1. Packages
  2. Packages
  3. AWS Cloud Control
  4. API Docs
  5. ecs
  6. DaemonTaskDefinition

We recommend new projects start with resources from the AWS provider.

Viewing docs for AWS Cloud Control v1.62.0
published on Monday, Apr 20, 2026 by Pulumi
aws-native logo

We recommend new projects start with resources from the AWS provider.

Viewing docs for AWS Cloud Control v1.62.0
published on Monday, Apr 20, 2026 by Pulumi

    The details of a daemon task definition. A daemon task definition is a template that describes the containers that form a daemon. Daemons deploy cross-cutting software agents independently across your Amazon ECS infrastructure.

    Create DaemonTaskDefinition Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new DaemonTaskDefinition(name: string, args?: DaemonTaskDefinitionArgs, opts?: CustomResourceOptions);
    @overload
    def DaemonTaskDefinition(resource_name: str,
                             args: Optional[DaemonTaskDefinitionArgs] = None,
                             opts: Optional[ResourceOptions] = None)
    
    @overload
    def DaemonTaskDefinition(resource_name: str,
                             opts: Optional[ResourceOptions] = None,
                             container_definitions: Optional[Sequence[DaemonTaskDefinitionDaemonContainerDefinitionArgs]] = None,
                             cpu: Optional[str] = None,
                             execution_role_arn: Optional[str] = None,
                             family: Optional[str] = None,
                             memory: Optional[str] = None,
                             tags: Optional[Sequence[_root_inputs.TagArgs]] = None,
                             task_role_arn: Optional[str] = None,
                             volumes: Optional[Sequence[DaemonTaskDefinitionVolumeArgs]] = None)
    func NewDaemonTaskDefinition(ctx *Context, name string, args *DaemonTaskDefinitionArgs, opts ...ResourceOption) (*DaemonTaskDefinition, error)
    public DaemonTaskDefinition(string name, DaemonTaskDefinitionArgs? args = null, CustomResourceOptions? opts = null)
    public DaemonTaskDefinition(String name, DaemonTaskDefinitionArgs args)
    public DaemonTaskDefinition(String name, DaemonTaskDefinitionArgs args, CustomResourceOptions options)
    
    type: aws-native:ecs:DaemonTaskDefinition
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args DaemonTaskDefinitionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args DaemonTaskDefinitionArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args DaemonTaskDefinitionArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args DaemonTaskDefinitionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args DaemonTaskDefinitionArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    DaemonTaskDefinition Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The DaemonTaskDefinition resource accepts the following input properties:

    ContainerDefinitions List<Pulumi.AwsNative.Ecs.Inputs.DaemonTaskDefinitionDaemonContainerDefinition>
    A list of container definitions in JSON format that describe the containers that make up the daemon task.
    Cpu string
    The number of CPU units used by the daemon task.
    ExecutionRoleArn string
    The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make Amazon Web Services API calls on your behalf.
    Family string
    The name of a family that this daemon task definition is registered to.
    Memory string
    The amount of memory (in MiB) used by the daemon task.
    Tags List<Pulumi.AwsNative.Inputs.Tag>
    TaskRoleArn string
    The short name or full Amazon Resource Name (ARN) of the IAM role that grants containers in the daemon task permission to call Amazon Web Services APIs on your behalf.
    Volumes List<Pulumi.AwsNative.Ecs.Inputs.DaemonTaskDefinitionVolume>
    The list of data volume definitions for the daemon task.
    ContainerDefinitions []DaemonTaskDefinitionDaemonContainerDefinitionArgs
    A list of container definitions in JSON format that describe the containers that make up the daemon task.
    Cpu string
    The number of CPU units used by the daemon task.
    ExecutionRoleArn string
    The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make Amazon Web Services API calls on your behalf.
    Family string
    The name of a family that this daemon task definition is registered to.
    Memory string
    The amount of memory (in MiB) used by the daemon task.
    Tags TagArgs
    TaskRoleArn string
    The short name or full Amazon Resource Name (ARN) of the IAM role that grants containers in the daemon task permission to call Amazon Web Services APIs on your behalf.
    Volumes []DaemonTaskDefinitionVolumeArgs
    The list of data volume definitions for the daemon task.
    containerDefinitions List<DaemonTaskDefinitionDaemonContainerDefinition>
    A list of container definitions in JSON format that describe the containers that make up the daemon task.
    cpu String
    The number of CPU units used by the daemon task.
    executionRoleArn String
    The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make Amazon Web Services API calls on your behalf.
    family String
    The name of a family that this daemon task definition is registered to.
    memory String
    The amount of memory (in MiB) used by the daemon task.
    tags List<Tag>
    taskRoleArn String
    The short name or full Amazon Resource Name (ARN) of the IAM role that grants containers in the daemon task permission to call Amazon Web Services APIs on your behalf.
    volumes List<DaemonTaskDefinitionVolume>
    The list of data volume definitions for the daemon task.
    containerDefinitions DaemonTaskDefinitionDaemonContainerDefinition[]
    A list of container definitions in JSON format that describe the containers that make up the daemon task.
    cpu string
    The number of CPU units used by the daemon task.
    executionRoleArn string
    The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make Amazon Web Services API calls on your behalf.
    family string
    The name of a family that this daemon task definition is registered to.
    memory string
    The amount of memory (in MiB) used by the daemon task.
    tags Tag[]
    taskRoleArn string
    The short name or full Amazon Resource Name (ARN) of the IAM role that grants containers in the daemon task permission to call Amazon Web Services APIs on your behalf.
    volumes DaemonTaskDefinitionVolume[]
    The list of data volume definitions for the daemon task.
    container_definitions Sequence[DaemonTaskDefinitionDaemonContainerDefinitionArgs]
    A list of container definitions in JSON format that describe the containers that make up the daemon task.
    cpu str
    The number of CPU units used by the daemon task.
    execution_role_arn str
    The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make Amazon Web Services API calls on your behalf.
    family str
    The name of a family that this daemon task definition is registered to.
    memory str
    The amount of memory (in MiB) used by the daemon task.
    tags Sequence[TagArgs]
    task_role_arn str
    The short name or full Amazon Resource Name (ARN) of the IAM role that grants containers in the daemon task permission to call Amazon Web Services APIs on your behalf.
    volumes Sequence[DaemonTaskDefinitionVolumeArgs]
    The list of data volume definitions for the daemon task.
    containerDefinitions List<Property Map>
    A list of container definitions in JSON format that describe the containers that make up the daemon task.
    cpu String
    The number of CPU units used by the daemon task.
    executionRoleArn String
    The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make Amazon Web Services API calls on your behalf.
    family String
    The name of a family that this daemon task definition is registered to.
    memory String
    The amount of memory (in MiB) used by the daemon task.
    tags List<Property Map>
    taskRoleArn String
    The short name or full Amazon Resource Name (ARN) of the IAM role that grants containers in the daemon task permission to call Amazon Web Services APIs on your behalf.
    volumes List<Property Map>
    The list of data volume definitions for the daemon task.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the DaemonTaskDefinition resource produces the following output properties:

    DaemonTaskDefinitionArn string
    Id string
    The provider-assigned unique ID for this managed resource.
    DaemonTaskDefinitionArn string
    Id string
    The provider-assigned unique ID for this managed resource.
    daemonTaskDefinitionArn String
    id String
    The provider-assigned unique ID for this managed resource.
    daemonTaskDefinitionArn string
    id string
    The provider-assigned unique ID for this managed resource.
    daemon_task_definition_arn str
    id str
    The provider-assigned unique ID for this managed resource.
    daemonTaskDefinitionArn String
    id String
    The provider-assigned unique ID for this managed resource.

    Supporting Types

    DaemonTaskDefinitionContainerDependency, DaemonTaskDefinitionContainerDependencyArgs

    The dependencies defined for container startup and shutdown. A container can contain multiple dependencies. When a dependency is defined for container startup, for container shutdown it is reversed. Your Amazon ECS container instances require at least version 1.26.0 of the container agent to use container dependencies. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see Updating the Amazon ECS Container Agent in the Amazon Elastic Container Service Developer Guide. If you're using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the ecs-init package. If your container instances are launched from version 20190301 or later, then they contain the required versions of the container agent and ecs-init. For more information, see Amazon ECS-optimized Linux AMI in the Amazon Elastic Container Service Developer Guide. For tasks that use the Fargate launch type, the task or service requires the following platforms:

    • Linux platform version 1.3.0 or later.
    • Windows platform version 1.0.0 or later.

    For more information about how to create a container dependency, see Container dependency in the Amazon Elastic Container Service Developer Guide.

    Condition string
    The dependency condition of the container. The following are the available conditions and their behavior:

    • START - This condition emulates the behavior of links and volumes today. It validates that a dependent container is started before permitting other containers to start.
    • COMPLETE - This condition validates that a dependent container runs to completion (exits) before permitting other containers to start. This can be useful for nonessential containers that run a script and then exit. This condition can't be set on an essential container.
    • SUCCESS - This condition is the same as COMPLETE, but it also requires that the container exits with a zero status. This condition can't be set on an essential container.
    • HEALTHY - This condition validates that the dependent container passes its Docker health check before permitting other containers to start. This requires that the dependent container has health checks configured. This condition is confirmed only at task startup.
    ContainerName string
    The name of a container.
    Condition string
    The dependency condition of the container. The following are the available conditions and their behavior:

    • START - This condition emulates the behavior of links and volumes today. It validates that a dependent container is started before permitting other containers to start.
    • COMPLETE - This condition validates that a dependent container runs to completion (exits) before permitting other containers to start. This can be useful for nonessential containers that run a script and then exit. This condition can't be set on an essential container.
    • SUCCESS - This condition is the same as COMPLETE, but it also requires that the container exits with a zero status. This condition can't be set on an essential container.
    • HEALTHY - This condition validates that the dependent container passes its Docker health check before permitting other containers to start. This requires that the dependent container has health checks configured. This condition is confirmed only at task startup.
    ContainerName string
    The name of a container.
    condition String
    The dependency condition of the container. The following are the available conditions and their behavior:

    • START - This condition emulates the behavior of links and volumes today. It validates that a dependent container is started before permitting other containers to start.
    • COMPLETE - This condition validates that a dependent container runs to completion (exits) before permitting other containers to start. This can be useful for nonessential containers that run a script and then exit. This condition can't be set on an essential container.
    • SUCCESS - This condition is the same as COMPLETE, but it also requires that the container exits with a zero status. This condition can't be set on an essential container.
    • HEALTHY - This condition validates that the dependent container passes its Docker health check before permitting other containers to start. This requires that the dependent container has health checks configured. This condition is confirmed only at task startup.
    containerName String
    The name of a container.
    condition string
    The dependency condition of the container. The following are the available conditions and their behavior:

    • START - This condition emulates the behavior of links and volumes today. It validates that a dependent container is started before permitting other containers to start.
    • COMPLETE - This condition validates that a dependent container runs to completion (exits) before permitting other containers to start. This can be useful for nonessential containers that run a script and then exit. This condition can't be set on an essential container.
    • SUCCESS - This condition is the same as COMPLETE, but it also requires that the container exits with a zero status. This condition can't be set on an essential container.
    • HEALTHY - This condition validates that the dependent container passes its Docker health check before permitting other containers to start. This requires that the dependent container has health checks configured. This condition is confirmed only at task startup.
    containerName string
    The name of a container.
    condition str
    The dependency condition of the container. The following are the available conditions and their behavior:

    • START - This condition emulates the behavior of links and volumes today. It validates that a dependent container is started before permitting other containers to start.
    • COMPLETE - This condition validates that a dependent container runs to completion (exits) before permitting other containers to start. This can be useful for nonessential containers that run a script and then exit. This condition can't be set on an essential container.
    • SUCCESS - This condition is the same as COMPLETE, but it also requires that the container exits with a zero status. This condition can't be set on an essential container.
    • HEALTHY - This condition validates that the dependent container passes its Docker health check before permitting other containers to start. This requires that the dependent container has health checks configured. This condition is confirmed only at task startup.
    container_name str
    The name of a container.
    condition String
    The dependency condition of the container. The following are the available conditions and their behavior:

    • START - This condition emulates the behavior of links and volumes today. It validates that a dependent container is started before permitting other containers to start.
    • COMPLETE - This condition validates that a dependent container runs to completion (exits) before permitting other containers to start. This can be useful for nonessential containers that run a script and then exit. This condition can't be set on an essential container.
    • SUCCESS - This condition is the same as COMPLETE, but it also requires that the container exits with a zero status. This condition can't be set on an essential container.
    • HEALTHY - This condition validates that the dependent container passes its Docker health check before permitting other containers to start. This requires that the dependent container has health checks configured. This condition is confirmed only at task startup.
    containerName String
    The name of a container.

