Understanding the Community Modes in AWS ECS

If utilizing the EC2 launch sort, the allowable community mode is dependent upon the underlying EC2 occasion’s working system. If Linux, awsvpc, bridge, host and none mode can be utilized. If Home windows, solely the NAT mode is allowed.

If utilizing the Fargate launch sort, the ‘awsvpc’ is the one community mode supported.

Amazon ECS activity networking

The networking habits of Amazon ECS duties hosted on Amazon EC2 cases depends on the community mode outlined within the activity definition. The next are the out there community modes. Amazon ECS recommends utilizing the awsvpc community mode until you’ve gotten a selected want to make use of a unique community mode.

  • awsvpc — The duty is allotted its personal elastic community interface (ENI) and a major non-public IPv4 tackle. This provides the duty the identical networking properties as Amazon EC2 cases.
  • bridge — The duty makes use of Docker’s built-in digital community which runs inside every Amazon EC2 occasion internet hosting the duty.
  • host — The duty bypasses Docker’s built-in digital community and maps container ports on to the ENI of the Amazon EC2 occasion internet hosting the duty. Consequently, you’ll be able to’t run a number of instantiations of the identical activity on a single Amazon EC2 occasion when port mappings are used.
  • none — The duty has no exterior community connectivity.

For extra details about Docker networking, see Networking overview

  • NAT – Docker for Home windows makes use of a unique community mode (often called NAT) than Docker for Linux.

Word: Should you create an ECS activity defintion within the AWS console and select EC2 launch sort there’s a “Community Mode: possibility. ECS will begin your container utilizing Docker’s default networking mode, which is Bridge on Linux and NAT on Home windows. (NAT) is the one supported mode on Home windows.

Fargate activity networking

By default, each Amazon ECS activity on Fargate is supplied an elastic community interface (ENI) with a major non-public IP tackle.