Amazon ECS task networking options for the EC2 launch type
The networking behavior of Amazon ECS tasks that are hosted on Amazon EC2 instances is dependent on
the network mode that's defined in the task definition. We recommend
that you use the awsvpc network mode unless you have a specific need to use a
different network mode.
The following are the available network modes.
| Network mode | Linux containers on EC2 | Windows containers on EC2 | Description |
|---|---|---|---|
|
|
Yes |
Yes |
The task is allocated its own elastic network interface (ENI) and a primary private IPv4 address. This gives the task the same networking properties as Amazon EC2 instances. |
|
|
Yes |
No |
The task uses Docker's built-in virtual network on Linux, which runs inside each Amazon EC2
instance that hosts the task. The built-in virtual network on Linux uses the |
|
|
Yes |
No |
The task uses the host's network which bypasses Docker's built-in virtual network
by mapping container ports directly to the ENI of the Amazon EC2 instance that hosts
the task. Dynamic port mappings can’t be used in this network mode. A container
in a task definition that uses this mode must specify a specific
|
|
|
Yes |
No |
The task has no external network connectivity. |
|
|
No |
Yes |
The task uses Docker's built-in virtual network on Windows, which runs inside each Amazon EC2 instance that hosts the task. The built-in virtual network on Windows uses the |
For more information about Docker networking on Linux, see Networking overview
For more information about Docker networking on Windows, see Windows container networking