Data Source schema for AWS::ECS::TaskDefinition
id
(String) Uniquely identifies the resource.container_definitions
(Attributes Set) A list of container definitions in JSON format that describe the different containers that make up your task. For more information about container definition parameters and defaults, see Amazon ECS Task Definitions in the Amazon Elastic Container Service Developer Guide. (see below for nested schema)cpu
(String) The number of cpu
units used by the task. If you use the EC2 launch type, this field is optional. Any value can be used. If you use the Fargate launch type, this field is required. You must use one of the following values. The value that you choose determines your range of valid values for the memory
parameter.
The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate.
memory
values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB)memory
values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB)memory
values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB)memory
values: 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB)memory
values: 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB)memory
values: 16 GB and 60 GB in 4 GB increments
This option requires Linux platform 1.4.0
or later.memory
values: 32GB and 120 GB in 8 GB increments
This option requires Linux platform 1.4.0
or later.ephemeral_storage
(Attributes) The ephemeral storage settings to use for tasks run with the task definition. (see below for nested schema)execution_role_arn
(String) The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf. The task execution IAM role is required depending on the requirements of your task. For more information, see Amazon ECS task execution IAM role in the Amazon Elastic Container Service Developer Guide.family
(String) The name of a family that this task definition is registered to. Up to 255 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed.
A family groups multiple versions of a task definition. Amazon ECS gives the first task definition that you registered to a family a revision number of 1. Amazon ECS gives sequential revision numbers to each task definition that you add.
To use revision numbers when you update a task definition, specify this property. If you don't specify a value, CFNlong generates a new task definition each time that you update it.inference_accelerators
(Attributes Set) The Elastic Inference accelerators to use for the containers in the task. (see below for nested schema)ipc_mode
(String) The IPC resource namespace to use for the containers in the task. The valid values are host
, task
, or none
. If host
is specified, then all containers within the tasks that specified the host
IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If task
is specified, all containers within the specified task share the same IPC resources. If none
is specified, then IPC resources within the containers of a task are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance. For more information, see IPC settings in the Docker run reference.
If the host
IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose. For more information, see Docker security.
If you are setting namespaced kernel parameters using systemControls
for the containers in the task, the following will apply to your IPC resource namespace. For more information, see System Controls in the Amazon Elastic Container Service Developer Guide.
host
IPC mode, IPC namespace related systemControls
are not supported.task
IPC mode, IPC namespace related systemControls
will apply to all containers within a task.This parameter is not supported for Windows containers or tasks run on FARGATElong.
memory
(String) The amount (in MiB) of memory used by the task.
If your tasks runs on Amazon EC2 instances, you must specify either a task-level memory value or a container-level memory value. This field is optional and any value can be used. If a task-level memory value is specified, the container-level memory value is optional. For more information regarding container-level memory and memory reservation, see ContainerDefinition.
If your tasks runs on FARGATElong, this field is required. You must use one of the following values. The value you choose determines your range of valid values for the cpu
parameter.
md5-45f2f15e05ff36199db8693eafd081a7
container_definitions
On Windows container instances, the CPU limit is enforced as an absolute limit, or a quota. Windows containers only have access to the specified amount of CPU that's described in the task definition. A null or zero CPU value is passed to Docker as 0
, which Windows interprets as 1% of one CPU.
credential_specs
(List of String) A list of ARNs in SSM or Amazon S3 to a credential spec (CredSpec
) file that configures the container for Active Directory authentication. We recommend that you use this parameter instead of the dockerSecurityOptions
. The maximum number of ARNs is 1.
There are two formats for each ARN.
md5-9d642cc9bd74b21622da4de551f933a0
If the task definition is used in a blue/green deployment that uses AWS::CodeDeploy::DeploymentGroup BlueGreenDeploymentConfiguration, the dependsOn
parameter is not supported. For more information see Issue #680 on the on the GitHub website. (see below for nested schema)
disable_networking
(Boolean) When this parameter is true, networking is off within the container. This parameter maps to NetworkDisabled
in the Create a container section of the Docker Remote API.
This parameter is not supported for Windows containers.dns_search_domains
(List of String) A list of DNS search domains that are presented to the container. This parameter maps to DnsSearch
in the Create a container section of the Docker Remote API and the --dns-search
option to docker run.
This parameter is not supported for Windows containers.dns_servers
(List of String) A list of DNS servers that are presented to the container. This parameter maps to Dns
in the Create a container section of the Docker Remote API and the --dns
option to docker run.
