Container agent

Last updated 1 year ago

Was this helpful?

This page was generated from content adapted from the

Installing the Amazon ECS container agent

Note The systemd units for both Amazon ECS and Docker services have a directive to wait for cloud-init to finish before starting both services. The cloud-init process is not considered finished until your Amazon EC2 user data has finished running. Therefore, starting Amazon ECS or Docker via Amazon EC2 user data may cause a deadlock. To start the container agent using Amazon EC2 user data you can use systemctl enable --now --no-block ecs.service.
Note If you get no response, ensure that you associated the Amazon ECS container instance IAM role when launching the instance. For more information, see .
Note When using a non-Amazon Linux AMI, your Amazon EC2 instance requires cgroupfs support for the cgroup driver in order for the Amazon ECS agent to support task level resource limits. For more information, see .

Note As new Amazon ECS-optimized Amazon Linux 2 AMIs and Amazon ECS agent versions are released, older versions are still available for launch in Amazon EC2. However, we encourage you to of the Amazon ECS agent and to keep your container instance software up to date. If you request support for an older version of the Amazon ECS agent through AWS Support, you may be asked to move to the latest version as a part of the support process.
Important Amazon ECS agent versions 1.20.0 and later have deprecated support for Docker versions older than 1.9.0.
Note As new Amazon ECS-optimized Amazon Linux AMIs and Amazon ECS agent versions are released, older versions are still available for launch in Amazon EC2. However, we encourage you to of the Amazon ECS agent and to keep your container instance software up-to-date. If you request support for an older version of the Amazon ECS agent through AWS Support, you may be asked to move to the latest version as a part of the support process.
Important Amazon ECS agent versions 1.20.0 and later have deprecated support for Docker versions older than 1.9.0.

Note Agent updates do not apply to Windows container instances. We recommend that you launch new container instances to update the agent version in your Windows clusters.
Note The introspection API added Version information in the version v1.0.0 of the Amazon ECS container agent. If Version is not present when querying the introspection API, or the introspection API is not present in your agent at all, then the version you are running is v0.0.3 or earlier. You should update your version.

Important Newer versions of Docker create a configuration file as shown above with an outer auths object. The Amazon ECS agent only supports dockercfg authentication data that is in the below format, without the auths object. If you have the jq utility installed, you can extract this data with the following command: cat ~/.docker/config.json | jq .auths

Note Amazon ECS container agents before version 1.14.2 require full Docker container IDs for the introspection API, not the short version that is shown with docker ps. You can get the full Docker ID for a container by running the docker ps --no-trunc command on the container instance.

Note If you chose to use your own KMS key to encrypt your secret, then you must add the necessary permissions to this role and add this role to the AWS KMS key policy.

Note Agent updates do not apply to Windows container instances. We recommend that you launch new container instances to update the agent version in your Windows clusters.

Last updated 1 year ago

Was this helpful?