify it as a positive integer.user
user:group
uid
uid:gid
user:gid
uid:group
volumes_from
UNORDERED_LIST_STRUCT
volumesFrom
VolumesFrom
in the Create a container section of the Docker Remote API and the –volumes-from
option to docker run.read_only
BOOLEAN
readOnly
true
, the container has read-only access to the volume. If this value is false
, then the container can write to the volume. The default value is false
.source_container
STRING
sourceContainer
working_directory
STRING
workingDirectory
WorkingDir
in the Create a container section of the Docker Remote API and the –workdir
option to docker run.cpu
Type: STRING
Provider name: cpu
Description: The number of cpu
units used by the task. If you use the EC2 launch type, this field is optional. Any value can be used. If you use the Fargate launch type, this field is required. You must use one of the following values. The value that you choose determines your range of valid values for the memory
parameter. The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate.
memory
values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB)memory
values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB)memory
values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB)memory
values: 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB)memory
values: 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB)memory
values: 16 GB and 60 GB in 4 GB increments This option requires Linux platform 1.4.0
or later.memory
values: 32GB and 120 GB in 8 GB increments This option requires Linux platform 1.4.0
or later.deregistered_at
Type: TIMESTAMP
Provider name: deregisteredAt
Description: The Unix timestamp for the time when the task definition was deregistered.
ephemeral_storage
Type: STRUCT
Provider name: ephemeralStorage
Description: The ephemeral storage settings to use for tasks run with the task definition.
size_in_gib
INT32
sizeInGiB
20
GiB and the maximum supported value is 200
GiB.execution_role_arn
Type: STRING
Provider name: executionRoleArn
Description: The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make Amazon Web Services API calls on your behalf. The task execution IAM role is required depending on the requirements of your task. For more information, see Amazon ECS task execution IAM role in the Amazon Elastic Container Service Developer Guide.
family
Type: STRING
Provider name: family
Description: The name of a family that this task definition is registered to. Up to 255 characters are allowed. Letters (both uppercase and lowercase letters), numbers, hyphens (-), and underscores (_) are allowed. A family groups multiple versions of a task definition. Amazon ECS gives the first task definition that you registered to a family a revision number of 1. Amazon ECS gives sequential revision numbers to each task definition that you add.
inference_accelerators
Type: UNORDERED_LIST_STRUCT
Provider name: inferenceAccelerators
Description: The Elastic Inference accelerator that’s associated with the task.
device_name
STRING
deviceName
deviceName
must also be referenced in a container definition as a ResourceRequirement.device_type
STRING
deviceType
ipc_mode
Type: STRING
Provider name: ipcMode
Description: The IPC resource namespace to use for the containers in the task. The valid values are host
, task
, or none
. If host
is specified, then all containers within the tasks that specified the host
IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If task
is specified, all containers within the specified task share the same IPC resources. If none
is specified, then IPC resources within the containers of a task are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance. For more information, see IPC settings in the Docker run reference. If the host
IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose. For more information, see Docker security. If you are setting namespaced kernel parameters using systemControls
for the containers in the task, the following will apply to your IPC resource namespace. For more information, see System Controls in the Amazon Elastic Container Service Developer Guide.
host
IPC mode, IPC namespace related systemControls
are not supported.task
IPC mode, IPC namespace related systemControls
will apply to all containers within a task.memory
Type: STRING
Provider name: memory
Description: The amount (in MiB) of memory used by the task. If your tasks runs on Amazon EC2 instances, you must specify either a task-level memory value or a container-level memory value. This field is optional and any value can be used. If a task-level memory value is specified, the container-level memory value is optional. For more information regarding container-level memory and memory reservation, see ContainerDefinition. If your tasks runs on Fargate, this field is required. You must use one of the following values. The value you choose determines your range of valid values for the cpu
parameter.
