AWS::Batch::JobDefinition TaskContainerProperties
Container properties are used for Amazon ECS-based job definitions. These properties to describe the container that's launched as part of a job.
Syntax
To declare this entity in your Amazon CloudFormation template, use the following syntax:
JSON
{ "Command" :
[ String, ... ]
, "DependsOn" :[ TaskContainerDependency, ... ]
, "Environment" :[ Environment, ... ]
, "Essential" :Boolean
, "Image" :String
, "LinuxParameters" :LinuxParameters
, "LogConfiguration" :LogConfiguration
, "MountPoints" :[ MountPoints, ... ]
, "Name" :String
, "Privileged" :Boolean
, "ReadonlyRootFilesystem" :Boolean
, "RepositoryCredentials" :RepositoryCredentials
, "ResourceRequirements" :[ ResourceRequirement, ... ]
, "Secrets" :[ Secret, ... ]
, "Ulimits" :[ Ulimit, ... ]
, "User" :String
}
YAML
Command:
- String
DependsOn:- TaskContainerDependency
Environment:- Environment
Essential:Boolean
Image:String
LinuxParameters:LinuxParameters
LogConfiguration:LogConfiguration
MountPoints:- MountPoints
Name:String
Privileged:Boolean
ReadonlyRootFilesystem:Boolean
RepositoryCredentials:RepositoryCredentials
ResourceRequirements:- ResourceRequirement
Secrets:- Secret
Ulimits:- Ulimit
User:String
Properties
Command
-
The command that's passed to the container. This parameter maps to
Cmd
in the Create a containersection of the Docker Remote API and the COMMAND
parameter to docker run. For more information, see Dockerfile reference: CMD . Required: No
Type: Array of String
Update requires: No interruption
DependsOn
-
A list of containers that this container depends on.
Required: No
Type: Array of TaskContainerDependency
Update requires: No interruption
Environment
-
The environment variables to pass to a container. This parameter maps to Env inthe Create a container
section of the Docker Remote API and the --env
parameter to docker run. Important
We don't recommend using plaintext environment variables for sensitive information, such as credential data.
Note
Environment variables cannot start with
AWS_BATCH
. This naming convention is reserved for variables that Amazon Batch sets.Required: No
Type: Array of Environment
Update requires: No interruption
Essential
-
If the essential parameter of a container is marked as
true
, and that container fails or stops for any reason, all other containers that are part of the task are stopped. If theessential
parameter of a container is marked as false, its failure doesn't affect the rest of the containers in a task. If this parameter is omitted, a container is assumed to be essential.All jobs must have at least one essential container. If you have an application that's composed of multiple containers, group containers that are used for a common purpose into components, and separate the different components into multiple task definitions. For more information, see Application Architecture in the Amazon Elastic Container Service Developer Guide.
Required: No
Type: Boolean
Update requires: No interruption
Image
-
The image used to start a container. This string is passed directly to the Docker daemon. By default, images in the Docker Hub registry are available. Other repositories are specified with either
repository-url/image:tag
orrepository-url/image@digest
. Up to 255 letters (uppercase and lowercase), numbers, hyphens, underscores, colons, periods, forward slashes, and number signs are allowed. This parameter maps toImage
in the Create a containersection of the Docker Remote API and the IMAGE
parameter of the docker run. Required: Yes
Type: String
Update requires: No interruption
LinuxParameters
-
Linux-specific modifications that are applied to the container, such as Linux kernel capabilities. For more information, see KernelCapabilities.
Required: No
Type: LinuxParameters
Update requires: No interruption
LogConfiguration
-
The log configuration specification for the container.
This parameter maps to
LogConfig
in the Create a containersection of the Docker Remote API and the --log-driver
option to docker run. By default, containers use the same logging driver that the Docker daemon uses. However the container can use a different logging driver than the Docker daemon by specifying a log driver with this parameter in the container definition. To use a different logging driver for a container, the log system must be configured properly on the container instance (or on a different log server for remote logging options). For more information about the options for different supported log drivers, see Configure logging drivers
in the Docker documentation. Note
Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon (shown in the
LogConfiguration
data type). Additional log drivers may be available in future releases of the Amazon ECS container agent.This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version
--format '{{.Server.APIVersion}}'
Note
The Amazon ECS container agent running on a container instance must register the logging drivers available on that instance with the
ECS_AVAILABLE_LOGGING_DRIVERS
environment variable before containers placed on that instance can use these log configuration options. For more information, see Amazon ECS container agent configuration in the Amazon Elastic Container Service Developer Guide.Required: No
Type: LogConfiguration
Update requires: No interruption
MountPoints
-
The mount points for data volumes in your container.
This parameter maps to
Volumes
in the Create a containersection of the Docker Remote API and the --volume option to docker run . Windows containers can mount whole directories on the same drive as
$env:ProgramData
. Windows containers can't mount directories on a different drive, and mount point can't be across drives.Required: No
Type: Array of MountPoints
Update requires: No interruption
Name
-
The name of a container. The name can be used as a unique identifier to target your
dependsOn
andOverrides
objects.Required: No
Type: String
Update requires: No interruption
Privileged
-
When this parameter is
true
, the container is given elevated privileges on the host container instance (similar to theroot
user). This parameter maps toPrivileged
in the Create a containersection of the Docker Remote API and the --privileged
option to docker run. Note
This parameter is not supported for Windows containers or tasks run on Fargate.
Required: No
Type: Boolean
Update requires: No interruption
ReadonlyRootFilesystem
-
When this parameter is true, the container is given read-only access to its root file system. This parameter maps to
ReadonlyRootfs
in the Create a containersection of the Docker Remote API and the --read-only
option to docker run. Note
This parameter is not supported for Windows containers.
Required: No
Type: Boolean
Update requires: No interruption
RepositoryCredentials
-
The private repository authentication credentials to use.
Required: No
Type: RepositoryCredentials
Update requires: No interruption
ResourceRequirements
-
The type and amount of a resource to assign to a container. The only supported resource is a GPU.
Required: No
Type: Array of ResourceRequirement
Update requires: No interruption
Secrets
-
The secrets to pass to the container. For more information, see Specifying Sensitive Data in the Amazon Elastic Container Service Developer Guide.
Required: No
Type: Array of Secret
Update requires: No interruption
Ulimits
-
A list of
ulimits
to set in the container. If aulimit
value is specified in a task definition, it overrides the default values set by Docker. This parameter maps toUlimits
in the Create a containersection of the Docker Remote API and the --ulimit
option to docker run. Amazon ECS tasks hosted on Fargate use the default resource limit values set by the operating system with the exception of the nofile resource limit parameter which Fargate overrides. The
nofile
resource limit sets a restriction on the number of open files that a container can use. The defaultnofile
soft limit is1024
and the default hard limit is65535
.This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version
--format '{{.Server.APIVersion}}'
Note
This parameter is not supported for Windows containers.
Required: No
Type: Array of Ulimit
Update requires: No interruption
User
-
The user to use inside the container. This parameter maps to User in the Create a container section of the Docker Remote API and the --user option to docker run.
Note
When running tasks using the
host
network mode, don't run containers using theroot user (UID 0)
. We recommend using a non-root user for better security.You can specify the
user
using the following formats. If specifying a UID or GID, you must specify it as a positive integer.-
user
-
user:group
-
uid
-
uid:gid
-
user:gi
-
uid:group
Note
This parameter is not supported for Windows containers.
Required: No
Type: String
Update requires: No interruption
-