This parameter is not supported for Windows containers.docker_labels
(Map of String) A key/value map of labels to add to the container. This parameter maps to Labels
in the Create a container section of the Docker Remote API and the --label
option to docker run. This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'
docker_security_options
(List of String) A list of strings to provide custom configuration for multiple security systems. For more information about valid values, see Docker Run Security Configuration. This field isn't valid for containers in tasks using the Fargate launch type.
For Linux tasks on EC2, this parameter can be used to reference custom labels for SELinux and AppArmor multi-level security systems.
For any tasks on EC2, this parameter can be used to reference a credential spec file that configures a container for Active Directory authentication. For more information, see Using gMSAs for Windows Containers and Using gMSAs for Linux Containers in the Amazon Elastic Container Service Developer Guide.
This parameter maps to SecurityOpt
in the Create a container section of the Docker Remote API and the --security-opt
option to docker run.
The Amazon ECS container agent running on a container instance must register with the ECS_SELINUX_CAPABLE=true
or ECS_APPARMOR_CAPABLE=true
environment variables before containers placed on that instance can use these security options. For more information, see Amazon ECS Container Agent Configuration in the Amazon Elastic Container Service Developer Guide.
For more information about valid values, see Docker Run Security Configuration.
Valid values: "no-new-privileges" | "apparmor:PROFILE" | "label:value" | "credentialspec:CredentialSpecFilePath"entry_point
(List of String) Early versions of the Amazon ECS container agent don't properly handle entryPoint
parameters. If you have problems using entryPoint
, update your container agent or enter your commands and arguments as command
array items instead.
The entry point that's passed to the container. This parameter maps to Entrypoint
in the Create a container section of the Docker Remote API and the --entrypoint
option to docker run. For more information, see https://docs.docker.com/engine/reference/builder/#entrypoint.environment
(Attributes Set) The environment variables to pass to a container. This parameter maps to Env
in the Create a container section of the Docker Remote API and the --env
option to docker run.
We don't recommend that you use plaintext environment variables for sensitive information, such as credential data. (see below for nested schema)environment_files
(Attributes List) A list of files containing the environment variables to pass to a container. This parameter maps to the --env-file
option to docker run.
You can specify up to ten environment files. The file must have a .env
file extension. Each line in an environment file contains an environment variable in VARIABLE=VALUE
format. Lines beginning with #
are treated as comments and are ignored. For more information about the environment variable file syntax, see Declare default environment variables in file.
If there are environment variables specified using the environment
parameter in a container definition, they take precedence over the variables contained within an environment file. If multiple environment files are specified that contain the same variable, they're processed from the top down. We recommend that you use unique variable names. For more information, see Specifying Environment Variables in the Amazon Elastic Container Service Developer Guide. (see below for nested schema)essential
(Boolean) If the essential
parameter of a container is marked as true
, and that container fails or stops for any reason, all other containers that are part of the task are stopped. If the essential
parameter of a container is marked as false
, its failure doesn't affect the rest of the containers in a task. If this parameter is omitted, a container is assumed to be essential.
All tasks must have at least one essential container. If you have an application that's composed of multiple containers, group containers that are used for a common purpose into components, and separate the different components into multiple task definitions. For more information, see Application Architecture in the Amazon Elastic Container Service Developer Guide.extra_hosts
(Attributes List) A list of hostnames and IP address mappings to append to the /etc/hosts
file on the container. This parameter maps to ExtraHosts
in the Create a container section of the Docker Remote API and the --add-host
option to docker run.
This parameter isn't supported for Windows containers or tasks that use the awsvpc
network mode. (see below for nested schema)firelens_configuration
(Attributes) The FireLens configuration for the container. This is used to specify and configure a log router for container logs. For more information, see Custom Log Routing in the Amazon Elastic Container Service Developer Guide. (see below for nested schema)health_check
(Attributes) The container health check command and associated configuration parameters for the container. This parameter maps to HealthCheck
in the Create a container section of the Docker Remote API and the HEALTHCHECK
parameter of docker run. (see below for nested schema)hostname
(String) The hostname to use for your container. This parameter maps to Hostname
in the Create a container section of the Docker Remote API and the --hostname
option to docker run.
