Amazon ECS container agent configuration
Applies to: EC2 instances
The Amazon ECS container agent supports a number of configuration options, most of which you set through environment variables.
If your container instance was launched with a Linux variant of the Amazon ECS-optimized AMI, you
can set these environment variables in the /etc/ecs/ecs.config
file and
then restart the agent. You can also write these configuration variables to your container
instances with Amazon EC2 user data at launch time. For more information, see Bootstrapping Amazon ECS Linux container instances to pass data.
If your container instance was launched with a Windows variant of the Amazon ECS-optimized AMI, you can set these environment variables with the PowerShell SetEnvironmentVariable command and then restart the agent. For more information, see Run commands when you launch an EC2 instance with user data input in the Amazon EC2 User Guide and Bootstrapping Amazon ECS Windows container instances to pass data.
If you are manually starting the Amazon ECS container agent (for non Amazon ECS-optimized AMIs), you
can use these environment variables in the docker run command that you
use to start the agent. Use these variables with the syntax
--env=
.
For sensitive information, such as authentication credentials for private repositories, you
should store your agent environment variables in a file and pass them all at one time with
the VARIABLE_NAME
=VARIABLE_VALUE
--env-file
option. You can use
the following commands to add the variables.path_to_env_file
sudo systemctl stop ecs sudo vi /etc/ecs/ecs.config # And add the environment variables with VARIABLE_NAME=VARIABLE_VALUE format. sudo systemctl start ecs
Run the Amazon ECS agent with the host PID namespace
By default, the Amazon ECS agent runs with its own PID namespace. In the following configurations, you can configure the Amazon ECS agent to run with the host PID namespace:
-
SELinux enforcing mode is enabled .
-
Docker's SELinux security policy is set to true.
You can configure this behavior by setting the
ECS_AGENT_PID_NAMESPACE_HOST
environment variable to true
in your /etc/ecs/ecs.config
file. When this variable is enabled,
ecs-init
will start the Amazon ECS agent container with the host's PID
namespace (--pid=host
), allowing the agent to bootstrap itself properly in
SELinux-enforcing environments.
To enable this feature, add the following line to your /etc/ecs/ecs.config
file:
ECS_AGENT_PID_NAMESPACE_HOST=true
After making this change, restart the Amazon ECS agent for the change to take effect:
sudo systemctl restart ecs
The following features will not work SELinux enforcing mode is enabled and the Docker security policy is set to true, even when ECS_AGENT_PID_NAMESPACE_HOST=true
is set.
Amazon ECS Exec
Amazon EBS task attach
Service Connect
Available parameters
For information about the available Amazon ECS container agent configuration parameters,
see Amazon
ECS Container Agent