    DaemonTaskDefinitionDaemonContainerDefinition, DaemonTaskDefinitionDaemonContainerDefinitionArgs

    A container definition for a daemon task. Daemon container definitions describe the containers that run as part of a daemon task on container instances managed by capacity providers.
    Image string
    The image used to start the container. This string is passed directly to the Docker daemon. Images in the Docker Hub registry are available by default. Other repositories are specified with either repository-url/image:tag or repository-url/image@digest.
    Name string
    The name of the container. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed.
    Command List<string>
    The command that's passed to the container.
    Cpu int
    The number of cpu units reserved for the container.
    DependsOn List<Pulumi.AwsNative.Ecs.Inputs.DaemonTaskDefinitionContainerDependency>
    The dependencies defined for container startup and shutdown. A container can contain multiple dependencies on other containers in a task definition.
    EntryPoint List<string>
    The entry point that's passed to the container.
    Environment List<Pulumi.AwsNative.Ecs.Inputs.DaemonTaskDefinitionKeyValuePair>
    The environment variables to pass to a container.
    EnvironmentFiles List<Pulumi.AwsNative.Ecs.Inputs.DaemonTaskDefinitionEnvironmentFile>
    A list of files containing the environment variables to pass to a container.
    Essential bool
    If the essential parameter of a container is marked as true, and that container fails or stops for any reason, all other containers that are part of the task are stopped.
    FirelensConfiguration Pulumi.AwsNative.Ecs.Inputs.DaemonTaskDefinitionFirelensConfiguration
    The FireLens configuration for the container. This is used to specify and configure a log router for container logs.
    HealthCheck Pulumi.AwsNative.Ecs.Inputs.DaemonTaskDefinitionHealthCheck
    The container health check command and associated configuration parameters for the container.
    Interactive bool
    When this parameter is true, you can deploy containerized applications that require stdin or a tty to be allocated.
    LinuxParameters Pulumi.AwsNative.Ecs.Inputs.DaemonTaskDefinitionLinuxParameters
    Linux-specific modifications that are applied to the container configuration, such as Linux kernel capabilities.
    LogConfiguration Pulumi.AwsNative.Ecs.Inputs.DaemonTaskDefinitionLogConfiguration
    The log configuration specification for the container.
    Memory int
    The amount (in MiB) of memory to present to the container. If the container attempts to exceed the memory specified here, the container is killed.
    MemoryReservation int
    The soft limit (in MiB) of memory to reserve for the container.
    MountPoints List<Pulumi.AwsNative.Ecs.Inputs.DaemonTaskDefinitionMountPoint>
    The mount points for data volumes in your container.
    Privileged bool
    When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user).
    PseudoTerminal bool
    When this parameter is true, a TTY is allocated.
    ReadonlyRootFilesystem bool
    When this parameter is true, the container is given read-only access to its root file system.
    RepositoryCredentials Pulumi.AwsNative.Ecs.Inputs.DaemonTaskDefinitionRepositoryCredentials
    The private repository authentication credentials to use.
    RestartPolicy Pulumi.AwsNative.Ecs.Inputs.DaemonTaskDefinitionRestartPolicy
    The restart policy for the container. When you set up a restart policy, Amazon ECS can restart the container without needing to replace the task.
    Secrets List<Pulumi.AwsNative.Ecs.Inputs.DaemonTaskDefinitionSecret>
    The secrets to pass to the container.
    StartTimeout int
    Time duration (in seconds) to wait before giving up on resolving dependencies for a container.
    StopTimeout int
    Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own.
    SystemControls List<Pulumi.AwsNative.Ecs.Inputs.DaemonTaskDefinitionSystemControl>
    A list of namespaced kernel parameters to set in the container.
    Ulimits List<Pulumi.AwsNative.Ecs.Inputs.DaemonTaskDefinitionUlimit>
    A list of ulimits to set in the container.
    User string
    The user to use inside the container.
    WorkingDirectory string
    The working directory to run commands inside the container in.
    Image string
    The image used to start the container. This string is passed directly to the Docker daemon. Images in the Docker Hub registry are available by default. Other repositories are specified with either repository-url/image:tag or repository-url/image@digest.
    Name string
    The name of the container. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed.
    Command []string
    The command that's passed to the container.
    Cpu int
    The number of cpu units reserved for the container.
    DependsOn []DaemonTaskDefinitionContainerDependency
    The dependencies defined for container startup and shutdown. A container can contain multiple dependencies on other containers in a task definition.
    EntryPoint []string
    The entry point that's passed to the container.
    Environment []DaemonTaskDefinitionKeyValuePair
    The environment variables to pass to a container.
    EnvironmentFiles []DaemonTaskDefinitionEnvironmentFile
    A list of files containing the environment variables to pass to a container.
    Essential bool
    If the essential parameter of a container is marked as true, and that container fails or stops for any reason, all other containers that are part of the task are stopped.
    FirelensConfiguration DaemonTaskDefinitionFirelensConfiguration
    The FireLens configuration for the container. This is used to specify and configure a log router for container logs.
    HealthCheck DaemonTaskDefinitionHealthCheck
    The container health check command and associated configuration parameters for the container.
    Interactive bool
    When this parameter is true, you can deploy containerized applications that require stdin or a tty to be allocated.
    LinuxParameters DaemonTaskDefinitionLinuxParameters
    Linux-specific modifications that are applied to the container configuration, such as Linux kernel capabilities.
    LogConfiguration DaemonTaskDefinitionLogConfiguration
    The log configuration specification for the container.
    Memory int
    The amount (in MiB) of memory to present to the container. If the container attempts to exceed the memory specified here, the container is killed.
    MemoryReservation int
    The soft limit (in MiB) of memory to reserve for the container.
    MountPoints []DaemonTaskDefinitionMountPoint
    The mount points for data volumes in your container.
    Privileged bool
    When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user).
    PseudoTerminal bool
    When this parameter is true, a TTY is allocated.
    ReadonlyRootFilesystem bool
    When this parameter is true, the container is given read-only access to its root file system.
    RepositoryCredentials DaemonTaskDefinitionRepositoryCredentials
    The private repository authentication credentials to use.
    RestartPolicy DaemonTaskDefinitionRestartPolicy
    The restart policy for the container. When you set up a restart policy, Amazon ECS can restart the container without needing to replace the task.
    Secrets []DaemonTaskDefinitionSecret
    The secrets to pass to the container.
    StartTimeout int
    Time duration (in seconds) to wait before giving up on resolving dependencies for a container.
    StopTimeout int
    Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own.
    SystemControls []DaemonTaskDefinitionSystemControl
    A list of namespaced kernel parameters to set in the container.
    Ulimits []DaemonTaskDefinitionUlimit
    A list of ulimits to set in the container.
    User string
    The user to use inside the container.
    WorkingDirectory string
    The working directory to run commands inside the container in.
    image String
    The image used to start the container. This string is passed directly to the Docker daemon. Images in the Docker Hub registry are available by default. Other repositories are specified with either repository-url/image:tag or repository-url/image@digest.
    name String
    The name of the container. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed.
    command List<String>
    The command that's passed to the container.
    cpu Integer
    The number of cpu units reserved for the container.
    dependsOn List<DaemonTaskDefinitionContainerDependency>
    The dependencies defined for container startup and shutdown. A container can contain multiple dependencies on other containers in a task definition.
    entryPoint List<String>
    The entry point that's passed to the container.
    environment List<DaemonTaskDefinitionKeyValuePair>
    The environment variables to pass to a container.
    environmentFiles List<DaemonTaskDefinitionEnvironmentFile>
    A list of files containing the environment variables to pass to a container.
    essential Boolean
    If the essential parameter of a container is marked as true, and that container fails or stops for any reason, all other containers that are part of the task are stopped.
    firelensConfiguration DaemonTaskDefinitionFirelensConfiguration
    The FireLens configuration for the container. This is used to specify and configure a log router for container logs.
    healthCheck DaemonTaskDefinitionHealthCheck
    The container health check command and associated configuration parameters for the container.
    interactive Boolean
    When this parameter is true, you can deploy containerized applications that require stdin or a tty to be allocated.
    linuxParameters DaemonTaskDefinitionLinuxParameters
    Linux-specific modifications that are applied to the container configuration, such as Linux kernel capabilities.
    logConfiguration DaemonTaskDefinitionLogConfiguration
    The log configuration specification for the container.
    memory Integer
    The amount (in MiB) of memory to present to the container. If the container attempts to exceed the memory specified here, the container is killed.
    memoryReservation Integer
    The soft limit (in MiB) of memory to reserve for the container.
    mountPoints List<DaemonTaskDefinitionMountPoint>
    The mount points for data volumes in your container.
    privileged Boolean
    When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user).
    pseudoTerminal Boolean
    When this parameter is true, a TTY is allocated.
    readonlyRootFilesystem Boolean
    When this parameter is true, the container is given read-only access to its root file system.
    repositoryCredentials DaemonTaskDefinitionRepositoryCredentials
    The private repository authentication credentials to use.
    restartPolicy DaemonTaskDefinitionRestartPolicy
    The restart policy for the container. When you set up a restart policy, Amazon ECS can restart the container without needing to replace the task.
    secrets List<DaemonTaskDefinitionSecret>
    The secrets to pass to the container.
    startTimeout Integer
    Time duration (in seconds) to wait before giving up on resolving dependencies for a container.
    stopTimeout Integer
    Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own.
    systemControls List<DaemonTaskDefinitionSystemControl>
    A list of namespaced kernel parameters to set in the container.
    ulimits List<DaemonTaskDefinitionUlimit>
    A list of ulimits to set in the container.
    user String
    The user to use inside the container.
    workingDirectory String
    The working directory to run commands inside the container in.
    image string
    The image used to start the container. This string is passed directly to the Docker daemon. Images in the Docker Hub registry are available by default. Other repositories are specified with either repository-url/image:tag or repository-url/image@digest.
    name string
    The name of the container. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed.
    command string[]
    The command that's passed to the container.
    cpu number
    The number of cpu units reserved for the container.
    dependsOn DaemonTaskDefinitionContainerDependency[]
    The dependencies defined for container startup and shutdown. A container can contain multiple dependencies on other containers in a task definition.
    entryPoint string[]
    The entry point that's passed to the container.
    environment DaemonTaskDefinitionKeyValuePair[]
    The environment variables to pass to a container.
    environmentFiles DaemonTaskDefinitionEnvironmentFile[]
    A list of files containing the environment variables to pass to a container.
    essential boolean
    If the essential parameter of a container is marked as true, and that container fails or stops for any reason, all other containers that are part of the task are stopped.
    firelensConfiguration DaemonTaskDefinitionFirelensConfiguration
    The FireLens configuration for the container. This is used to specify and configure a log router for container logs.
    healthCheck DaemonTaskDefinitionHealthCheck
    The container health check command and associated configuration parameters for the container.
    interactive boolean
    When this parameter is true, you can deploy containerized applications that require stdin or a tty to be allocated.
    linuxParameters DaemonTaskDefinitionLinuxParameters
    Linux-specific modifications that are applied to the container configuration, such as Linux kernel capabilities.
    logConfiguration DaemonTaskDefinitionLogConfiguration
    The log configuration specification for the container.
    memory number
    The amount (in MiB) of memory to present to the container. If the container attempts to exceed the memory specified here, the container is killed.
    memoryReservation number
    The soft limit (in MiB) of memory to reserve for the container.
    mountPoints DaemonTaskDefinitionMountPoint[]
    The mount points for data volumes in your container.
    privileged boolean
    When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user).
    pseudoTerminal boolean
    When this parameter is true, a TTY is allocated.
    readonlyRootFilesystem boolean
    When this parameter is true, the container is given read-only access to its root file system.
    repositoryCredentials DaemonTaskDefinitionRepositoryCredentials
    The private repository authentication credentials to use.
    restartPolicy DaemonTaskDefinitionRestartPolicy
    The restart policy for the container. When you set up a restart policy, Amazon ECS can restart the container without needing to replace the task.
    secrets DaemonTaskDefinitionSecret[]
    The secrets to pass to the container.
    startTimeout number
    Time duration (in seconds) to wait before giving up on resolving dependencies for a container.
    stopTimeout number
    Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own.
    systemControls DaemonTaskDefinitionSystemControl[]
    A list of namespaced kernel parameters to set in the container.
    ulimits DaemonTaskDefinitionUlimit[]
    A list of ulimits to set in the container.
    user string
    The user to use inside the container.
    workingDirectory string
    The working directory to run commands inside the container in.
    image str
    The image used to start the container. This string is passed directly to the Docker daemon. Images in the Docker Hub registry are available by default. Other repositories are specified with either repository-url/image:tag or repository-url/image@digest.
    name str
    The name of the container. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed.
    command Sequence[str]
    The command that's passed to the container.
    cpu int
    The number of cpu units reserved for the container.
    depends_on Sequence[DaemonTaskDefinitionContainerDependency]
    The dependencies defined for container startup and shutdown. A container can contain multiple dependencies on other containers in a task definition.
    entry_point Sequence[str]
    The entry point that's passed to the container.
    environment Sequence[DaemonTaskDefinitionKeyValuePair]
    The environment variables to pass to a container.
    environment_files Sequence[DaemonTaskDefinitionEnvironmentFile]
    A list of files containing the environment variables to pass to a container.
    essential bool
    If the essential parameter of a container is marked as true, and that container fails or stops for any reason, all other containers that are part of the task are stopped.
    firelens_configuration DaemonTaskDefinitionFirelensConfiguration
    The FireLens configuration for the container. This is used to specify and configure a log router for container logs.
    health_check DaemonTaskDefinitionHealthCheck
    The container health check command and associated configuration parameters for the container.
    interactive bool
    When this parameter is true, you can deploy containerized applications that require stdin or a tty to be allocated.
    linux_parameters DaemonTaskDefinitionLinuxParameters
    Linux-specific modifications that are applied to the container configuration, such as Linux kernel capabilities.
    log_configuration DaemonTaskDefinitionLogConfiguration
    The log configuration specification for the container.
    memory int
    The amount (in MiB) of memory to present to the container. If the container attempts to exceed the memory specified here, the container is killed.
    memory_reservation int
    The soft limit (in MiB) of memory to reserve for the container.
    mount_points Sequence[DaemonTaskDefinitionMountPoint]
    The mount points for data volumes in your container.
    privileged bool
    When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user).
    pseudo_terminal bool
    When this parameter is true, a TTY is allocated.
    readonly_root_filesystem bool
    When this parameter is true, the container is given read-only access to its root file system.
    repository_credentials DaemonTaskDefinitionRepositoryCredentials
    The private repository authentication credentials to use.
    restart_policy DaemonTaskDefinitionRestartPolicy
    The restart policy for the container. When you set up a restart policy, Amazon ECS can restart the container without needing to replace the task.
    secrets Sequence[DaemonTaskDefinitionSecret]
    The secrets to pass to the container.
    start_timeout int
    Time duration (in seconds) to wait before giving up on resolving dependencies for a container.
    stop_timeout int
    Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own.
    system_controls Sequence[DaemonTaskDefinitionSystemControl]
    A list of namespaced kernel parameters to set in the container.
    ulimits Sequence[DaemonTaskDefinitionUlimit]
    A list of ulimits to set in the container.
    user str
    The user to use inside the container.
    working_directory str
    The working directory to run commands inside the container in.
    image String
    The image used to start the container. This string is passed directly to the Docker daemon. Images in the Docker Hub registry are available by default. Other repositories are specified with either repository-url/image:tag or repository-url/image@digest.
    name String
    The name of the container. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed.
    command List<String>
    The command that's passed to the container.
    cpu Number
    The number of cpu units reserved for the container.
    dependsOn List<Property Map>
    The dependencies defined for container startup and shutdown. A container can contain multiple dependencies on other containers in a task definition.
    entryPoint List<String>
    The entry point that's passed to the container.
    environment List<Property Map>
    The environment variables to pass to a container.
    environmentFiles List<Property Map>
    A list of files containing the environment variables to pass to a container.
    essential Boolean
    If the essential parameter of a container is marked as true, and that container fails or stops for any reason, all other containers that are part of the task are stopped.
    firelensConfiguration Property Map
    The FireLens configuration for the container. This is used to specify and configure a log router for container logs.
    healthCheck Property Map
    The container health check command and associated configuration parameters for the container.
    interactive Boolean
    When this parameter is true, you can deploy containerized applications that require stdin or a tty to be allocated.
    linuxParameters Property Map
    Linux-specific modifications that are applied to the container configuration, such as Linux kernel capabilities.
    logConfiguration Property Map
    The log configuration specification for the container.
    memory Number
    The amount (in MiB) of memory to present to the container. If the container attempts to exceed the memory specified here, the container is killed.
    memoryReservation Number
    The soft limit (in MiB) of memory to reserve for the container.
    mountPoints List<Property Map>
    The mount points for data volumes in your container.
    privileged Boolean
    When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user).
    pseudoTerminal Boolean
    When this parameter is true, a TTY is allocated.
    readonlyRootFilesystem Boolean
    When this parameter is true, the container is given read-only access to its root file system.
    repositoryCredentials Property Map
    The private repository authentication credentials to use.
    restartPolicy Property Map
    The restart policy for the container. When you set up a restart policy, Amazon ECS can restart the container without needing to replace the task.
    secrets List<Property Map>
    The secrets to pass to the container.
    startTimeout Number
    Time duration (in seconds) to wait before giving up on resolving dependencies for a container.
    stopTimeout Number
    Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own.
    systemControls List<Property Map>
    A list of namespaced kernel parameters to set in the container.
    ulimits List<Property Map>
    A list of ulimits to set in the container.
    user String
    The user to use inside the container.
    workingDirectory String
    The working directory to run commands inside the container in.