The hostname
parameter is not supported if you're using the awsvpc
network mode.image
(String) The image used to start a container. This string is passed directly to the Docker daemon. By default, images in the Docker Hub registry are available. Other repositories are specified with either repository-url/image:tag
or repository-url/image@digest
. Up to 255 letters (uppercase and lowercase), numbers, hyphens, underscores, colons, periods, forward slashes, and number signs are allowed. This parameter maps to Image
in the Create a container section of the Docker Remote API and the IMAGE
parameter of docker run.
md5-0094a270ac62eaf87cdbaee41d631af8
For tasks using the EC2 launch type, your container instances require at least version 1.26.0
of the container agent to use a container start timeout value. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see Updating the Amazon ECS Container Agent in the Amazon Elastic Container Service Developer Guide. If you're using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1
of the ecs-init
package. If your container instances are launched from version 20190301
or later, then they contain the required versions of the container agent and ecs-init
. For more information, see Amazon ECS-optimized Linux AMI in the Amazon Elastic Container Service Developer Guide.
The valid values are 2-120 seconds.
stop_timeout
(Number) Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own.
For tasks using the Fargate launch type, the task or service requires the following platforms:
1.3.0
or later.1.0.0
or later.The max stop timeout value is 120 seconds and if the parameter is not specified, the default value of 30 seconds is used.
For tasks that use the EC2 launch type, if the stopTimeout
parameter isn't specified, the value set for the Amazon ECS container agent configuration variable ECS_CONTAINER_STOP_TIMEOUT
is used. If neither the stopTimeout
parameter or the ECS_CONTAINER_STOP_TIMEOUT
agent configuration variable are set, then the default values of 30 seconds for Linux containers and 30 seconds on Windows containers are used. Your container instances require at least version 1.26.0 of the container agent to use a container stop timeout value. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see Updating the Amazon ECS Container Agent in the Amazon Elastic Container Service Developer Guide. If you're using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the ecs-init
package. If your container instances are launched from version 20190301
or later, then they contain the required versions of the container agent and ecs-init
. For more information, see Amazon ECS-optimized Linux AMI in the Amazon Elastic Container Service Developer Guide.
The valid values are 2-120 seconds.
system_controls
(Attributes List) A list of namespaced kernel parameters to set in the container. This parameter maps to Sysctls
in the Create a container section of the Docker Remote API and the --sysctl
option to docker run. For example, you can configure net.ipv4.tcp_keepalive_time
setting to maintain longer lived connections. (see below for nested schema)ulimits
(Attributes List) A list of ulimits
to set in the container. This parameter maps to Ulimits
in the Create a container section of the Docker Remote API and the --ulimit
option to docker run. Valid naming values are displayed in the Ulimit data type. This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'
This parameter is not supported for Windows containers. (see below for nested schema)user
(String) The user to use inside the container. This parameter maps to User
in the Create a container section of the Docker Remote API and the --user
option to docker run.
When running tasks using the host
network mode, don't run containers using the root user (UID 0). We recommend using a non-root user for better security.
You can specify the user
using the following formats. If specifying a UID or GID, you must specify it as a positive integer.
user
user:group
uid
uid:gid
user:gid
uid:group
This parameter is not supported for Windows containers.
volumes_from
(Attributes Set) Data volumes to mount from another container. This parameter maps to VolumesFrom
in the Create a container section of the Docker Remote API and the --volumes-from
option to docker run. (see below for nested schema)working_directory
(String) The working directory to run commands inside the container in. This parameter maps to WorkingDir
in the Create a container section of the Docker Remote API and the --workdir
option to docker run.container_definitions.depends_on
container_definitions.environment
container_definitions.environment_files
container_definitions.extra_hosts
container_definitions.firelens_configuration
container_definitions.health_check
container_definitions.linux_parameters
container_definitions.linux_parameters.capabilities
container_definitions.linux_parameters.devices
container_definitions.linux_parameters.tmpfs
container_definitions.log_configuration
container_definitions.log_configuration.secret_options
container_definitions.mount_points
container_definitions.port_mappings
You can call DescribeTasks to view the hostPortRange
which are the host ports that are bound to the container ports.
host_port
(Number) The port number on the container instance to reserve for your container.
If you specify a containerPortRange
, leave this field empty and the value of the hostPort
is set as follows:
awsvpc
network mode, the hostPort
is set to the same value as the containerPort
. This is a static mapping strategy.bridge
network mode, the Amazon ECS agent finds open ports on the host and automatically binds them to the container ports. This is a dynamic mapping strategy.If you use containers in a task with the awsvpc
or host
network mode, the hostPort
can either be left blank or set to the same value as the containerPort
.
