Amazon ECS task networking - Amazon Elastic Container Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Amazon ECS task networking

Important

If you are using Amazon ECS tasks hosted on Amazon Fargate, see Fargate task networking in the Amazon Elastic Container Service User Guide for Amazon Fargate.

The networking behavior of Amazon ECS tasks hosted on Amazon EC2 instances is dependent on the network mode defined in the task definition. The following are the available network modes. Amazon ECS recommends using the awsvpc network mode unless you have a specific need to use a different network mode.

  • awsvpc — The task is allocated its own elastic network interface (ENI) and a primary private IPv4 address. This gives the task the same networking properties as Amazon EC2 instances.

  • bridge — The task utilizes Docker's built-in virtual network which runs inside each Amazon EC2 instance hosting the task.

  • host — The task bypasses Docker's built-in virtual network and maps container ports directly to the ENI of the Amazon EC2 instance hosting the task. As a result, you can't run multiple instantiations of the same task on a single Amazon EC2 instance when port mappings are used.

  • none — The task has no external network connectivity.

For more information about Docker networking, see Networking overview.

Topics