    DaemonTaskDefinitionDevice, DaemonTaskDefinitionDeviceArgs

    An object representing a container instance host device.
    ContainerPath string
    The path inside the container at which to expose the host device.
    HostPath string
    The path for the device on the host container instance.
    Permissions List<string>
    The explicit permissions to provide to the container for the device. By default, the container has permissions for read, write, and mknod for the device.
    ContainerPath string
    The path inside the container at which to expose the host device.
    HostPath string
    The path for the device on the host container instance.
    Permissions []string
    The explicit permissions to provide to the container for the device. By default, the container has permissions for read, write, and mknod for the device.
    containerPath String
    The path inside the container at which to expose the host device.
    hostPath String
    The path for the device on the host container instance.
    permissions List<String>
    The explicit permissions to provide to the container for the device. By default, the container has permissions for read, write, and mknod for the device.
    containerPath string
    The path inside the container at which to expose the host device.
    hostPath string
    The path for the device on the host container instance.
    permissions string[]
    The explicit permissions to provide to the container for the device. By default, the container has permissions for read, write, and mknod for the device.
    container_path str
    The path inside the container at which to expose the host device.
    host_path str
    The path for the device on the host container instance.
    permissions Sequence[str]
    The explicit permissions to provide to the container for the device. By default, the container has permissions for read, write, and mknod for the device.
    containerPath String
    The path inside the container at which to expose the host device.
    hostPath String
    The path for the device on the host container instance.
    permissions List<String>
    The explicit permissions to provide to the container for the device. By default, the container has permissions for read, write, and mknod for the device.

    DaemonTaskDefinitionEnvironmentFile, DaemonTaskDefinitionEnvironmentFileArgs

    A list of files containing the environment variables to pass to a container. You can specify up to ten environment files. The file must have a .env file extension. Each line in an environment file should contain an environment variable in VARIABLE=VALUE format. Lines beginning with # are treated as comments and are ignored. If there are environment variables specified using the environment parameter in a container definition, they take precedence over the variables contained within an environment file. If multiple environment files are specified that contain the same variable, they're processed from the top down. We recommend that you use unique variable names. For more information, see Use a file to pass environment variables to a container in the Amazon Elastic Container Service Developer Guide. Environment variable files are objects in Amazon S3 and all Amazon S3 security considerations apply. You must use the following platforms for the Fargate launch type:

    • Linux platform version 1.4.0 or later.
    • Windows platform version 1.0.0 or later.

    Consider the following when using the Fargate launch type:

    • The file is handled like a native Docker env-file.
    • There is no support for shell escape handling.
    • The container entry point interperts the VARIABLE values.
    Type string
    The file type to use. Environment files are objects in Amazon S3. The only supported value is s3.
    Value string
    The Amazon Resource Name (ARN) of the Amazon S3 object containing the environment variable file.
    Type string
    The file type to use. Environment files are objects in Amazon S3. The only supported value is s3.
    Value string
    The Amazon Resource Name (ARN) of the Amazon S3 object containing the environment variable file.
    type String
    The file type to use. Environment files are objects in Amazon S3. The only supported value is s3.
    value String
    The Amazon Resource Name (ARN) of the Amazon S3 object containing the environment variable file.
    type string
    The file type to use. Environment files are objects in Amazon S3. The only supported value is s3.
    value string
    The Amazon Resource Name (ARN) of the Amazon S3 object containing the environment variable file.
    type str
    The file type to use. Environment files are objects in Amazon S3. The only supported value is s3.
    value str
    The Amazon Resource Name (ARN) of the Amazon S3 object containing the environment variable file.
    type String
    The file type to use. Environment files are objects in Amazon S3. The only supported value is s3.
    value String
    The Amazon Resource Name (ARN) of the Amazon S3 object containing the environment variable file.

    DaemonTaskDefinitionFirelensConfiguration, DaemonTaskDefinitionFirelensConfigurationArgs

    The FireLens configuration for the container. This is used to specify and configure a log router for container logs. For more information, see Custom log routing in the Amazon Elastic Container Service Developer Guide.
    Options Dictionary<string, string>
    The options to use when configuring the log router. This field is optional and can be used to specify a custom configuration file or to add additional metadata, such as the task, task definition, cluster, and container instance details to the log event. If specified, the syntax to use is "options":{"enable-ecs-log-metadata":"true|false","config-file-type:"s3|file","config-file-value":"arn:aws:s3:::mybucket/fluent.conf|filepath"}. For more information, see Creating a task definition that uses a FireLens configuration in the Amazon Elastic Container Service Developer Guide. Tasks hosted on FARGATElong only support the file configuration file type.
    Type string
    The log router to use. The valid values are fluentd or fluentbit.
    Options map[string]string
    The options to use when configuring the log router. This field is optional and can be used to specify a custom configuration file or to add additional metadata, such as the task, task definition, cluster, and container instance details to the log event. If specified, the syntax to use is "options":{"enable-ecs-log-metadata":"true|false","config-file-type:"s3|file","config-file-value":"arn:aws:s3:::mybucket/fluent.conf|filepath"}. For more information, see Creating a task definition that uses a FireLens configuration in the Amazon Elastic Container Service Developer Guide. Tasks hosted on FARGATElong only support the file configuration file type.
    Type string
    The log router to use. The valid values are fluentd or fluentbit.
    options Map<String,String>
    The options to use when configuring the log router. This field is optional and can be used to specify a custom configuration file or to add additional metadata, such as the task, task definition, cluster, and container instance details to the log event. If specified, the syntax to use is "options":{"enable-ecs-log-metadata":"true|false","config-file-type:"s3|file","config-file-value":"arn:aws:s3:::mybucket/fluent.conf|filepath"}. For more information, see Creating a task definition that uses a FireLens configuration in the Amazon Elastic Container Service Developer Guide. Tasks hosted on FARGATElong only support the file configuration file type.
    type String
    The log router to use. The valid values are fluentd or fluentbit.
    options {[key: string]: string}
    The options to use when configuring the log router. This field is optional and can be used to specify a custom configuration file or to add additional metadata, such as the task, task definition, cluster, and container instance details to the log event. If specified, the syntax to use is "options":{"enable-ecs-log-metadata":"true|false","config-file-type:"s3|file","config-file-value":"arn:aws:s3:::mybucket/fluent.conf|filepath"}. For more information, see Creating a task definition that uses a FireLens configuration in the Amazon Elastic Container Service Developer Guide. Tasks hosted on FARGATElong only support the file configuration file type.
    type string
    The log router to use. The valid values are fluentd or fluentbit.
    options Mapping[str, str]
    The options to use when configuring the log router. This field is optional and can be used to specify a custom configuration file or to add additional metadata, such as the task, task definition, cluster, and container instance details to the log event. If specified, the syntax to use is "options":{"enable-ecs-log-metadata":"true|false","config-file-type:"s3|file","config-file-value":"arn:aws:s3:::mybucket/fluent.conf|filepath"}. For more information, see Creating a task definition that uses a FireLens configuration in the Amazon Elastic Container Service Developer Guide. Tasks hosted on FARGATElong only support the file configuration file type.
    type str
    The log router to use. The valid values are fluentd or fluentbit.
    options Map<String>
    The options to use when configuring the log router. This field is optional and can be used to specify a custom configuration file or to add additional metadata, such as the task, task definition, cluster, and container instance details to the log event. If specified, the syntax to use is "options":{"enable-ecs-log-metadata":"true|false","config-file-type:"s3|file","config-file-value":"arn:aws:s3:::mybucket/fluent.conf|filepath"}. For more information, see Creating a task definition that uses a FireLens configuration in the Amazon Elastic Container Service Developer Guide. Tasks hosted on FARGATElong only support the file configuration file type.
    type String
    The log router to use. The valid values are fluentd or fluentbit.

    DaemonTaskDefinitionHealthCheck, DaemonTaskDefinitionHealthCheckArgs

    An object representing a container health check. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image (such as those specified in a parent image or from the image's Dockerfile). This configuration maps to the HEALTHCHECK parameter of docker run. The Amazon ECS container agent only monitors and reports on the health checks specified in the task definition. Amazon ECS does not monitor Docker health checks that are embedded in a container image and not specified in the container definition. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image. You can view the health status of both individual containers and a task with the DescribeTasks API operation or when viewing the task details in the console. The health check is designed to make sure that your containers survive agent restarts, upgrades, or temporary unavailability. Amazon ECS performs health checks on containers with the default that launched the container instance or the task. The following describes the possible healthStatus values for a container:

    • HEALTHY-The container health check has passed successfully.
    • UNHEALTHY-The container health check has failed.
    • UNKNOWN-The container health check is being evaluated, there's no container health check defined, or Amazon ECS doesn't have the health status of the container.

    The following describes the possible healthStatus values based on the container health checker status of essential containers in the task with the following priority order (high to low):

    • UNHEALTHY-One or more essential containers have failed their health check.
    • UNKNOWN-Any essential container running within the task is in an UNKNOWN state and no other essential containers have an UNHEALTHY state.
    • HEALTHY-All essential containers within the task have passed their health checks.

    Consider the following task health example with 2 containers.

    • If Container1 is UNHEALTHY and Container2 is UNKNOWN, the task health is UNHEALTHY.
    • If Container1 is UNHEALTHY and Container2 is HEALTHY, the task health is UNHEALTHY.
    • If Container1 is HEALTHY and Container2 is UNKNOWN, the task health is UNKNOWN.
    • If Container1 is HEALTHY and Container2 is HEALTHY, the task health is HEALTHY.

    Consider the following task health example with 3 containers.

    • If Container1 is UNHEALTHY and Container2 is UNKNOWN, and Container3 is UNKNOWN, the task health is UNHEALTHY.
    • If Container1 is UNHEALTHY and Container2 is UNKNOWN, and Container3 is HEALTHY, the task health is UNHEALTHY.
    • If Container1 is UNHEALTHY and Container2 is HEALTHY, and Container3 is HEALTHY, the task health is UNHEALTHY.
    • If Container1 is HEALTHY and Container2 is UNKNOWN, and Container3 is HEALTHY, the task health is UNKNOWN.
    • If Container1 is HEALTHY and Container2 is UNKNOWN, and Container3 is UNKNOWN, the task health is UNKNOWN.
    • If Container1 is HEALTHY and Container2 is HEALTHY, and Container3 is HEALTHY, the task health is HEALTHY.

    If a task is run manually, and not as part of a service, the task will continue its lifecycle regardless of its health status. For tasks that are part of a service, if the task reports as unhealthy then the task will be stopped and the service scheduler will replace it. When a container health check fails for a task that is part of a service, the following process occurs:

    1. The task is marked as UNHEALTHY.
    2. The unhealthy task will be stopped, and during the stopping process, it will go through the following states:
    • DEACTIVATING - In this state, Amazon ECS performs additional steps before stopping the task. For example, for tasks that are part of services configured to use Elastic Load Balancing target groups, target groups will be deregistered in this state.
    • STOPPING - The task is in the process of being stopped.
    • DEPROVISIONING - Resources associated with the task are being cleaned up.
    • STOPPED - The task has been completely stopped.
    1. After the old task stops, a new task will be launched to ensure service operation, and the new task will go through the following lifecycle:
    • PROVISIONING - Resources required for the task are being provisioned.
    • PENDING - The task is waiting to be placed on a container instance.
    • ACTIVATING - In this state, Amazon ECS pulls container images, creates containers, configures task networking, registers load balancer target groups, and configures service discovery status.
    • RUNNING - The task is running and performing its work.

    For more detailed information about task lifecycle states, see Task lifecycle in the Amazon Elastic Container Service Developer Guide. The following are notes about container health check support:

    • If the Amazon ECS container agent becomes disconnected from the Amazon ECS service, this won't cause a container to transition to an UNHEALTHY status. This is by design, to ensure that containers remain running during agent restarts or temporary unavailability. The health check status is the "last heard from" response from the Amazon ECS agent, so if the container was considered HEALTHY prior to the disconnect, that status will remain until the agent reconnects and another health check occurs. There are no assumptions made about the status of the container health checks.
    • Container health checks require version 1.17.0 or greater of the Amazon ECS container agent. For more information, see Updating the Amazon ECS container agent.
    • Container health checks are supported for Fargate tasks if you're using platform version 1.1.0 or greater. For more information, see platform versions.
    • Container health checks aren't supported for tasks that are part of a service that's configured to use a Classic Load Balancer.