cpu
values: 256 (.25 vCPU)cpu
values: 512 (.5 vCPU)cpu
values: 1024 (1 vCPU)cpu
values: 2048 (2 vCPU)cpu
values: 4096 (4 vCPU)cpu
values: 8192 (8 vCPU) This option requires Linux platform 1.4.0
or later.cpu
values: 16384 (16 vCPU) This option requires Linux platform 1.4.0
or later.network_mode
Type: STRING
Provider name: networkMode
Description: The Docker networking mode to use for the containers in the task. The valid values are none
, bridge
, awsvpc
, and host
. If no network mode is specified, the default is bridge
. For Amazon ECS tasks on Fargate, the awsvpc
network mode is required. For Amazon ECS tasks on Amazon EC2 Linux instances, any network mode can be used. For Amazon ECS tasks on Amazon EC2 Windows instances, <default>
or awsvpc
can be used. If the network mode is set to none
, you cannot specify port mappings in your container definitions, and the tasks containers do not have external connectivity. The host
and awsvpc
network modes offer the highest networking performance for containers because they use the EC2 network stack instead of the virtualized network stack provided by the bridge
mode. With the host
and awsvpc
network modes, exposed container ports are mapped directly to the corresponding host port (for the host
network mode) or the attached elastic network interface port (for the awsvpc
network mode), so you cannot take advantage of dynamic host port mappings. host
network mode, you should not run containers using the root user (UID 0). It is considered best practice to use a non-root user. awsvpc
, the task is allocated an elastic network interface, and you must specify a NetworkConfiguration value when you create a service or run a task with the task definition. For more information, see Task Networking in the Amazon Elastic Container Service Developer Guide. If the network mode is host
, you cannot run multiple instantiations of the same task on a single container instance when port mappings are used. For more information, see Network settings in the Docker run reference.
pid_mode
Type: STRING
Provider name: pidMode
Description: The process namespace to use for the containers in the task. The valid values are host
or task
. On Fargate for Linux containers, the only valid value is task
. For example, monitoring sidecars might need pidMode
to access information about other containers running in the same task. If host
is specified, all containers within the tasks that specified the host
PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance. If task
is specified, all containers within the specified task share the same process namespace. If no value is specified, the default is a private namespace for each container. For more information, see PID settings in the Docker run reference. If the host
PID mode is used, there’s a heightened risk of undesired process namespace exposure. For more information, see Docker security. 1.4.0
or later (Linux). This isn’t supported for Windows containers on Fargate.
placement_constraints
Type: UNORDERED_LIST_STRUCT
Provider name: placementConstraints
Description: An array of placement constraint objects to use for tasks.
expression
STRING
expression
type
STRING
type
MemberOf
constraint restricts selection to be from a group of valid candidates.proxy_configuration
Type: STRUCT
Provider name: proxyConfiguration
Description: The configuration details for the App Mesh proxy. Your Amazon ECS container instances require at least version 1.26.0 of the container agent and at least version 1.26.0-1 of the ecs-init
package to use a proxy configuration. If your container instances are launched from the Amazon ECS optimized AMI version 20190301
or later, they contain the required versions of the container agent and ecs-init
. For more information, see Amazon ECS-optimized Linux AMI in the Amazon Elastic Container Service Developer Guide.
container_name
STRING
containerName
properties
UNORDERED_LIST_STRUCT
properties
IgnoredUID
- (Required) The user ID (UID) of the proxy container as defined by the user
parameter in a container definition. This is used to ensure the proxy ignores its own traffic. If IgnoredGID
is specified, this field can be empty.IgnoredGID
- (Required) The group ID (GID) of the proxy container as defined by the user
parameter in a container definition. This is used to ensure the proxy ignores its own traffic. If IgnoredUID
is specified, this field can be empty.AppPorts
- (Required) The list of ports that the application uses. Network traffic to these ports is forwarded to the ProxyIngressPort
and ProxyEgressPort
.ProxyIngressPort
- (Required) Specifies the port that incoming traffic to the AppPorts
is directed to.ProxyEgressPort
- (Required) Specifies the port that outgoing traffic from the AppPorts
is directed to.EgressIgnoredPorts
- (Required) The egress traffic going to the specified ports is ignored and not redirected to the ProxyEgressPort
. It can be an empty list.EgressIgnoredIPs
- (Required) The egress traffic going to the specified IP addresses is ignored and not redirected to the ProxyEgressPort
. It can be an empty list.name
STRING
name
value
STRING
value
type
STRING
type
APPMESH
.registered_at
Type: TIMESTAMP
Provider name: registeredAt
Description: The Unix timestamp for the time when the task definition was registered.