If you use containers in a task with the bridge
network mode, you can specify a non-reserved host port for your container port mapping, or you can omit the hostPort
(or set it to 0
) while specifying a containerPort
and your container automatically receives a port in the ephemeral port range for your container instance operating system and Docker version.
The default ephemeral port range for Docker version 1.6.0 and later is listed on the instance under /proc/sys/net/ipv4/ip_local_port_range
. If this kernel parameter is unavailable, the default ephemeral port range from 49153 through 65535 (Linux) or 49152 through 65535 (Windows) is used. Do not attempt to specify a host port in the ephemeral port range as these are reserved for automatic assignment. In general, ports below 32768 are outside of the ephemeral port range.
The default reserved ports are 22 for SSH, the Docker ports 2375 and 2376, and the Amazon ECS container agent ports 51678-51680. Any host port that was previously specified in a running task is also reserved while the task is running. That is, after a task stops, the host port is released. The current reserved ports are displayed in the remainingResources
of DescribeContainerInstances output. A container instance can have up to 100 reserved ports at a time. This number includes the default reserved ports. Automatically assigned ports aren't included in the 100 reserved ports quota.
name
(String) The name that's used for the port mapping. This parameter only applies to Service Connect. This parameter is the name that you use in the serviceConnectConfiguration
of a service. The name can include up to 64 characters. The characters can include lowercase letters, numbers, underscores (_), and hyphens (-). The name can't start with a hyphen.
For more information, see Service Connect in the Amazon Elastic Container Service Developer Guide.protocol
(String) The protocol used for the port mapping. Valid values are tcp
and udp
. The default is tcp
. protocol
is immutable in a Service Connect service. Updating this field requires a service deletion and redeployment.container_definitions.repository_credentials
Read-Only:
credentials_parameter
(String) The Amazon Resource Name (ARN) of the secret containing the private repository credentials.
When you use the Amazon ECS API, CLI, or AWS SDK, if the secret exists in the same Region as the task that you're launching then you can use either the full ARN or the name of the secret. When you use the AWS Management Console, you must specify the full ARN of the secret.container_definitions.resource_requirements
Read-Only:
type
(String) The type of resource to assign to a container. The supported values are GPU
or InferenceAccelerator
.value
(String) The value for the specified resource type.
If the GPU
type is used, the value is the number of physical GPUs
the Amazon ECS container agent reserves for the container. The number of GPUs that's reserved for all containers in a task can't exceed the number of available GPUs on the container instance that the task is launched on.
If the InferenceAccelerator
type is used, the value
matches the deviceName
for an InferenceAccelerator specified in a task definition.container_definitions.secrets
Read-Only:
name
(String) The name of the secret.value_from
(String) The secret to expose to the container. The supported values are either the full ARN of the ASMlong secret or the full ARN of the parameter in the SSM Parameter Store.
For information about the require IAMlong permissions, see Required IAM permissions for Amazon ECS secrets (for Secrets Manager) or Required IAM permissions for Amazon ECS secrets (for Systems Manager Parameter store) in the Amazon Elastic Container Service Developer Guide.
If the SSM Parameter Store parameter exists in the same Region as the task you're launching, then you can use either the full ARN or name of the parameter. If the parameter exists in a different Region, then the full ARN must be specified.container_definitions.system_controls
Read-Only:
namespace
(String) The namespaced kernel parameter to set a value
for.value
(String) The namespaced kernel parameter to set a value
for.
Valid IPC namespace values: "kernel.msgmax" | "kernel.msgmnb" | "kernel.msgmni" | "kernel.sem" | "kernel.shmall" | "kernel.shmmax" | "kernel.shmmni" | "kernel.shm_rmid_forced"
, and Sysctls
that start with "fs.mqueue.*"
Valid network namespace values: Sysctls
that start with "net.*"
All of these values are supported by Fargate.container_definitions.ulimits
Read-Only:
hard_limit
(Number) The hard limit for the ulimit
type.name
(String) The type
of the ulimit
.soft_limit
(Number) The soft limit for the ulimit
type.container_definitions.volumes_from
Read-Only:
read_only
(Boolean) If this value is true
, the container has read-only access to the volume. If this value is false
, then the container can write to the volume. The default value is false
.source_container
(String) The name of another container within the same task definition to mount volumes from.ephemeral_storage
Read-Only:
size_in_gi_b
(Number) The total amount, in GiB, of ephemeral storage to set for the task. The minimum supported value is 20
GiB and the maximum supported value is 200
GiB.inference_accelerators
Read-Only:
device_name
(String) The Elastic Inference accelerator device name. The deviceName
must also be referenced in a container definition as a ResourceRequirement.device_type
(String) The Elastic Inference accelerator type to use.placement_constraints
Read-Only:
expression
(String) A cluster query language expression to apply to the constraint. For more information, see Cluster query language in the Amazon Elastic Container Service Developer Guide.type
(String) The type of constraint. The MemberOf
constraint restricts selection to be from a group of valid candidates.proxy_configuration
Read-Only:
container_name
(String) The name of the container that will serve as the App Mesh proxy.proxy_configuration_properties
(Attributes Set) The set of network configuration parameters to provide the Container Network Interface (CNI) plugin, specified as key-value pairs.