    For an example of how to specify a task definition with multiple containers where container dependency is specified, see Container dependency in the Amazon Elastic Container Service Developer Guide.

    Command List<string>
    A string array representing the command that the container runs to determine if it is healthy. The string array must start with CMD to run the command arguments directly, or CMD-SHELL to run the command with the container's default shell. When you use the AWS Management Console JSON panel, the CLIlong, or the APIs, enclose the list of commands in double quotes and brackets. [ "CMD-SHELL", "curl -f http://localhost/ || exit 1" ] You don't include the double quotes and brackets when you use the AWS Management Console. CMD-SHELL, curl -f http://localhost/ || exit 1 An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see HealthCheck in the docker container create command.
    Interval int
    The time period in seconds between each health check execution. You may specify between 5 and 300 seconds. The default value is 30 seconds. This value applies only when you specify a command.
    Retries int
    The number of times to retry a failed health check before the container is considered unhealthy. You may specify between 1 and 10 retries. The default value is 3. This value applies only when you specify a command.
    StartPeriod int
    The optional grace period to provide containers time to bootstrap before failed health checks count towards the maximum number of retries. You can specify between 0 and 300 seconds. By default, the startPeriod is off. This value applies only when you specify a command. If a health check succeeds within the startPeriod, then the container is considered healthy and any subsequent failures count toward the maximum number of retries.
    Timeout int
    The time period in seconds to wait for a health check to succeed before it is considered a failure. You may specify between 2 and 60 seconds. The default value is 5. This value applies only when you specify a command.
    Command []string
    A string array representing the command that the container runs to determine if it is healthy. The string array must start with CMD to run the command arguments directly, or CMD-SHELL to run the command with the container's default shell. When you use the AWS Management Console JSON panel, the CLIlong, or the APIs, enclose the list of commands in double quotes and brackets. [ "CMD-SHELL", "curl -f http://localhost/ || exit 1" ] You don't include the double quotes and brackets when you use the AWS Management Console. CMD-SHELL, curl -f http://localhost/ || exit 1 An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see HealthCheck in the docker container create command.
    Interval int
    The time period in seconds between each health check execution. You may specify between 5 and 300 seconds. The default value is 30 seconds. This value applies only when you specify a command.
    Retries int
    The number of times to retry a failed health check before the container is considered unhealthy. You may specify between 1 and 10 retries. The default value is 3. This value applies only when you specify a command.
    StartPeriod int
    The optional grace period to provide containers time to bootstrap before failed health checks count towards the maximum number of retries. You can specify between 0 and 300 seconds. By default, the startPeriod is off. This value applies only when you specify a command. If a health check succeeds within the startPeriod, then the container is considered healthy and any subsequent failures count toward the maximum number of retries.
    Timeout int
    The time period in seconds to wait for a health check to succeed before it is considered a failure. You may specify between 2 and 60 seconds. The default value is 5. This value applies only when you specify a command.
    command List<String>
    A string array representing the command that the container runs to determine if it is healthy. The string array must start with CMD to run the command arguments directly, or CMD-SHELL to run the command with the container's default shell. When you use the AWS Management Console JSON panel, the CLIlong, or the APIs, enclose the list of commands in double quotes and brackets. [ "CMD-SHELL", "curl -f http://localhost/ || exit 1" ] You don't include the double quotes and brackets when you use the AWS Management Console. CMD-SHELL, curl -f http://localhost/ || exit 1 An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see HealthCheck in the docker container create command.
    interval Integer
    The time period in seconds between each health check execution. You may specify between 5 and 300 seconds. The default value is 30 seconds. This value applies only when you specify a command.
    retries Integer
    The number of times to retry a failed health check before the container is considered unhealthy. You may specify between 1 and 10 retries. The default value is 3. This value applies only when you specify a command.
    startPeriod Integer
    The optional grace period to provide containers time to bootstrap before failed health checks count towards the maximum number of retries. You can specify between 0 and 300 seconds. By default, the startPeriod is off. This value applies only when you specify a command. If a health check succeeds within the startPeriod, then the container is considered healthy and any subsequent failures count toward the maximum number of retries.
    timeout Integer
    The time period in seconds to wait for a health check to succeed before it is considered a failure. You may specify between 2 and 60 seconds. The default value is 5. This value applies only when you specify a command.
    command string[]
    A string array representing the command that the container runs to determine if it is healthy. The string array must start with CMD to run the command arguments directly, or CMD-SHELL to run the command with the container's default shell. When you use the AWS Management Console JSON panel, the CLIlong, or the APIs, enclose the list of commands in double quotes and brackets. [ "CMD-SHELL", "curl -f http://localhost/ || exit 1" ] You don't include the double quotes and brackets when you use the AWS Management Console. CMD-SHELL, curl -f http://localhost/ || exit 1 An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see HealthCheck in the docker container create command.
    interval number
    The time period in seconds between each health check execution. You may specify between 5 and 300 seconds. The default value is 30 seconds. This value applies only when you specify a command.
    retries number
    The number of times to retry a failed health check before the container is considered unhealthy. You may specify between 1 and 10 retries. The default value is 3. This value applies only when you specify a command.
    startPeriod number
    The optional grace period to provide containers time to bootstrap before failed health checks count towards the maximum number of retries. You can specify between 0 and 300 seconds. By default, the startPeriod is off. This value applies only when you specify a command. If a health check succeeds within the startPeriod, then the container is considered healthy and any subsequent failures count toward the maximum number of retries.
    timeout number
    The time period in seconds to wait for a health check to succeed before it is considered a failure. You may specify between 2 and 60 seconds. The default value is 5. This value applies only when you specify a command.
    command Sequence[str]
    A string array representing the command that the container runs to determine if it is healthy. The string array must start with CMD to run the command arguments directly, or CMD-SHELL to run the command with the container's default shell. When you use the AWS Management Console JSON panel, the CLIlong, or the APIs, enclose the list of commands in double quotes and brackets. [ "CMD-SHELL", "curl -f http://localhost/ || exit 1" ] You don't include the double quotes and brackets when you use the AWS Management Console. CMD-SHELL, curl -f http://localhost/ || exit 1 An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see HealthCheck in the docker container create command.
    interval int
    The time period in seconds between each health check execution. You may specify between 5 and 300 seconds. The default value is 30 seconds. This value applies only when you specify a command.
    retries int
    The number of times to retry a failed health check before the container is considered unhealthy. You may specify between 1 and 10 retries. The default value is 3. This value applies only when you specify a command.
    start_period int
    The optional grace period to provide containers time to bootstrap before failed health checks count towards the maximum number of retries. You can specify between 0 and 300 seconds. By default, the startPeriod is off. This value applies only when you specify a command. If a health check succeeds within the startPeriod, then the container is considered healthy and any subsequent failures count toward the maximum number of retries.
    timeout int
    The time period in seconds to wait for a health check to succeed before it is considered a failure. You may specify between 2 and 60 seconds. The default value is 5. This value applies only when you specify a command.
    command List<String>
    A string array representing the command that the container runs to determine if it is healthy. The string array must start with CMD to run the command arguments directly, or CMD-SHELL to run the command with the container's default shell. When you use the AWS Management Console JSON panel, the CLIlong, or the APIs, enclose the list of commands in double quotes and brackets. [ "CMD-SHELL", "curl -f http://localhost/ || exit 1" ] You don't include the double quotes and brackets when you use the AWS Management Console. CMD-SHELL, curl -f http://localhost/ || exit 1 An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see HealthCheck in the docker container create command.
    interval Number
    The time period in seconds between each health check execution. You may specify between 5 and 300 seconds. The default value is 30 seconds. This value applies only when you specify a command.
    retries Number
    The number of times to retry a failed health check before the container is considered unhealthy. You may specify between 1 and 10 retries. The default value is 3. This value applies only when you specify a command.
    startPeriod Number
    The optional grace period to provide containers time to bootstrap before failed health checks count towards the maximum number of retries. You can specify between 0 and 300 seconds. By default, the startPeriod is off. This value applies only when you specify a command. If a health check succeeds within the startPeriod, then the container is considered healthy and any subsequent failures count toward the maximum number of retries.
    timeout Number
    The time period in seconds to wait for a health check to succeed before it is considered a failure. You may specify between 2 and 60 seconds. The default value is 5. This value applies only when you specify a command.

    DaemonTaskDefinitionHostVolumeProperties, DaemonTaskDefinitionHostVolumePropertiesArgs

    Details on a container instance bind mount host volume.
    SourcePath string
    When the host parameter is used, specify a sourcePath to declare the path on the host container instance that's presented to the container. If this parameter is empty, then the Docker daemon has assigned a host path for you. If the host parameter contains a sourcePath file location, then the data volume persists at the specified location on the host container instance until you delete it manually. If the sourcePath value doesn't exist on the host container instance, the Docker daemon creates it. If the location does exist, the contents of the source path folder are exported. If you're using the Fargate launch type, the sourcePath parameter is not supported.
    SourcePath string
    When the host parameter is used, specify a sourcePath to declare the path on the host container instance that's presented to the container. If this parameter is empty, then the Docker daemon has assigned a host path for you. If the host parameter contains a sourcePath file location, then the data volume persists at the specified location on the host container instance until you delete it manually. If the sourcePath value doesn't exist on the host container instance, the Docker daemon creates it. If the location does exist, the contents of the source path folder are exported. If you're using the Fargate launch type, the sourcePath parameter is not supported.
    sourcePath String
    When the host parameter is used, specify a sourcePath to declare the path on the host container instance that's presented to the container. If this parameter is empty, then the Docker daemon has assigned a host path for you. If the host parameter contains a sourcePath file location, then the data volume persists at the specified location on the host container instance until you delete it manually. If the sourcePath value doesn't exist on the host container instance, the Docker daemon creates it. If the location does exist, the contents of the source path folder are exported. If you're using the Fargate launch type, the sourcePath parameter is not supported.
    sourcePath string
    When the host parameter is used, specify a sourcePath to declare the path on the host container instance that's presented to the container. If this parameter is empty, then the Docker daemon has assigned a host path for you. If the host parameter contains a sourcePath file location, then the data volume persists at the specified location on the host container instance until you delete it manually. If the sourcePath value doesn't exist on the host container instance, the Docker daemon creates it. If the location does exist, the contents of the source path folder are exported. If you're using the Fargate launch type, the sourcePath parameter is not supported.
    source_path str
    When the host parameter is used, specify a sourcePath to declare the path on the host container instance that's presented to the container. If this parameter is empty, then the Docker daemon has assigned a host path for you. If the host parameter contains a sourcePath file location, then the data volume persists at the specified location on the host container instance until you delete it manually. If the sourcePath value doesn't exist on the host container instance, the Docker daemon creates it. If the location does exist, the contents of the source path folder are exported. If you're using the Fargate launch type, the sourcePath parameter is not supported.
    sourcePath String
    When the host parameter is used, specify a sourcePath to declare the path on the host container instance that's presented to the container. If this parameter is empty, then the Docker daemon has assigned a host path for you. If the host parameter contains a sourcePath file location, then the data volume persists at the specified location on the host container instance until you delete it manually. If the sourcePath value doesn't exist on the host container instance, the Docker daemon creates it. If the location does exist, the contents of the source path folder are exported. If you're using the Fargate launch type, the sourcePath parameter is not supported.

    DaemonTaskDefinitionKernelCapabilities, DaemonTaskDefinitionKernelCapabilitiesArgs

    The Linux capabilities to add or remove from the default Docker configuration for a container defined in the task definition. For more detailed information about these Linux capabilities, see the capabilities(7) Linux manual page. The following describes how Docker processes the Linux capabilities specified in the add and drop request parameters. For information about the latest behavior, see Docker Compose: order of cap_drop and cap_add in the Docker Community Forum.