registered_by
Type: STRING
Provider name: registeredBy
Description: The principal that registered the task definition.
requires_attributes
Type: UNORDERED_LIST_STRUCT
Provider name: requiresAttributes
Description: The container instance attributes required by your task. When an Amazon EC2 instance is registered to your cluster, the Amazon ECS container agent assigns some standard attributes to the instance. You can apply custom attributes. These are specified as key-value pairs using the Amazon ECS console or the PutAttributes API. These attributes are used when determining task placement for tasks hosted on Amazon EC2 instances. For more information, see Attributes in the Amazon Elastic Container Service Developer Guide.
name
STRING
name
name
must contain between 1 and 128 characters. The name may contain letters (uppercase and lowercase), numbers, hyphens (-), underscores (_), forward slashes (/), back slashes (), or periods (.).target_id
STRING
targetId
target_type
STRING
targetType
value
STRING
value
value
must contain between 1 and 128 characters. It can contain letters (uppercase and lowercase), numbers, hyphens (-), underscores (_), periods (.), at signs (@), forward slashes (/), back slashes (), colons (:), or spaces. The value can’t start or end with a space.requires_compatibilities
Type: UNORDERED_LIST_STRING
Provider name: requiresCompatibilities
Description: The task launch types the task definition was validated against. The valid values are EC2
, FARGATE
, and EXTERNAL
. For more information, see Amazon ECS launch types in the Amazon Elastic Container Service Developer Guide.
revision
Type: INT32
Provider name: revision
Description: The revision of the task in a particular family. The revision is a version number of a task definition in a family. When you register a task definition for the first time, the revision is 1
. Each time that you register a new revision of a task definition in the same family, the revision value always increases by one. This is even if you deregistered previous revisions in this family.
runtime_platform
Type: STRUCT
Provider name: runtimePlatform
Description: The operating system that your task definitions are running on. A platform family is specified only for tasks using the Fargate launch type. When you specify a task in a service, this value must match the runtimePlatform
value of the service.
cpu_architecture
STRING
cpuArchitecture
ARM64
. This option is available for tasks that run on Linux Amazon EC2 instance or Linux containers on Fargate.operating_system_family
STRING
operatingSystemFamily
status
Type: STRING
Provider name: status
Description: The status of the task definition.
tags
Type: UNORDERED_LIST_STRING
task_definition_arn
Type: STRING
Provider name: taskDefinitionArn
Description: The full Amazon Resource Name (ARN) of the task definition.
task_role_arn
Type: STRING
Provider name: taskRoleArn
Description: The short name or full Amazon Resource Name (ARN) of the Identity and Access Management role that grants containers in the task permission to call Amazon Web Services APIs on your behalf. For more information, see Amazon ECS Task Role in the Amazon Elastic Container Service Developer Guide. IAM roles for tasks on Windows require that the -EnableTaskIAMRole
option is set when you launch the Amazon ECS-optimized Windows AMI. Your containers must also run some configuration code to use the feature. For more information, see Windows IAM roles for tasks in the Amazon Elastic Container Service Developer Guide.
volumes
Type: UNORDERED_LIST_STRUCT
Provider name: volumes
Description: The list of data volume definitions for the task. For more information, see Using data volumes in tasks in the Amazon Elastic Container Service Developer Guide. host
and sourcePath
parameters aren’t supported for tasks run on Fargate.
