Amazon ECS task networking - Amazon Elastic Container Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Amazon ECS task networking

Important

If you're using Amazon ECS tasks hosted on Amazon Fargate, see Fargate task networking in the Amazon Elastic Container Service User Guide for Amazon Fargate for networking information that's relevant to your instances.

The networking behavior of Amazon ECS tasks that are hosted on Amazon EC2 instances is dependent on the network mode that's defined in the task definition. The following are the available network modes. We recommend that you use the awsvpc network mode unless you have a specific need to use a different network mode.

  • awsvpc — The task is allocated its own elastic network interface (ENI) and a primary private IPv4 address. This gives the task the same networking properties as Amazon EC2 instances.

  • bridge — The task uses Docker's built-in virtual network, which runs inside each Amazon EC2 instance that hosts the task.

  • host — The task bypasses Docker's built-in virtual network and maps container ports directly to the ENI of the Amazon EC2 instance that hosts the task. As a result, you can't run multiple instantiations of the same task on a single Amazon EC2 instance when port mappings are used.

  • none — The task has no external network connectivity.

For more information about Docker networking, see Networking overview.

Topics