    • When the container is a privleged container, the container capabilities are all of the default Docker capabilities. The capabilities specified in the add request parameter, and the drop request parameter are ignored.
    • When the add request parameter is set to ALL, the container capabilities are all of the default Docker capabilities, excluding those specified in the drop request parameter.
    • When the drop request parameter is set to ALL, the container capabilities are the capabilities specified in the add request parameter.
    • When the add request parameter and the drop request parameter are both empty, the capabilities the container capabilities are all of the default Docker capabilities.
    • The default is to first drop the capabilities specified in the drop request parameter, and then add the capabilities specified in the add request parameter.
    Add List<string>
    The Linux capabilities for the container that have been added to the default configuration provided by Docker. This parameter maps to CapAdd in the docker container create command and the --cap-add option to docker run. Tasks launched on FARGATElong only support adding the SYS_PTRACE kernel capability. Valid values: "ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" | "FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" | "LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" | "NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" | "SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" | "SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT" | "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" | "SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"
    Drop List<string>
    The Linux capabilities for the container that have been removed from the default configuration provided by Docker. This parameter maps to CapDrop in the docker container create command and the --cap-drop option to docker run. Valid values: "ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" | "FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" | "LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" | "NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" | "SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" | "SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT" | "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" | "SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"
    Add []string
    The Linux capabilities for the container that have been added to the default configuration provided by Docker. This parameter maps to CapAdd in the docker container create command and the --cap-add option to docker run. Tasks launched on FARGATElong only support adding the SYS_PTRACE kernel capability. Valid values: "ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" | "FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" | "LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" | "NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" | "SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" | "SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT" | "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" | "SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"
    Drop []string
    The Linux capabilities for the container that have been removed from the default configuration provided by Docker. This parameter maps to CapDrop in the docker container create command and the --cap-drop option to docker run. Valid values: "ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" | "FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" | "LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" | "NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" | "SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" | "SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT" | "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" | "SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"
    add List<String>
    The Linux capabilities for the container that have been added to the default configuration provided by Docker. This parameter maps to CapAdd in the docker container create command and the --cap-add option to docker run. Tasks launched on FARGATElong only support adding the SYS_PTRACE kernel capability. Valid values: "ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" | "FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" | "LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" | "NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" | "SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" | "SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT" | "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" | "SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"
    drop List<String>
    The Linux capabilities for the container that have been removed from the default configuration provided by Docker. This parameter maps to CapDrop in the docker container create command and the --cap-drop option to docker run. Valid values: "ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" | "FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" | "LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" | "NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" | "SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" | "SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT" | "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" | "SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"
    add string[]
    The Linux capabilities for the container that have been added to the default configuration provided by Docker. This parameter maps to CapAdd in the docker container create command and the --cap-add option to docker run. Tasks launched on FARGATElong only support adding the SYS_PTRACE kernel capability. Valid values: "ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" | "FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" | "LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" | "NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" | "SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" | "SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT" | "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" | "SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"
    drop string[]
    The Linux capabilities for the container that have been removed from the default configuration provided by Docker. This parameter maps to CapDrop in the docker container create command and the --cap-drop option to docker run. Valid values: "ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" | "FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" | "LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" | "NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" | "SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" | "SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT" | "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" | "SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"
    add Sequence[str]
    The Linux capabilities for the container that have been added to the default configuration provided by Docker. This parameter maps to CapAdd in the docker container create command and the --cap-add option to docker run. Tasks launched on FARGATElong only support adding the SYS_PTRACE kernel capability. Valid values: "ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" | "FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" | "LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" | "NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" | "SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" | "SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT" | "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" | "SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"
    drop Sequence[str]
    The Linux capabilities for the container that have been removed from the default configuration provided by Docker. This parameter maps to CapDrop in the docker container create command and the --cap-drop option to docker run. Valid values: "ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" | "FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" | "LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" | "NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" | "SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" | "SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT" | "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" | "SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"
    add List<String>
    The Linux capabilities for the container that have been added to the default configuration provided by Docker. This parameter maps to CapAdd in the docker container create command and the --cap-add option to docker run. Tasks launched on FARGATElong only support adding the SYS_PTRACE kernel capability. Valid values: "ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" | "FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" | "LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" | "NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" | "SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" | "SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT" | "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" | "SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"
    drop List<String>
    The Linux capabilities for the container that have been removed from the default configuration provided by Docker. This parameter maps to CapDrop in the docker container create command and the --cap-drop option to docker run. Valid values: "ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" | "FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" | "LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" | "NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" | "SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" | "SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT" | "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" | "SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"

    DaemonTaskDefinitionKeyValuePair, DaemonTaskDefinitionKeyValuePairArgs

    A key-value pair object.
    Name string
    The name of the key-value pair. For environment variables, this is the name of the environment variable.
    Value string
    The value of the key-value pair. For environment variables, this is the value of the environment variable.
    Name string
    The name of the key-value pair. For environment variables, this is the name of the environment variable.
    Value string
    The value of the key-value pair. For environment variables, this is the value of the environment variable.
    name String
    The name of the key-value pair. For environment variables, this is the name of the environment variable.
    value String
    The value of the key-value pair. For environment variables, this is the value of the environment variable.
    name string
    The name of the key-value pair. For environment variables, this is the name of the environment variable.
    value string
    The value of the key-value pair. For environment variables, this is the value of the environment variable.
    name str
    The name of the key-value pair. For environment variables, this is the name of the environment variable.
    value str
    The value of the key-value pair. For environment variables, this is the value of the environment variable.
    name String
    The name of the key-value pair. For environment variables, this is the name of the environment variable.
    value String
    The value of the key-value pair. For environment variables, this is the value of the environment variable.

    DaemonTaskDefinitionLinuxParameters, DaemonTaskDefinitionLinuxParametersArgs

    The Linux-specific options that are applied to the container, such as Linux KernelCapabilities.
    Capabilities Pulumi.AwsNative.Ecs.Inputs.DaemonTaskDefinitionKernelCapabilities
    The Linux capabilities for the container that are added to or dropped from the default configuration provided by Docker. For tasks that use the Fargate launch type, capabilities is supported for all platform versions but the add parameter is only supported if using platform version 1.4.0 or later.
    Devices List<Pulumi.AwsNative.Ecs.Inputs.DaemonTaskDefinitionDevice>
    Any host devices to expose to the container. This parameter maps to Devices in the docker container create command and the --device option to docker run. If you're using tasks that use the Fargate launch type, the devices parameter isn't supported.
    InitProcessEnabled bool
    Run an init process inside the container that forwards signals and reaps processes. This parameter maps to the --init option to docker run. This parameter requires version 1.25 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'
    Tmpfs List<Pulumi.AwsNative.Ecs.Inputs.DaemonTaskDefinitionTmpfs>
    The container path, mount options, and size (in MiB) of the tmpfs mount. This parameter maps to the --tmpfs option to docker run. If you're using tasks that use the Fargate launch type, the tmpfs parameter isn't supported.
    Capabilities DaemonTaskDefinitionKernelCapabilities
    The Linux capabilities for the container that are added to or dropped from the default configuration provided by Docker. For tasks that use the Fargate launch type, capabilities is supported for all platform versions but the add parameter is only supported if using platform version 1.4.0 or later.
    Devices []DaemonTaskDefinitionDevice
    Any host devices to expose to the container. This parameter maps to Devices in the docker container create command and the --device option to docker run. If you're using tasks that use the Fargate launch type, the devices parameter isn't supported.
    InitProcessEnabled bool
    Run an init process inside the container that forwards signals and reaps processes. This parameter maps to the --init option to docker run. This parameter requires version 1.25 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'
    Tmpfs []DaemonTaskDefinitionTmpfs
    The container path, mount options, and size (in MiB) of the tmpfs mount. This parameter maps to the --tmpfs option to docker run. If you're using tasks that use the Fargate launch type, the tmpfs parameter isn't supported.
    capabilities DaemonTaskDefinitionKernelCapabilities
    The Linux capabilities for the container that are added to or dropped from the default configuration provided by Docker. For tasks that use the Fargate launch type, capabilities is supported for all platform versions but the add parameter is only supported if using platform version 1.4.0 or later.
    devices List<DaemonTaskDefinitionDevice>
    Any host devices to expose to the container. This parameter maps to Devices in the docker container create command and the --device option to docker run. If you're using tasks that use the Fargate launch type, the devices parameter isn't supported.
    initProcessEnabled Boolean
    Run an init process inside the container that forwards signals and reaps processes. This parameter maps to the --init option to docker run. This parameter requires version 1.25 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'
    tmpfs List<DaemonTaskDefinitionTmpfs>
    The container path, mount options, and size (in MiB) of the tmpfs mount. This parameter maps to the --tmpfs option to docker run. If you're using tasks that use the Fargate launch type, the tmpfs parameter isn't supported.
    capabilities DaemonTaskDefinitionKernelCapabilities
    The Linux capabilities for the container that are added to or dropped from the default configuration provided by Docker. For tasks that use the Fargate launch type, capabilities is supported for all platform versions but the add parameter is only supported if using platform version 1.4.0 or later.
    devices DaemonTaskDefinitionDevice[]
    Any host devices to expose to the container. This parameter maps to Devices in the docker container create command and the --device option to docker run. If you're using tasks that use the Fargate launch type, the devices parameter isn't supported.
    initProcessEnabled boolean
    Run an init process inside the container that forwards signals and reaps processes. This parameter maps to the --init option to docker run. This parameter requires version 1.25 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'
    tmpfs DaemonTaskDefinitionTmpfs[]
    The container path, mount options, and size (in MiB) of the tmpfs mount. This parameter maps to the --tmpfs option to docker run. If you're using tasks that use the Fargate launch type, the tmpfs parameter isn't supported.
    capabilities DaemonTaskDefinitionKernelCapabilities
    The Linux capabilities for the container that are added to or dropped from the default configuration provided by Docker. For tasks that use the Fargate launch type, capabilities is supported for all platform versions but the add parameter is only supported if using platform version 1.4.0 or later.
    devices Sequence[DaemonTaskDefinitionDevice]
    Any host devices to expose to the container. This parameter maps to Devices in the docker container create command and the --device option to docker run. If you're using tasks that use the Fargate launch type, the devices parameter isn't supported.
    init_process_enabled bool
    Run an init process inside the container that forwards signals and reaps processes. This parameter maps to the --init option to docker run. This parameter requires version 1.25 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'
    tmpfs Sequence[DaemonTaskDefinitionTmpfs]
    The container path, mount options, and size (in MiB) of the tmpfs mount. This parameter maps to the --tmpfs option to docker run. If you're using tasks that use the Fargate launch type, the tmpfs parameter isn't supported.
    capabilities Property Map
    The Linux capabilities for the container that are added to or dropped from the default configuration provided by Docker. For tasks that use the Fargate launch type, capabilities is supported for all platform versions but the add parameter is only supported if using platform version 1.4.0 or later.
    devices List<Property Map>
    Any host devices to expose to the container. This parameter maps to Devices in the docker container create command and the --device option to docker run. If you're using tasks that use the Fargate launch type, the devices parameter isn't supported.
    initProcessEnabled Boolean
    Run an init process inside the container that forwards signals and reaps processes. This parameter maps to the --init option to docker run. This parameter requires version 1.25 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'
    tmpfs List<Property Map>
    The container path, mount options, and size (in MiB) of the tmpfs mount. This parameter maps to the --tmpfs option to docker run. If you're using tasks that use the Fargate launch type, the tmpfs parameter isn't supported.

    DaemonTaskDefinitionLogConfiguration, DaemonTaskDefinitionLogConfigurationArgs

    The log configuration for the container. This parameter maps to LogConfig in the docker container create command and the --log-driver option to docker run. By default, containers use the same logging driver that the Docker daemon uses. However, the container might use a different logging driver than the Docker daemon by specifying a log driver configuration in the container definition. Understand the following when specifying a log configuration for your containers.

    • Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon. Additional log drivers may be available in future releases of the Amazon ECS container agent. For tasks on FARGATElong, the supported log drivers are awslogs, splunk, and awsfirelens. For tasks hosted on Amazon EC2 instances, the supported log drivers are awslogs, fluentd, gelf, json-file, journald,syslog, splunk, and awsfirelens.
    • This parameter requires version 1.18 of the Docker Remote API or greater on your container instance.
    • For tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must register the available logging drivers with the ECS_AVAILABLE_LOGGING_DRIVERS environment variable before containers placed on that instance can use these log configuration options. For more information, see Amazon ECS container agent configuration in the Amazon Elastic Container Service Developer Guide.
    • For tasks that are on FARGATElong, because you don't have access to the underlying infrastructure your tasks are hosted on, any additional software needed must be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to.
    LogDriver string
    The log driver to use for the container. For tasks on FARGATElong, the supported log drivers are awslogs, splunk, and awsfirelens. For tasks hosted on Amazon EC2 instances, the supported log drivers are awslogs, fluentd, gelf, json-file, journald, syslog, splunk, and awsfirelens. For more information about using the awslogs log driver, see Send Amazon ECS logs to CloudWatch in the Amazon Elastic Container Service Developer Guide. For more information about using the awsfirelens log driver, see Send Amazon ECS logs to an service or Partner. If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's available on GitHub and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software.
    Options Dictionary<string, string>
    The configuration options to send to the log driver. The options you can specify depend on the log driver. Some of the options you can specify when you use the awslogs log driver to route logs to Amazon CloudWatch include the following:

    • awslogs-create-group Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to false. Your IAM policy must include the logs:CreateLogGroup permission before you attempt to use awslogs-create-group. + awslogs-region Required: Yes Specify the Region that the awslogs log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. + awslogs-group Required: Yes Make sure to specify a log group that the awslogs log driver sends its log streams to. + awslogs-stream-prefix Required: Yes, when using Fargate.Optional when using EC2. Use the awslogs-stream-prefix option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format prefix-name/container-name/ecs-task-id. If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. + awslogs-datetime-format Required: No This option defines a multiline start pattern in Python strftime format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see awslogs-datetime-format. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + awslogs-multiline-pattern Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see awslogs-multiline-pattern. This option is ignored if awslogs-datetime-format is also configured. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. The following options apply to all supported log drivers.
    • mode Required: No Valid values: non-blocking | blocking This option defines the delivery mode of log messages from the container to the log driver specified using logDriver. The delivery mode you choose affects application availability when the flow of logs from container is interrupted. If you use the blocking mode and the flow of logs is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the non-blocking mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver. You can set a default mode for all containers in a specific Region by using the defaultLogDriverMode account setting. If you don't specify the mode option or configure the account setting, Amazon ECS will default to the non-blocking mode. For more information about the account setting, see Default log driver mode in the Amazon Elastic Container Service Developer Guide. On June 25, 2025, Amazon ECS changed the default log driver mode from blocking to non-blocking to prioritize task availability over logging. To continue using the blocking mode after this change, do one of the following: Set the mode option in your container definition's logConfiguration as blocking. Set the defaultLogDriverMode account setting to blocking. + max-buffer-size Required: No Default value: 10m When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. To route logs using the splunk log router, you need to specify a splunk-token and a splunk-url. When you use the awsfirelens log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the log-driver-buffer-limit option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker. Other options you can specify when using awsfirelens to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with region and a name for the log stream with delivery_stream. When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with region and a data stream name with stream. When you export logs to Amazon OpenSearch Service, you can specify options like Name, Host (OpenSearch Service endpoint without protocol), Port, Index, Type, Aws_auth, Aws_region, Suppress_Type_Name, and tls. For more information, see Under the hood: FireLens for Amazon ECS Tasks. When you export logs to Amazon S3, you can specify the bucket using the bucket option. You can also specify region, total_file_size, upload_timeout, and use_put_object as options. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'
    SecretOptions List<Pulumi.AwsNative.Ecs.Inputs.DaemonTaskDefinitionSecret>
    The secrets to pass to the log configuration. For more information, see Specifying sensitive data in the Amazon Elastic Container Service Developer Guide.
    LogDriver string
    The log driver to use for the container. For tasks on FARGATElong, the supported log drivers are awslogs, splunk, and awsfirelens. For tasks hosted on Amazon EC2 instances, the supported log drivers are awslogs, fluentd, gelf, json-file, journald, syslog, splunk, and awsfirelens. For more information about using the awslogs log driver, see Send Amazon ECS logs to CloudWatch in the Amazon Elastic Container Service Developer Guide. For more information about using the awsfirelens log driver, see Send Amazon ECS logs to an service or Partner. If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's available on GitHub and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software.
    Options map[string]string
    The configuration options to send to the log driver. The options you can specify depend on the log driver. Some of the options you can specify when you use the awslogs log driver to route logs to Amazon CloudWatch include the following:

    • awslogs-create-group Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to false. Your IAM policy must include the logs:CreateLogGroup permission before you attempt to use awslogs-create-group. + awslogs-region Required: Yes Specify the Region that the awslogs log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. + awslogs-group Required: Yes Make sure to specify a log group that the awslogs log driver sends its log streams to. + awslogs-stream-prefix Required: Yes, when using Fargate.Optional when using EC2. Use the awslogs-stream-prefix option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format prefix-name/container-name/ecs-task-id. If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. + awslogs-datetime-format Required: No This option defines a multiline start pattern in Python strftime format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see awslogs-datetime-format. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + awslogs-multiline-pattern Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see awslogs-multiline-pattern. This option is ignored if awslogs-datetime-format is also configured. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. The following options apply to all supported log drivers.
    • mode Required: No Valid values: non-blocking | blocking This option defines the delivery mode of log messages from the container to the log driver specified using logDriver. The delivery mode you choose affects application availability when the flow of logs from container is interrupted. If you use the blocking mode and the flow of logs is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the non-blocking mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver. You can set a default mode for all containers in a specific Region by using the defaultLogDriverMode account setting. If you don't specify the mode option or configure the account setting, Amazon ECS will default to the non-blocking mode. For more information about the account setting, see Default log driver mode in the Amazon Elastic Container Service Developer Guide. On June 25, 2025, Amazon ECS changed the default log driver mode from blocking to non-blocking to prioritize task availability over logging. To continue using the blocking mode after this change, do one of the following: Set the mode option in your container definition's logConfiguration as blocking. Set the defaultLogDriverMode account setting to blocking. + max-buffer-size Required: No Default value: 10m When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. To route logs using the splunk log router, you need to specify a splunk-token and a splunk-url. When you use the awsfirelens log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the log-driver-buffer-limit option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker. Other options you can specify when using awsfirelens to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with region and a name for the log stream with delivery_stream. When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with region and a data stream name with stream. When you export logs to Amazon OpenSearch Service, you can specify options like Name, Host (OpenSearch Service endpoint without protocol), Port, Index, Type, Aws_auth, Aws_region, Suppress_Type_Name, and tls. For more information, see Under the hood: FireLens for Amazon ECS Tasks. When you export logs to Amazon S3, you can specify the bucket using the bucket option. You can also specify region, total_file_size, upload_timeout, and use_put_object as options. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'
    SecretOptions []DaemonTaskDefinitionSecret
    The secrets to pass to the log configuration. For more information, see Specifying sensitive data in the Amazon Elastic Container Service Developer Guide.
    logDriver String
    The log driver to use for the container. For tasks on FARGATElong, the supported log drivers are awslogs, splunk, and awsfirelens. For tasks hosted on Amazon EC2 instances, the supported log drivers are awslogs, fluentd, gelf, json-file, journald, syslog, splunk, and awsfirelens. For more information about using the awslogs log driver, see Send Amazon ECS logs to CloudWatch in the Amazon Elastic Container Service Developer Guide. For more information about using the awsfirelens log driver, see Send Amazon ECS logs to an service or Partner. If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's available on GitHub and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software.
    options Map<String,String>
    The configuration options to send to the log driver. The options you can specify depend on the log driver. Some of the options you can specify when you use the awslogs log driver to route logs to Amazon CloudWatch include the following:

    • awslogs-create-group Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to false. Your IAM policy must include the logs:CreateLogGroup permission before you attempt to use awslogs-create-group. + awslogs-region Required: Yes Specify the Region that the awslogs log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. + awslogs-group Required: Yes Make sure to specify a log group that the awslogs log driver sends its log streams to. + awslogs-stream-prefix Required: Yes, when using Fargate.Optional when using EC2. Use the awslogs-stream-prefix option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format prefix-name/container-name/ecs-task-id. If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. + awslogs-datetime-format Required: No This option defines a multiline start pattern in Python strftime format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see awslogs-datetime-format. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + awslogs-multiline-pattern Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see awslogs-multiline-pattern. This option is ignored if awslogs-datetime-format is also configured. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. The following options apply to all supported log drivers.
    • mode Required: No Valid values: non-blocking | blocking This option defines the delivery mode of log messages from the container to the log driver specified using logDriver. The delivery mode you choose affects application availability when the flow of logs from container is interrupted. If you use the blocking mode and the flow of logs is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the non-blocking mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver. You can set a default mode for all containers in a specific Region by using the defaultLogDriverMode account setting. If you don't specify the mode option or configure the account setting, Amazon ECS will default to the non-blocking mode. For more information about the account setting, see Default log driver mode in the Amazon Elastic Container Service Developer Guide. On June 25, 2025, Amazon ECS changed the default log driver mode from blocking to non-blocking to prioritize task availability over logging. To continue using the blocking mode after this change, do one of the following: Set the mode option in your container definition's logConfiguration as blocking. Set the defaultLogDriverMode account setting to blocking. + max-buffer-size Required: No Default value: 10m When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. To route logs using the splunk log router, you need to specify a splunk-token and a splunk-url. When you use the awsfirelens log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the log-driver-buffer-limit option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker. Other options you can specify when using awsfirelens to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with region and a name for the log stream with delivery_stream. When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with region and a data stream name with stream. When you export logs to Amazon OpenSearch Service, you can specify options like Name, Host (OpenSearch Service endpoint without protocol), Port, Index, Type, Aws_auth, Aws_region, Suppress_Type_Name, and tls. For more information, see Under the hood: FireLens for Amazon ECS Tasks. When you export logs to Amazon S3, you can specify the bucket using the bucket option. You can also specify region, total_file_size, upload_timeout, and use_put_object as options. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'
    secretOptions List<DaemonTaskDefinitionSecret>
    The secrets to pass to the log configuration. For more information, see Specifying sensitive data in the Amazon Elastic Container Service Developer Guide.
    logDriver string
    The log driver to use for the container. For tasks on FARGATElong, the supported log drivers are awslogs, splunk, and awsfirelens. For tasks hosted on Amazon EC2 instances, the supported log drivers are awslogs, fluentd, gelf, json-file, journald, syslog, splunk, and awsfirelens. For more information about using the awslogs log driver, see Send Amazon ECS logs to CloudWatch in the Amazon Elastic Container Service Developer Guide. For more information about using the awsfirelens log driver, see Send Amazon ECS logs to an service or Partner. If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's available on GitHub and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software.
    options {[key: string]: string}
    The configuration options to send to the log driver. The options you can specify depend on the log driver. Some of the options you can specify when you use the awslogs log driver to route logs to Amazon CloudWatch include the following:

    • awslogs-create-group Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to false. Your IAM policy must include the logs:CreateLogGroup permission before you attempt to use awslogs-create-group. + awslogs-region Required: Yes Specify the Region that the awslogs log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. + awslogs-group Required: Yes Make sure to specify a log group that the awslogs log driver sends its log streams to. + awslogs-stream-prefix Required: Yes, when using Fargate.Optional when using EC2. Use the awslogs-stream-prefix option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format prefix-name/container-name/ecs-task-id. If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. + awslogs-datetime-format Required: No This option defines a multiline start pattern in Python strftime format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see awslogs-datetime-format. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + awslogs-multiline-pattern Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see awslogs-multiline-pattern. This option is ignored if awslogs-datetime-format is also configured. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. The following options apply to all supported log drivers.
    • mode Required: No Valid values: non-blocking | blocking This option defines the delivery mode of log messages from the container to the log driver specified using logDriver. The delivery mode you choose affects application availability when the flow of logs from container is interrupted. If you use the blocking mode and the flow of logs is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the non-blocking mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver. You can set a default mode for all containers in a specific Region by using the defaultLogDriverMode account setting. If you don't specify the mode option or configure the account setting, Amazon ECS will default to the non-blocking mode. For more information about the account setting, see Default log driver mode in the Amazon Elastic Container Service Developer Guide. On June 25, 2025, Amazon ECS changed the default log driver mode from blocking to non-blocking to prioritize task availability over logging. To continue using the blocking mode after this change, do one of the following: Set the mode option in your container definition's logConfiguration as blocking. Set the defaultLogDriverMode account setting to blocking. + max-buffer-size Required: No Default value: 10m When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. To route logs using the splunk log router, you need to specify a splunk-token and a splunk-url. When you use the awsfirelens log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the log-driver-buffer-limit option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker. Other options you can specify when using awsfirelens to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with region and a name for the log stream with delivery_stream. When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with region and a data stream name with stream. When you export logs to Amazon OpenSearch Service, you can specify options like Name, Host (OpenSearch Service endpoint without protocol), Port, Index, Type, Aws_auth, Aws_region, Suppress_Type_Name, and tls. For more information, see Under the hood: FireLens for Amazon ECS Tasks. When you export logs to Amazon S3, you can specify the bucket using the bucket option. You can also specify region, total_file_size, upload_timeout, and use_put_object as options. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'
    secretOptions DaemonTaskDefinitionSecret[]
    The secrets to pass to the log configuration. For more information, see Specifying sensitive data in the Amazon Elastic Container Service Developer Guide.
    log_driver str
    The log driver to use for the container. For tasks on FARGATElong, the supported log drivers are awslogs, splunk, and awsfirelens. For tasks hosted on Amazon EC2 instances, the supported log drivers are awslogs, fluentd, gelf, json-file, journald, syslog, splunk, and awsfirelens. For more information about using the awslogs log driver, see Send Amazon ECS logs to CloudWatch in the Amazon Elastic Container Service Developer Guide. For more information about using the awsfirelens log driver, see Send Amazon ECS logs to an service or Partner. If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's available on GitHub and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software.
    options Mapping[str, str]
    The configuration options to send to the log driver. The options you can specify depend on the log driver. Some of the options you can specify when you use the awslogs log driver to route logs to Amazon CloudWatch include the following:

    • awslogs-create-group Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to false. Your IAM policy must include the logs:CreateLogGroup permission before you attempt to use awslogs-create-group. + awslogs-region Required: Yes Specify the Region that the awslogs log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. + awslogs-group Required: Yes Make sure to specify a log group that the awslogs log driver sends its log streams to. + awslogs-stream-prefix Required: Yes, when using Fargate.Optional when using EC2. Use the awslogs-stream-prefix option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format prefix-name/container-name/ecs-task-id. If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. + awslogs-datetime-format Required: No This option defines a multiline start pattern in Python strftime format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see awslogs-datetime-format. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + awslogs-multiline-pattern Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see awslogs-multiline-pattern. This option is ignored if awslogs-datetime-format is also configured. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. The following options apply to all supported log drivers.
    • mode Required: No Valid values: non-blocking | blocking This option defines the delivery mode of log messages from the container to the log driver specified using logDriver. The delivery mode you choose affects application availability when the flow of logs from container is interrupted. If you use the blocking mode and the flow of logs is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the non-blocking mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver. You can set a default mode for all containers in a specific Region by using the defaultLogDriverMode account setting. If you don't specify the mode option or configure the account setting, Amazon ECS will default to the non-blocking mode. For more information about the account setting, see Default log driver mode in the Amazon Elastic Container Service Developer Guide. On June 25, 2025, Amazon ECS changed the default log driver mode from blocking to non-blocking to prioritize task availability over logging. To continue using the blocking mode after this change, do one of the following: Set the mode option in your container definition's logConfiguration as blocking. Set the defaultLogDriverMode account setting to blocking. + max-buffer-size Required: No Default value: 10m When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. To route logs using the splunk log router, you need to specify a splunk-token and a splunk-url. When you use the awsfirelens log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the log-driver-buffer-limit option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker. Other options you can specify when using awsfirelens to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with region and a name for the log stream with delivery_stream. When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with region and a data stream name with stream. When you export logs to Amazon OpenSearch Service, you can specify options like Name, Host (OpenSearch Service endpoint without protocol), Port, Index, Type, Aws_auth, Aws_region, Suppress_Type_Name, and tls. For more information, see Under the hood: FireLens for Amazon ECS Tasks. When you export logs to Amazon S3, you can specify the bucket using the bucket option. You can also specify region, total_file_size, upload_timeout, and use_put_object as options. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'
    secret_options Sequence[DaemonTaskDefinitionSecret]
    The secrets to pass to the log configuration. For more information, see Specifying sensitive data in the Amazon Elastic Container Service Developer Guide.
    logDriver String
    The log driver to use for the container. For tasks on FARGATElong, the supported log drivers are awslogs, splunk, and awsfirelens. For tasks hosted on Amazon EC2 instances, the supported log drivers are awslogs, fluentd, gelf, json-file, journald, syslog, splunk, and awsfirelens. For more information about using the awslogs log driver, see Send Amazon ECS logs to CloudWatch in the Amazon Elastic Container Service Developer Guide. For more information about using the awsfirelens log driver, see Send Amazon ECS logs to an service or Partner. If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's available on GitHub and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software.
    options Map<String>
    The configuration options to send to the log driver. The options you can specify depend on the log driver. Some of the options you can specify when you use the awslogs log driver to route logs to Amazon CloudWatch include the following:

    • awslogs-create-group Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to false. Your IAM policy must include the logs:CreateLogGroup permission before you attempt to use awslogs-create-group. + awslogs-region Required: Yes Specify the Region that the awslogs log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. + awslogs-group Required: Yes Make sure to specify a log group that the awslogs log driver sends its log streams to. + awslogs-stream-prefix Required: Yes, when using Fargate.Optional when using EC2. Use the awslogs-stream-prefix option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format prefix-name/container-name/ecs-task-id. If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. + awslogs-datetime-format Required: No This option defines a multiline start pattern in Python strftime format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see awslogs-datetime-format. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + awslogs-multiline-pattern Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see awslogs-multiline-pattern. This option is ignored if awslogs-datetime-format is also configured. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. The following options apply to all supported log drivers.
    • mode Required: No Valid values: non-blocking | blocking This option defines the delivery mode of log messages from the container to the log driver specified using logDriver. The delivery mode you choose affects application availability when the flow of logs from container is interrupted. If you use the blocking mode and the flow of logs is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the non-blocking mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver. You can set a default mode for all containers in a specific Region by using the defaultLogDriverMode account setting. If you don't specify the mode option or configure the account setting, Amazon ECS will default to the non-blocking mode. For more information about the account setting, see Default log driver mode in the Amazon Elastic Container Service Developer Guide. On June 25, 2025, Amazon ECS changed the default log driver mode from blocking to non-blocking to prioritize task availability over logging. To continue using the blocking mode after this change, do one of the following: Set the mode option in your container definition's logConfiguration as blocking. Set the defaultLogDriverMode account setting to blocking. + max-buffer-size Required: No Default value: 10m When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. To route logs using the splunk log router, you need to specify a splunk-token and a splunk-url. When you use the awsfirelens log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the log-driver-buffer-limit option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker. Other options you can specify when using awsfirelens to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with region and a name for the log stream with delivery_stream. When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with region and a data stream name with stream. When you export logs to Amazon OpenSearch Service, you can specify options like Name, Host (OpenSearch Service endpoint without protocol), Port, Index, Type, Aws_auth, Aws_region, Suppress_Type_Name, and tls. For more information, see Under the hood: FireLens for Amazon ECS Tasks. When you export logs to Amazon S3, you can specify the bucket using the bucket option. You can also specify region, total_file_size, upload_timeout, and use_put_object as options. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'
    secretOptions List<Property Map>
    The secrets to pass to the log configuration. For more information, see Specifying sensitive data in the Amazon Elastic Container Service Developer Guide.