IgnoredUID
- (Required) The user ID (UID) of the proxy container as defined by the user
parameter in a container definition. This is used to ensure the proxy ignores its own traffic. If IgnoredGID
is specified, this field can be empty.IgnoredGID
- (Required) The group ID (GID) of the proxy container as defined by the user
parameter in a container definition. This is used to ensure the proxy ignores its own traffic. If IgnoredUID
is specified, this field can be empty.AppPorts
- (Required) The list of ports that the application uses. Network traffic to these ports is forwarded to the ProxyIngressPort
and ProxyEgressPort
.ProxyIngressPort
- (Required) Specifies the port that incoming traffic to the AppPorts
is directed to.ProxyEgressPort
- (Required) Specifies the port that outgoing traffic from the AppPorts
is directed to.EgressIgnoredPorts
- (Required) The egress traffic going to the specified ports is ignored and not redirected to the ProxyEgressPort
. It can be an empty list.EgressIgnoredIPs
- (Required) The egress traffic going to the specified IP addresses is ignored and not redirected to the ProxyEgressPort
. It can be an empty list. (see below for nested schema)type
(String) The proxy type. The only supported value is APPMESH
.proxy_configuration.proxy_configuration_properties
Read-Only:
name
(String) The name of the key-value pair. For environment variables, this is the name of the environment variable.value
(String) The value of the key-value pair. For environment variables, this is the value of the environment variable.runtime_platform
Read-Only:
cpu_architecture
(String) The CPU architecture.
You can run your Linux tasks on an ARM-based platform by setting the value to ARM64
. This option is available for tasks that run on Linux Amazon EC2 instance or Linux containers on Fargate.operating_system_family
(String) The operating system.tags
Read-Only:
key
(String) One part of a key-value pair that make up a tag. A key
is a general label that acts like a category for more specific tag values.value
(String) The optional part of a key-value pair that make up a tag. A value
acts as a descriptor within a tag category (key).volumes
Read-Only:
configured_at_launch
(Boolean) Indicates whether the volume should be configured at launch time. This is used to create Amazon EBS volumes for standalone tasks or tasks created as part of a service. Each task definition revision may only have one volume configured at launch in the volume configuration.
To configure a volume at launch time, use this task definition revision and specify a volumeConfigurations
object when calling the CreateService
, UpdateService
, RunTask
or StartTask
APIs.docker_volume_configuration
(Attributes) This parameter is specified when you use Docker volumes.
Windows containers only support the use of the local
driver. To use bind mounts, specify the host
parameter instead.
Docker volumes aren't supported by tasks run on FARGATElong. (see below for nested schema)efs_volume_configuration
(Attributes) This parameter is specified when you use an Amazon Elastic File System file system for task storage. (see below for nested schema)fsx_windows_file_server_volume_configuration
(Attributes) This parameter is specified when you use Amazon FSx for Windows File Server file system for task storage. (see below for nested schema)host
(Attributes) This parameter is specified when you use bind mount host volumes. The contents of the host
parameter determine whether your bind mount host volume persists on the host container instance and where it's stored. If the host
parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data isn't guaranteed to persist after the containers that are associated with it stop running.
Windows containers can mount whole directories on the same drive as $env:ProgramData
. Windows containers can't mount directories on a different drive, and mount point can't be across drives. For example, you can mount C:\my\path:C:\my\path
and D:\:D:\
, but not D:\my\path:C:\my\path
or D:\:C:\my\path
. (see below for nested schema)name
(String) The name of the volume. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed.
When using a volume configured at launch, the name
is required and must also be specified as the volume name in the ServiceVolumeConfiguration
or TaskVolumeConfiguration
parameter when creating your service or standalone task.