configured_at_launch
BOOLEAN
configuredAtLaunch
volumeConfigurations
object when calling the CreateService
, UpdateService
, RunTask
or StartTask
APIs.docker_volume_configuration
STRUCT
dockerVolumeConfiguration
local
driver. To use bind mounts, specify the host
parameter instead. autoprovision
BOOLEAN
autoprovision
true
, the Docker volume is created if it doesn’t already exist. scope
is shared
.driver
STRING
driver
docker plugin ls
to retrieve the driver name from your container instance. If the driver was installed using another method, use Docker plugin discovery to retrieve the driver name. For more information, see Docker plugin discovery. This parameter maps to Driver
in the Create a volume section of the Docker Remote API and the xxdriver
option to docker volume create.driver_opts
MAP_STRING_STRING
driverOpts
DriverOpts
in the Create a volume section of the Docker Remote API and the xxopt
option to docker volume create.labels
MAP_STRING_STRING
labels
Labels
in the Create a volume section of the Docker Remote API and the xxlabel
option to docker volume create.scope
STRING
scope
task
are automatically provisioned when the task starts and destroyed when the task stops. Docker volumes that are scoped as shared
persist after the task stops.efs_volume_configuration
STRUCT
efsVolumeConfiguration
authorization_config
STRUCT
authorizationConfig
access_point_id
STRING
accessPointId
EFSVolumeConfiguration
must either be omitted or set to /
which will enforce the path set on the EFS access point. If an access point is used, transit encryption must be on in the EFSVolumeConfiguration
. For more information, see Working with Amazon EFS access points in the Amazon Elastic File System User Guide.iam
STRING
iam
EFSVolumeConfiguration
. If this parameter is omitted, the default value of DISABLED
is used. For more information, see Using Amazon EFS access points in the Amazon Elastic Container Service Developer Guide.file_system_id
STRING
fileSystemId
root_directory
STRING
rootDirectory
/
will have the same effect as omitting this parameter. authorizationConfig
, the root directory parameter must either be omitted or set to /
which will enforce the path set on the EFS access point.transit_encryption
STRING
transitEncryption
DISABLED
is used. For more information, see Encrypting data in transit in the Amazon Elastic File System User Guide.transit_encryption_port
INT32
transitEncryptionPort
fsx_windows_file_server_volume_configuration
STRUCT
fsxWindowsFileServerVolumeConfiguration
authorization_config
STRUCT
authorizationConfig
credentials_parameter
STRING
credentialsParameter
domain
STRING
domain
file_system_id
STRING
fileSystemId
root_directory
STRING
rootDirectory
host
STRUCT
host
host
parameter determine whether your bind mount host volume persists on the host container instance and where it’s stored. If the host
parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data isn’t guaranteed to persist after the containers that are associated with it stop running. Windows containers can mount whole directories on the same drive as $env:ProgramData
. Windows containers can’t mount directories on a different drive, and mount point can’t be across drives. For example, you can mount C:\my\path:C:\my\path
and D::D:</code>, but not D:\my\path:C:\my\path
or D::C:\my\path
.
source_path
Type: STRING
Provider name: sourcePath
Description: When the host
parameter is used, specify a sourcePath
to declare the path on the host container instance that’s presented to the container. If this parameter is empty, then the Docker daemon has assigned a host path for you. If the host
parameter contains a sourcePath
file location, then the data volume persists at the specified location on the host container instance until you delete it manually. If the sourcePath
value doesn’t exist on the host container instance, the Docker daemon creates it. If the location does exist, the contents of the source path folder are exported. If you’re using the Fargate launch type, the sourcePath
parameter is not supported.
name
STRING
name
name
is required and must also be specified as the volume name in the ServiceVolumeConfiguration
or TaskVolumeConfiguration
parameter when creating your service or standalone task. For all other types of volumes, this name is referenced in the sourceVolume
parameter of the mountPoints
object in the container definition. When a volume is using the efsVolumeConfiguration
, the name is required.