    DaemonTaskDefinitionMountPoint, DaemonTaskDefinitionMountPointArgs

    The details for a volume mount point that's used in a container definition.
    ContainerPath string
    The path on the container to mount the host volume at.
    ReadOnly bool
    If this value is true, the container has read-only access to the volume. If this value is false, then the container can write to the volume. The default value is false.
    SourceVolume string
    The name of the volume to mount. Must be a volume name referenced in the name parameter of task definition volume.
    ContainerPath string
    The path on the container to mount the host volume at.
    ReadOnly bool
    If this value is true, the container has read-only access to the volume. If this value is false, then the container can write to the volume. The default value is false.
    SourceVolume string
    The name of the volume to mount. Must be a volume name referenced in the name parameter of task definition volume.
    containerPath String
    The path on the container to mount the host volume at.
    readOnly Boolean
    If this value is true, the container has read-only access to the volume. If this value is false, then the container can write to the volume. The default value is false.
    sourceVolume String
    The name of the volume to mount. Must be a volume name referenced in the name parameter of task definition volume.
    containerPath string
    The path on the container to mount the host volume at.
    readOnly boolean
    If this value is true, the container has read-only access to the volume. If this value is false, then the container can write to the volume. The default value is false.
    sourceVolume string
    The name of the volume to mount. Must be a volume name referenced in the name parameter of task definition volume.
    container_path str
    The path on the container to mount the host volume at.
    read_only bool
    If this value is true, the container has read-only access to the volume. If this value is false, then the container can write to the volume. The default value is false.
    source_volume str
    The name of the volume to mount. Must be a volume name referenced in the name parameter of task definition volume.
    containerPath String
    The path on the container to mount the host volume at.
    readOnly Boolean
    If this value is true, the container has read-only access to the volume. If this value is false, then the container can write to the volume. The default value is false.
    sourceVolume String
    The name of the volume to mount. Must be a volume name referenced in the name parameter of task definition volume.

    DaemonTaskDefinitionRepositoryCredentials, DaemonTaskDefinitionRepositoryCredentialsArgs

    The repository credentials for private registry authentication.
    CredentialsParameter string
    The Amazon Resource Name (ARN) of the secret containing the private repository credentials. When you use the Amazon ECS API, CLI, or AWS SDK, if the secret exists in the same Region as the task that you're launching then you can use either the full ARN or the name of the secret. When you use the AWS Management Console, you must specify the full ARN of the secret.
    CredentialsParameter string
    The Amazon Resource Name (ARN) of the secret containing the private repository credentials. When you use the Amazon ECS API, CLI, or AWS SDK, if the secret exists in the same Region as the task that you're launching then you can use either the full ARN or the name of the secret. When you use the AWS Management Console, you must specify the full ARN of the secret.
    credentialsParameter String
    The Amazon Resource Name (ARN) of the secret containing the private repository credentials. When you use the Amazon ECS API, CLI, or AWS SDK, if the secret exists in the same Region as the task that you're launching then you can use either the full ARN or the name of the secret. When you use the AWS Management Console, you must specify the full ARN of the secret.
    credentialsParameter string
    The Amazon Resource Name (ARN) of the secret containing the private repository credentials. When you use the Amazon ECS API, CLI, or AWS SDK, if the secret exists in the same Region as the task that you're launching then you can use either the full ARN or the name of the secret. When you use the AWS Management Console, you must specify the full ARN of the secret.
    credentials_parameter str
    The Amazon Resource Name (ARN) of the secret containing the private repository credentials. When you use the Amazon ECS API, CLI, or AWS SDK, if the secret exists in the same Region as the task that you're launching then you can use either the full ARN or the name of the secret. When you use the AWS Management Console, you must specify the full ARN of the secret.
    credentialsParameter String
    The Amazon Resource Name (ARN) of the secret containing the private repository credentials. When you use the Amazon ECS API, CLI, or AWS SDK, if the secret exists in the same Region as the task that you're launching then you can use either the full ARN or the name of the secret. When you use the AWS Management Console, you must specify the full ARN of the secret.

    DaemonTaskDefinitionRestartPolicy, DaemonTaskDefinitionRestartPolicyArgs

    enabled Boolean
    ignoredExitCodes List<Integer>
    restartAttemptPeriod Integer

    DaemonTaskDefinitionSecret, DaemonTaskDefinitionSecretArgs

    An object representing the secret to expose to your container. Secrets can be exposed to a container in the following ways:

    • To inject sensitive data into your containers as environment variables, use the secrets container definition parameter.
    • To reference sensitive information in the log configuration of a container, use the secretOptions container definition parameter.

    For more information, see Specifying sensitive data in the Amazon Elastic Container Service Developer Guide.

    Name string
    The name of the secret.
    ValueFrom string
    The secret to expose to the container. The supported values are either the full ARN of the ASMlong secret or the full ARN of the parameter in the SSM Parameter Store. For information about the require IAMlong permissions, see Required IAM permissions for Amazon ECS secrets (for Secrets Manager) or Required IAM permissions for Amazon ECS secrets (for Systems Manager Parameter store) in the Amazon Elastic Container Service Developer Guide. If the SSM Parameter Store parameter exists in the same Region as the task you're launching, then you can use either the full ARN or name of the parameter. If the parameter exists in a different Region, then the full ARN must be specified.
    Name string
    The name of the secret.
    ValueFrom string
    The secret to expose to the container. The supported values are either the full ARN of the ASMlong secret or the full ARN of the parameter in the SSM Parameter Store. For information about the require IAMlong permissions, see Required IAM permissions for Amazon ECS secrets (for Secrets Manager) or Required IAM permissions for Amazon ECS secrets (for Systems Manager Parameter store) in the Amazon Elastic Container Service Developer Guide. If the SSM Parameter Store parameter exists in the same Region as the task you're launching, then you can use either the full ARN or name of the parameter. If the parameter exists in a different Region, then the full ARN must be specified.
    name String
    The name of the secret.
    valueFrom String
    The secret to expose to the container. The supported values are either the full ARN of the ASMlong secret or the full ARN of the parameter in the SSM Parameter Store. For information about the require IAMlong permissions, see Required IAM permissions for Amazon ECS secrets (for Secrets Manager) or Required IAM permissions for Amazon ECS secrets (for Systems Manager Parameter store) in the Amazon Elastic Container Service Developer Guide. If the SSM Parameter Store parameter exists in the same Region as the task you're launching, then you can use either the full ARN or name of the parameter. If the parameter exists in a different Region, then the full ARN must be specified.
    name string
    The name of the secret.
    valueFrom string
    The secret to expose to the container. The supported values are either the full ARN of the ASMlong secret or the full ARN of the parameter in the SSM Parameter Store. For information about the require IAMlong permissions, see Required IAM permissions for Amazon ECS secrets (for Secrets Manager) or Required IAM permissions for Amazon ECS secrets (for Systems Manager Parameter store) in the Amazon Elastic Container Service Developer Guide. If the SSM Parameter Store parameter exists in the same Region as the task you're launching, then you can use either the full ARN or name of the parameter. If the parameter exists in a different Region, then the full ARN must be specified.
    name str
    The name of the secret.
    value_from str
    The secret to expose to the container. The supported values are either the full ARN of the ASMlong secret or the full ARN of the parameter in the SSM Parameter Store. For information about the require IAMlong permissions, see Required IAM permissions for Amazon ECS secrets (for Secrets Manager) or Required IAM permissions for Amazon ECS secrets (for Systems Manager Parameter store) in the Amazon Elastic Container Service Developer Guide. If the SSM Parameter Store parameter exists in the same Region as the task you're launching, then you can use either the full ARN or name of the parameter. If the parameter exists in a different Region, then the full ARN must be specified.
    name String
    The name of the secret.
    valueFrom String
    The secret to expose to the container. The supported values are either the full ARN of the ASMlong secret or the full ARN of the parameter in the SSM Parameter Store. For information about the require IAMlong permissions, see Required IAM permissions for Amazon ECS secrets (for Secrets Manager) or Required IAM permissions for Amazon ECS secrets (for Systems Manager Parameter store) in the Amazon Elastic Container Service Developer Guide. If the SSM Parameter Store parameter exists in the same Region as the task you're launching, then you can use either the full ARN or name of the parameter. If the parameter exists in a different Region, then the full ARN must be specified.

    DaemonTaskDefinitionSystemControl, DaemonTaskDefinitionSystemControlArgs

    A list of namespaced kernel parameters to set in the container. This parameter maps to Sysctls in the docker container create command and the --sysctl option to docker run. For example, you can configure net.ipv4.tcp_keepalive_time setting to maintain longer lived connections. We don't recommend that you specify network-related systemControls parameters for multiple containers in a single task that also uses either the awsvpc or host network mode. Doing this has the following disadvantages:

    • For tasks that use the awsvpc network mode including Fargate, if you set systemControls for any container, it applies to all containers in the task. If you set different systemControls for multiple containers in a single task, the container that's started last determines which systemControls take effect.
    • For tasks that use the host network mode, the network namespace systemControls aren't supported.

    If you're setting an IPC resource namespace to use for the containers in the task, the following conditions apply to your system controls. For more information, see IPC mode.

    • For tasks that use the host IPC mode, IPC namespace systemControls aren't supported.
    • For tasks that use the task IPC mode, IPC namespace systemControls values apply to all containers within a task.

    This parameter is not supported for Windows containers. This parameter is only supported for tasks that are hosted on FARGATElong if the tasks are using platform version 1.4.0 or later (Linux). This isn't supported for Windows containers on Fargate.

    Namespace string
    The namespaced kernel parameter to set a value for.
    Value string
    The namespaced kernel parameter to set a value for. Valid IPC namespace values: "kernel.msgmax" | "kernel.msgmnb" | "kernel.msgmni" | "kernel.sem" | "kernel.shmall" | "kernel.shmmax" | "kernel.shmmni" | "kernel.shm_rmid_forced", and Sysctls that start with "fs.mqueue.*" Valid network namespace values: Sysctls that start with "net.*". Only namespaced Sysctls that exist within the container starting with "net.* are accepted. All of these values are supported by Fargate.
    Namespace string
    The namespaced kernel parameter to set a value for.
    Value string
    The namespaced kernel parameter to set a value for. Valid IPC namespace values: "kernel.msgmax" | "kernel.msgmnb" | "kernel.msgmni" | "kernel.sem" | "kernel.shmall" | "kernel.shmmax" | "kernel.shmmni" | "kernel.shm_rmid_forced", and Sysctls that start with "fs.mqueue.*" Valid network namespace values: Sysctls that start with "net.*". Only namespaced Sysctls that exist within the container starting with "net.* are accepted. All of these values are supported by Fargate.
    namespace String
    The namespaced kernel parameter to set a value for.
    value String
    The namespaced kernel parameter to set a value for. Valid IPC namespace values: "kernel.msgmax" | "kernel.msgmnb" | "kernel.msgmni" | "kernel.sem" | "kernel.shmall" | "kernel.shmmax" | "kernel.shmmni" | "kernel.shm_rmid_forced", and Sysctls that start with "fs.mqueue.*" Valid network namespace values: Sysctls that start with "net.*". Only namespaced Sysctls that exist within the container starting with "net.* are accepted. All of these values are supported by Fargate.
    namespace string
    The namespaced kernel parameter to set a value for.
    value string
    The namespaced kernel parameter to set a value for. Valid IPC namespace values: "kernel.msgmax" | "kernel.msgmnb" | "kernel.msgmni" | "kernel.sem" | "kernel.shmall" | "kernel.shmmax" | "kernel.shmmni" | "kernel.shm_rmid_forced", and Sysctls that start with "fs.mqueue.*" Valid network namespace values: Sysctls that start with "net.*". Only namespaced Sysctls that exist within the container starting with "net.* are accepted. All of these values are supported by Fargate.
    namespace str
    The namespaced kernel parameter to set a value for.
    value str
    The namespaced kernel parameter to set a value for. Valid IPC namespace values: "kernel.msgmax" | "kernel.msgmnb" | "kernel.msgmni" | "kernel.sem" | "kernel.shmall" | "kernel.shmmax" | "kernel.shmmni" | "kernel.shm_rmid_forced", and Sysctls that start with "fs.mqueue.*" Valid network namespace values: Sysctls that start with "net.*". Only namespaced Sysctls that exist within the container starting with "net.* are accepted. All of these values are supported by Fargate.
    namespace String
    The namespaced kernel parameter to set a value for.
    value String
    The namespaced kernel parameter to set a value for. Valid IPC namespace values: "kernel.msgmax" | "kernel.msgmnb" | "kernel.msgmni" | "kernel.sem" | "kernel.shmall" | "kernel.shmmax" | "kernel.shmmni" | "kernel.shm_rmid_forced", and Sysctls that start with "fs.mqueue.*" Valid network namespace values: Sysctls that start with "net.*". Only namespaced Sysctls that exist within the container starting with "net.* are accepted. All of these values are supported by Fargate.