For all other types of volumes, this name is referenced in the sourceVolume
parameter of the mountPoints
object in the container definition.
When a volume is using the efsVolumeConfiguration
, the name is required.volumes.docker_volume_configuration
Read-Only:
autoprovision
(Boolean) If this value is true
, the Docker volume is created if it doesn't already exist.
This field is only used if the scope
is shared
.driver
(String) The Docker volume driver to use. The driver value must match the driver name provided by Docker because it is used for task placement. If the driver was installed using the Docker plugin CLI, use docker plugin ls
to retrieve the driver name from your container instance. If the driver was installed using another method, use Docker plugin discovery to retrieve the driver name. For more information, see Docker plugin discovery. This parameter maps to Driver
in the Create a volume section of the Docker Remote API and the xxdriver
option to docker volume create.driver_opts
(Map of String) A map of Docker driver-specific options passed through. This parameter maps to DriverOpts
in the Create a volume section of the Docker Remote API and the xxopt
option to docker volume create.labels
(Map of String) Custom metadata to add to your Docker volume. This parameter maps to Labels
in the Create a volume section of the Docker Remote API and the xxlabel
option to docker volume create.scope
(String) The scope for the Docker volume that determines its lifecycle. Docker volumes that are scoped to a task
are automatically provisioned when the task starts and destroyed when the task stops. Docker volumes that are scoped as shared
persist after the task stops.volumes.efs_volume_configuration
Read-Only:
authorization_config
(Attributes) The authorization configuration details for the Amazon EFS file system. (see below for nested schema)filesystem_id
(String) The Amazon EFS file system ID to use.root_directory
(String) The directory within the Amazon EFS file system to mount as the root directory inside the host. If this parameter is omitted, the root of the Amazon EFS volume will be used. Specifying /
will have the same effect as omitting this parameter.
If an EFS access point is specified in the authorizationConfig
, the root directory parameter must either be omitted or set to /
which will enforce the path set on the EFS access point.transit_encryption
(String) Determines whether to use encryption for Amazon EFS data in transit between the Amazon ECS host and the Amazon EFS server. Transit encryption must be turned on if Amazon EFS IAM authorization is used. If this parameter is omitted, the default value of DISABLED
is used. For more information, see Encrypting data in transit in the Amazon Elastic File System User Guide.transit_encryption_port
(Number) The port to use when sending encrypted data between the Amazon ECS host and the Amazon EFS server. If you do not specify a transit encryption port, it will use the port selection strategy that the Amazon EFS mount helper uses. For more information, see EFS mount helper in the Amazon Elastic File System User Guide.volumes.efs_volume_configuration.authorization_config
Read-Only:
access_point_id
(String) The Amazon EFS access point ID to use. If an access point is specified, the root directory value specified in the EFSVolumeConfiguration
must either be omitted or set to /
which will enforce the path set on the EFS access point. If an access point is used, transit encryption must be on in the EFSVolumeConfiguration
. For more information, see Working with Amazon EFS access points in the Amazon Elastic File System User Guide.iam
(String) Determines whether to use the Amazon ECS task role defined in a task definition when mounting the Amazon EFS file system. If it is turned on, transit encryption must be turned on in the EFSVolumeConfiguration
. If this parameter is omitted, the default value of DISABLED
is used. For more information, see Using Amazon EFS access points in the Amazon Elastic Container Service Developer Guide.volumes.fsx_windows_file_server_volume_configuration
Read-Only:
authorization_config
(Attributes) The authorization configuration details for the Amazon FSx for Windows File Server file system. (see below for nested schema)file_system_id
(String) The Amazon FSx for Windows File Server file system ID to use.root_directory
(String) The directory within the Amazon FSx for Windows File Server file system to mount as the root directory inside the host.volumes.fsx_windows_file_server_volume_configuration.authorization_config
Read-Only:
credentials_parameter
(String)domain
(String)volumes.host
Read-Only:
source_path
(String) When the host
parameter is used, specify a sourcePath
to declare the path on the host container instance that's presented to the container. If this parameter is empty, then the Docker daemon has assigned a host path for you. If the host
parameter contains a sourcePath
file location, then the data volume persists at the specified location on the host container instance until you delete it manually. If the sourcePath
value doesn't exist on the host container instance, the Docker daemon creates it. If the location does exist, the contents of the source path folder are exported.
If you're using the Fargate launch type, the sourcePath
parameter is not supported.