AWS::Batch::JobDefinition TaskContainerProperties - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::Batch::JobDefinition TaskContainerProperties

Container properties are used for Amazon ECS-based job definitions. These properties to describe the container that's launched as part of a job.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{ "Command" : [ String, ... ], "DependsOn" : [ TaskContainerDependency, ... ], "Environment" : [ Environment, ... ], "Essential" : Boolean, "Image" : String, "LinuxParameters" : LinuxParameters, "LogConfiguration" : LogConfiguration, "MountPoints" : [ MountPoints, ... ], "Name" : String, "Privileged" : Boolean, "ReadonlyRootFilesystem" : Boolean, "RepositoryCredentials" : RepositoryCredentials, "ResourceRequirements" : [ ResourceRequirement, ... ], "Secrets" : [ Secret, ... ], "Ulimits" : [ Ulimit, ... ], "User" : String }

Properties

Command

The command that's passed to the container. This parameter maps to Cmd in the Create a container section of the Docker Remote API and the COMMAND parameter to docker run. For more information, see Dockerfile reference: CMD.

Required: No

Type: Array of String

Update requires: No interruption

DependsOn

A list of containers that this container depends on.

Required: No

Type: Array of TaskContainerDependency

Update requires: No interruption

Environment

The environment variables to pass to a container. This parameter maps to Env inthe Create a container section of the Docker Remote API and the --env parameter to docker run.

Important

We don't recommend using plaintext environment variables for sensitive information, such as credential data.

Note

Environment variables cannot start with AWS_BATCH. This naming convention is reserved for variables that Amazon Batch sets.

Required: No

Type: Array of Environment

Update requires: No interruption

Essential

If the essential parameter of a container is marked as true, and that container fails or stops for any reason, all other containers that are part of the task are stopped. If the essential parameter of a container is marked as false, its failure doesn't affect the rest of the containers in a task. If this parameter is omitted, a container is assumed to be essential.

All jobs must have at least one essential container. If you have an application that's composed of multiple containers, group containers that are used for a common purpose into components, and separate the different components into multiple task definitions. For more information, see Application Architecture in the Amazon Elastic Container Service Developer Guide.

Required: No

Type: Boolean

Update requires: No interruption

Image

The image used to start a container. This string is passed directly to the Docker daemon. By default, images in the Docker Hub registry are available. Other repositories are specified with either repository-url/image:tag or repository-url/image@digest. Up to 255 letters (uppercase and lowercase), numbers, hyphens, underscores, colons, periods, forward slashes, and number signs are allowed. This parameter maps to Image in the Create a container section of the Docker Remote API and the IMAGE parameter of the docker run.

Required: Yes

Type: String

Update requires: No interruption

LinuxParameters

Linux-specific modifications that are applied to the container, such as Linux kernel capabilities. For more information, see KernelCapabilities.

Required: No

Type: LinuxParameters

Update requires: No interruption

LogConfiguration

The log configuration specification for the container.

This parameter maps to LogConfig in the Create a container section of the Docker Remote API and the --log-driver option to docker run.

By default, containers use the same logging driver that the Docker daemon uses. However the container can use a different logging driver than the Docker daemon by specifying a log driver with this parameter in the container definition. To use a different logging driver for a container, the log system must be configured properly on the container instance (or on a different log server for remote logging options). For more information about the options for different supported log drivers, see Configure logging drivers in the Docker documentation.

Note

Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon (shown in the LogConfiguration data type). Additional log drivers may be available in future releases of the Amazon ECS container agent.

This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'

Note

The Amazon ECS container agent running on a container instance must register the logging drivers available on that instance with the ECS_AVAILABLE_LOGGING_DRIVERS environment variable before containers placed on that instance can use these log configuration options. For more information, see Amazon ECS container agent configuration in the Amazon Elastic Container Service Developer Guide.

Required: No

Type: LogConfiguration

Update requires: No interruption

MountPoints

The mount points for data volumes in your container.

This parameter maps to Volumes in the Create a container section of the Docker Remote API and the --volume option to docker run.

Windows containers can mount whole directories on the same drive as $env:ProgramData. Windows containers can't mount directories on a different drive, and mount point can't be across drives.

Required: No

Type: Array of MountPoints

Update requires: No interruption

Name

The name of a container. The name can be used as a unique identifier to target your dependsOn and Overrides objects.

Required: No

Type: String

Update requires: No interruption

Privileged

When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user). This parameter maps to Privileged in the Create a container section of the Docker Remote API and the --privileged option to docker run.

Note

This parameter is not supported for Windows containers or tasks run on Fargate.

Required: No

Type: Boolean

Update requires: No interruption

ReadonlyRootFilesystem

When this parameter is true, the container is given read-only access to its root file system. This parameter maps to ReadonlyRootfs in the Create a container section of the Docker Remote API and the --read-only option to docker run.

Note

This parameter is not supported for Windows containers.

Required: No

Type: Boolean

Update requires: No interruption

RepositoryCredentials

The private repository authentication credentials to use.

Required: No

Type: RepositoryCredentials

Update requires: No interruption

ResourceRequirements

The type and amount of a resource to assign to a container. The only supported resource is a GPU.

Required: No

Type: Array of ResourceRequirement

Update requires: No interruption

Secrets

The secrets to pass to the container. For more information, see Specifying Sensitive Data in the Amazon Elastic Container Service Developer Guide.

Required: No

Type: Array of Secret

Update requires: No interruption

Ulimits

A list of ulimits to set in the container. If a ulimit value is specified in a task definition, it overrides the default values set by Docker. This parameter maps to Ulimits in the Create a container section of the Docker Remote API and the --ulimit option to docker run.

Amazon ECS tasks hosted on Fargate use the default resource limit values set by the operating system with the exception of the nofile resource limit parameter which Fargate overrides. The nofile resource limit sets a restriction on the number of open files that a container can use. The default nofile soft limit is 1024 and the default hard limit is 65535.

This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'

Note

This parameter is not supported for Windows containers.

Required: No

Type: Array of Ulimit

Update requires: No interruption

User

The user to use inside the container. This parameter maps to User in the Create a container section of the Docker Remote API and the --user option to docker run.

Note

When running tasks using the host network mode, don't run containers using the root user (UID 0). We recommend using a non-root user for better security.

You can specify the user using the following formats. If specifying a UID or GID, you must specify it as a positive integer.

  • user

  • user:group

  • uid

  • uid:gid

  • user:gi

  • uid:group

Note

This parameter is not supported for Windows containers.

Required: No

Type: String

Update requires: No interruption