    DaemonTaskDefinitionTmpfs, DaemonTaskDefinitionTmpfsArgs

    The container path, mount options, and size of the tmpfs mount.
    Size int
    The maximum size (in MiB) of the tmpfs volume.
    ContainerPath string
    The absolute file path where the tmpfs volume is to be mounted.
    MountOptions List<string>
    The list of tmpfs volume mount options. Valid values: "defaults" | "ro" | "rw" | "suid" | "nosuid" | "dev" | "nodev" | "exec" | "noexec" | "sync" | "async" | "dirsync" | "remount" | "mand" | "nomand" | "atime" | "noatime" | "diratime" | "nodiratime" | "bind" | "rbind" | "unbindable" | "runbindable" | "private" | "rprivate" | "shared" | "rshared" | "slave" | "rslave" | "relatime" | "norelatime" | "strictatime" | "nostrictatime" | "mode" | "uid" | "gid" | "nr_inodes" | "nr_blocks" | "mpol"
    Size int
    The maximum size (in MiB) of the tmpfs volume.
    ContainerPath string
    The absolute file path where the tmpfs volume is to be mounted.
    MountOptions []string
    The list of tmpfs volume mount options. Valid values: "defaults" | "ro" | "rw" | "suid" | "nosuid" | "dev" | "nodev" | "exec" | "noexec" | "sync" | "async" | "dirsync" | "remount" | "mand" | "nomand" | "atime" | "noatime" | "diratime" | "nodiratime" | "bind" | "rbind" | "unbindable" | "runbindable" | "private" | "rprivate" | "shared" | "rshared" | "slave" | "rslave" | "relatime" | "norelatime" | "strictatime" | "nostrictatime" | "mode" | "uid" | "gid" | "nr_inodes" | "nr_blocks" | "mpol"
    size Integer
    The maximum size (in MiB) of the tmpfs volume.
    containerPath String
    The absolute file path where the tmpfs volume is to be mounted.
    mountOptions List<String>
    The list of tmpfs volume mount options. Valid values: "defaults" | "ro" | "rw" | "suid" | "nosuid" | "dev" | "nodev" | "exec" | "noexec" | "sync" | "async" | "dirsync" | "remount" | "mand" | "nomand" | "atime" | "noatime" | "diratime" | "nodiratime" | "bind" | "rbind" | "unbindable" | "runbindable" | "private" | "rprivate" | "shared" | "rshared" | "slave" | "rslave" | "relatime" | "norelatime" | "strictatime" | "nostrictatime" | "mode" | "uid" | "gid" | "nr_inodes" | "nr_blocks" | "mpol"
    size number
    The maximum size (in MiB) of the tmpfs volume.
    containerPath string
    The absolute file path where the tmpfs volume is to be mounted.
    mountOptions string[]
    The list of tmpfs volume mount options. Valid values: "defaults" | "ro" | "rw" | "suid" | "nosuid" | "dev" | "nodev" | "exec" | "noexec" | "sync" | "async" | "dirsync" | "remount" | "mand" | "nomand" | "atime" | "noatime" | "diratime" | "nodiratime" | "bind" | "rbind" | "unbindable" | "runbindable" | "private" | "rprivate" | "shared" | "rshared" | "slave" | "rslave" | "relatime" | "norelatime" | "strictatime" | "nostrictatime" | "mode" | "uid" | "gid" | "nr_inodes" | "nr_blocks" | "mpol"
    size int
    The maximum size (in MiB) of the tmpfs volume.
    container_path str
    The absolute file path where the tmpfs volume is to be mounted.
    mount_options Sequence[str]
    The list of tmpfs volume mount options. Valid values: "defaults" | "ro" | "rw" | "suid" | "nosuid" | "dev" | "nodev" | "exec" | "noexec" | "sync" | "async" | "dirsync" | "remount" | "mand" | "nomand" | "atime" | "noatime" | "diratime" | "nodiratime" | "bind" | "rbind" | "unbindable" | "runbindable" | "private" | "rprivate" | "shared" | "rshared" | "slave" | "rslave" | "relatime" | "norelatime" | "strictatime" | "nostrictatime" | "mode" | "uid" | "gid" | "nr_inodes" | "nr_blocks" | "mpol"
    size Number
    The maximum size (in MiB) of the tmpfs volume.
    containerPath String
    The absolute file path where the tmpfs volume is to be mounted.
    mountOptions List<String>
    The list of tmpfs volume mount options. Valid values: "defaults" | "ro" | "rw" | "suid" | "nosuid" | "dev" | "nodev" | "exec" | "noexec" | "sync" | "async" | "dirsync" | "remount" | "mand" | "nomand" | "atime" | "noatime" | "diratime" | "nodiratime" | "bind" | "rbind" | "unbindable" | "runbindable" | "private" | "rprivate" | "shared" | "rshared" | "slave" | "rslave" | "relatime" | "norelatime" | "strictatime" | "nostrictatime" | "mode" | "uid" | "gid" | "nr_inodes" | "nr_blocks" | "mpol"

    DaemonTaskDefinitionUlimit, DaemonTaskDefinitionUlimitArgs

    The ulimit settings to pass to the container. Amazon ECS tasks hosted on FARGATElong use the default resource limit values set by the operating system with the exception of the nofile resource limit parameter which FARGATElong overrides. The nofile resource limit sets a restriction on the number of open files that a container can use. The default nofile soft limit is 65535 and the default hard limit is 65535. You can specify the ulimit settings for a container in a task definition.
    HardLimit int
    The hard limit for the ulimit type. The value can be specified in bytes, seconds, or as a count, depending on the type of the ulimit.
    Name string
    The type of the ulimit.
    SoftLimit int
    The soft limit for the ulimit type. The value can be specified in bytes, seconds, or as a count, depending on the type of the ulimit.
    HardLimit int
    The hard limit for the ulimit type. The value can be specified in bytes, seconds, or as a count, depending on the type of the ulimit.
    Name string
    The type of the ulimit.
    SoftLimit int
    The soft limit for the ulimit type. The value can be specified in bytes, seconds, or as a count, depending on the type of the ulimit.
    hardLimit Integer
    The hard limit for the ulimit type. The value can be specified in bytes, seconds, or as a count, depending on the type of the ulimit.
    name String
    The type of the ulimit.
    softLimit Integer
    The soft limit for the ulimit type. The value can be specified in bytes, seconds, or as a count, depending on the type of the ulimit.
    hardLimit number
    The hard limit for the ulimit type. The value can be specified in bytes, seconds, or as a count, depending on the type of the ulimit.
    name string
    The type of the ulimit.
    softLimit number
    The soft limit for the ulimit type. The value can be specified in bytes, seconds, or as a count, depending on the type of the ulimit.
    hard_limit int
    The hard limit for the ulimit type. The value can be specified in bytes, seconds, or as a count, depending on the type of the ulimit.
    name str
    The type of the ulimit.
    soft_limit int
    The soft limit for the ulimit type. The value can be specified in bytes, seconds, or as a count, depending on the type of the ulimit.
    hardLimit Number
    The hard limit for the ulimit type. The value can be specified in bytes, seconds, or as a count, depending on the type of the ulimit.
    name String
    The type of the ulimit.
    softLimit Number
    The soft limit for the ulimit type. The value can be specified in bytes, seconds, or as a count, depending on the type of the ulimit.

    DaemonTaskDefinitionVolume, DaemonTaskDefinitionVolumeArgs

    The data volume configuration for tasks launched using this task definition. Specifying a volume configuration in a task definition is optional. The volume configuration may contain multiple volumes but only one volume configured at launch is supported. Each volume defined in the volume configuration may only specify a name and one of either configuredAtLaunch, dockerVolumeConfiguration, efsVolumeConfiguration, fsxWindowsFileServerVolumeConfiguration, or host. If an empty volume configuration is specified, by default Amazon ECS uses a host volume. For more information, see Using data volumes in tasks.
    Host Pulumi.AwsNative.Ecs.Inputs.DaemonTaskDefinitionHostVolumeProperties
    This parameter is specified when you use bind mount host volumes. The contents of the host parameter determine whether your bind mount host volume persists on the host container instance and where it's stored. If the host parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data isn't guaranteed to persist after the containers that are associated with it stop running. Windows containers can mount whole directories on the same drive as $env:ProgramData. Windows containers can't mount directories on a different drive, and mount point can't be across drives. For example, you can mount C:\my\path:C:\my\path and D:\:D:\, but not D:\my\path:C:\my\path or D:\:C:\my\path.
    Name string
    The name of the volume. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. When using a volume configured at launch, the name is required and must also be specified as the volume name in the ServiceVolumeConfiguration or TaskVolumeConfiguration parameter when creating your service or standalone task. For all other types of volumes, this name is referenced in the sourceVolume parameter of the mountPoints object in the container definition. When a volume is using the efsVolumeConfiguration, the name is required.
    Host DaemonTaskDefinitionHostVolumeProperties
    This parameter is specified when you use bind mount host volumes. The contents of the host parameter determine whether your bind mount host volume persists on the host container instance and where it's stored. If the host parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data isn't guaranteed to persist after the containers that are associated with it stop running. Windows containers can mount whole directories on the same drive as $env:ProgramData. Windows containers can't mount directories on a different drive, and mount point can't be across drives. For example, you can mount C:\my\path:C:\my\path and D:\:D:\, but not D:\my\path:C:\my\path or D:\:C:\my\path.
    Name string
    The name of the volume. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. When using a volume configured at launch, the name is required and must also be specified as the volume name in the ServiceVolumeConfiguration or TaskVolumeConfiguration parameter when creating your service or standalone task. For all other types of volumes, this name is referenced in the sourceVolume parameter of the mountPoints object in the container definition. When a volume is using the efsVolumeConfiguration, the name is required.
    host DaemonTaskDefinitionHostVolumeProperties
    This parameter is specified when you use bind mount host volumes. The contents of the host parameter determine whether your bind mount host volume persists on the host container instance and where it's stored. If the host parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data isn't guaranteed to persist after the containers that are associated with it stop running. Windows containers can mount whole directories on the same drive as $env:ProgramData. Windows containers can't mount directories on a different drive, and mount point can't be across drives. For example, you can mount C:\my\path:C:\my\path and D:\:D:\, but not D:\my\path:C:\my\path or D:\:C:\my\path.
    name String
    The name of the volume. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. When using a volume configured at launch, the name is required and must also be specified as the volume name in the ServiceVolumeConfiguration or TaskVolumeConfiguration parameter when creating your service or standalone task. For all other types of volumes, this name is referenced in the sourceVolume parameter of the mountPoints object in the container definition. When a volume is using the efsVolumeConfiguration, the name is required.
    host DaemonTaskDefinitionHostVolumeProperties
    This parameter is specified when you use bind mount host volumes. The contents of the host parameter determine whether your bind mount host volume persists on the host container instance and where it's stored. If the host parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data isn't guaranteed to persist after the containers that are associated with it stop running. Windows containers can mount whole directories on the same drive as $env:ProgramData. Windows containers can't mount directories on a different drive, and mount point can't be across drives. For example, you can mount C:\my\path:C:\my\path and D:\:D:\, but not D:\my\path:C:\my\path or D:\:C:\my\path.
    name string
    The name of the volume. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. When using a volume configured at launch, the name is required and must also be specified as the volume name in the ServiceVolumeConfiguration or TaskVolumeConfiguration parameter when creating your service or standalone task. For all other types of volumes, this name is referenced in the sourceVolume parameter of the mountPoints object in the container definition. When a volume is using the efsVolumeConfiguration, the name is required.
    host DaemonTaskDefinitionHostVolumeProperties
    This parameter is specified when you use bind mount host volumes. The contents of the host parameter determine whether your bind mount host volume persists on the host container instance and where it's stored. If the host parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data isn't guaranteed to persist after the containers that are associated with it stop running. Windows containers can mount whole directories on the same drive as $env:ProgramData. Windows containers can't mount directories on a different drive, and mount point can't be across drives. For example, you can mount C:\my\path:C:\my\path and D:\:D:\, but not D:\my\path:C:\my\path or D:\:C:\my\path.
    name str
    The name of the volume. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. When using a volume configured at launch, the name is required and must also be specified as the volume name in the ServiceVolumeConfiguration or TaskVolumeConfiguration parameter when creating your service or standalone task. For all other types of volumes, this name is referenced in the sourceVolume parameter of the mountPoints object in the container definition. When a volume is using the efsVolumeConfiguration, the name is required.
    host Property Map
    This parameter is specified when you use bind mount host volumes. The contents of the host parameter determine whether your bind mount host volume persists on the host container instance and where it's stored. If the host parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data isn't guaranteed to persist after the containers that are associated with it stop running. Windows containers can mount whole directories on the same drive as $env:ProgramData. Windows containers can't mount directories on a different drive, and mount point can't be across drives. For example, you can mount C:\my\path:C:\my\path and D:\:D:\, but not D:\my\path:C:\my\path or D:\:C:\my\path.
    name String
    The name of the volume. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. When using a volume configured at launch, the name is required and must also be specified as the volume name in the ServiceVolumeConfiguration or TaskVolumeConfiguration parameter when creating your service or standalone task. For all other types of volumes, this name is referenced in the sourceVolume parameter of the mountPoints object in the container definition. When a volume is using the efsVolumeConfiguration, the name is required.

    Tag, TagArgs

    A set of tags to apply to the resource.
    Key string
    The key name of the tag
    Value string
    The value of the tag
    Key string
    The key name of the tag
    Value string
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag
    key string
    The key name of the tag
    value string
    The value of the tag
    key str
    The key name of the tag
    value str
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag

    Package Details

    Repository
    AWS Native pulumi/pulumi-aws-native
    License
    Apache-2.0
    aws-native logo

    We recommend new projects start with resources from the AWS provider.

    Viewing docs for AWS Cloud Control v1.62.0
    published on Monday, Apr 20, 2026 by Pulumi
      Try Pulumi Cloud free. Your team will thank you.