Your application is now running on a container in Amazon ECS.
Your application is now running on a container in Amazon ECS.
'; C:\\ServiceMonitor.exe w3svc"], "entryPoint": [ "powershell", "-Command" ], "essential": true, "cpu": 2048, "memory": 4096, "image": "mcr.microsoft.com/windows/servercore/iis:windowsservercore-ltsc2019", "name": "sample_windows_app", "portMappings": [ { "hostPort": 80, "containerPort": 80, "protocol": "tcp" } ] } ], "memory": "4096", "cpu": "2048", "networkMode": "awsvpc", "family": "windows-simple-iis-2019-core", "executionRoleArn": "arn:aws:iam::012345678910:role/ecsTaskExecutionRole", "runtimePlatform": {"operatingSystemFamily": "WINDOWS_SERVER_2019_CORE"}, "requiresCompatibilities": ["FARGATE"] } ``` ## `splunk` 日志驱动程序 以下代码段演示如何在任务定义中使用 `splunk` 日志驱动程序,以将日志发送到远程服务。Splunk 令牌参数指定为密钥选项,因为它可能被视为敏感数据。有关更多信息,请参阅 [将敏感数据传递给 Amazon ECS 容器](specifying-sensitive-data.md)。 ``` "containerDefinitions": [{ "logConfiguration": { "logDriver": "splunk", "options": { "splunk-url": "https://cloud.splunk.com:8080", "tag": "tag_name", }, "secretOptions": [{ "name": "splunk-token", "valueFrom": "arn:aws:secretsmanager:region:aws_account_id:secret:splunk-token-KnrBkD" }], ``` ## `fluentd` 日志驱动程序 以下代码段演示如何在任务定义中使用 `fluentd` 日志驱动程序,以将日志发送到远程服务。`fluentd-address` 值被指定为密钥选项,因为它可能会视为敏感数据。有关更多信息,请参阅 [将敏感数据传递给 Amazon ECS 容器](specifying-sensitive-data.md)。 ``` "containerDefinitions": [{ "logConfiguration": { "logDriver": "fluentd", "options": { "tag": "fluentd demo" }, "secretOptions": [{ "name": "fluentd-address", "valueFrom": "arn:aws:secretsmanager:region:aws_account_id:secret:fluentd-address-KnrBkD" }] }, "entryPoint": [], "portMappings": [{ "hostPort": 80, "protocol": "tcp", "containerPort": 80 }, { "hostPort": 24224, "protocol": "tcp", "containerPort": 24224 }] }], ``` ## `gelf` 日志驱动程序 以下代码段演示如何在任务定义中使用 `gelf` 日志驱动程序,以将日志发送到远程主机(此主机运行将 Gelf 日志作为输入的 Logstash)。有关更多信息,请参阅 [logConfiguration](task_definition_parameters.md#ContainerDefinition-logConfiguration)。 ``` "containerDefinitions": [{ "logConfiguration": { "logDriver": "gelf", "options": { "gelf-address": "udp://logstash-service-address:5000", "tag": "gelf task demo" } }, "entryPoint": [], "portMappings": [{ "hostPort": 5000, "protocol": "udp", "containerPort": 5000 }, { "hostPort": 5000, "protocol": "tcp", "containerPort": 5000 } ] }], ``` ## 外部实例上的工作负载 注册 Amazon ECS 任务定义时,请使用 `requiresCompatibilities` 参数并指定 `EXTERNAL` 在外部实例上运行 Amazon ECS工作负载时验证任务定义是否兼容。如果您使用控制台注册任务定义,则必须使用 JSON 编辑器。有关更多信息,请参阅 [使用控制台创建 Amazon ECS 任务定义](create-task-definition.md)。 **重要** 如果您的任务需要任务执行 IAM 角色,请确保在任务定义中指定了该角色。 部署工作负载时,请使用 `EXTERNAL` 启动类型时创建服务或运行独立任务。 以下是此示例的表定义。 ------ #### [ Linux ] ``` { "requiresCompatibilities": [ "EXTERNAL" ], "containerDefinitions": [{ "name": "nginx", "image": "public.ecr.aws/nginx/nginx:latest", "memory": 256, "cpu": 256, "essential": true, "portMappings": [{ "containerPort": 80, "hostPort": 8080, "protocol": "tcp" }] }], "networkMode": "bridge", "family": "nginx" } ``` ------ #### [ Windows ] ``` { "requiresCompatibilities": [ "EXTERNAL" ], "containerDefinitions": [{ "name": "windows-container", "image": "mcr.microsoft.com/windows/servercore/iis:windowsservercore-ltsc2019", "memory": 256, "cpu": 512, "essential": true, "portMappings": [{ "containerPort": 80, "hostPort": 8080, "protocol": "tcp" }] }], "networkMode": "bridge", "family": "windows-container" } ``` ------ ## Amazon ECR 映像和任务定义 IAM 角色 以下代码段使用 `123456789012.dkr.ecr.us-west-2.amazonaws.com` 注册表中带 `v1` 标签的名为 `aws-nodejs-sample` 的 Amazon ECR 映像。此任务中的容器继承来自 `arn:aws:iam::123456789012:role/AmazonECSTaskS3BucketRole` 角色的 IAM 权限。有关更多信息,请参阅 [Amazon ECS 任务 IAM 角色](task-iam-roles.md)。 ``` { "containerDefinitions": [ { "name": "sample-app", "image": "123456789012.dkr.ecr.us-west-2.amazonaws.com/aws-nodejs-sample:v1", "memory": 200, "cpu": 10, "essential": true } ], "family": "example_task_3", "taskRoleArn": "arn:aws:iam::123456789012:role/AmazonECSTaskS3BucketRole" } ``` ## 带命令的入口点 以下代码段演示使用入口点和命令参数的 Docker 容器的语法。此容器将对 `example.com` 执行四次 ping 操作,然后退出。 ``` { "containerDefinitions": [ { "memory": 32, "essential": true, "entryPoint": ["ping"], "name": "alpine_ping", "readonlyRootFilesystem": true, "image": "alpine:3.4", "command": [ "-c", "4", "example.com" ], "cpu": 16 } ], "family": "example_task_2" } ``` ## 容器依赖项 此代码段展示了具有多个容器(其中指定了容器依赖项)的任务定义的语法。在以下任务定义中,`envoy` 容器必须达到正常运行状态(由必需的容器运行状况检查参数决定),然后 `app` 容器才能启动。有关更多信息,请参阅 [容器依赖项](task_definition_parameters.md#container_definition_dependson)。 ``` { "family": "appmesh-gateway", "runtimePlatform": { "operatingSystemFamily": "LINUX" }, "proxyConfiguration":{ "type": "APPMESH", "containerName": "envoy", "properties": [ { "name": "IgnoredUID", "value": "1337" }, { "name": "ProxyIngressPort", "value": "15000" }, { "name": "ProxyEgressPort", "value": "15001" }, { "name": "AppPorts", "value": "9080" }, { "name": "EgressIgnoredIPs", "value": "169.254.170.2,169.254.169.254" } ] }, "containerDefinitions": [ { "name": "app", "image": "application_image", "portMappings": [ { "containerPort": 9080, "hostPort": 9080, "protocol": "tcp" } ], "essential": true, "dependsOn": [ { "containerName": "envoy", "condition": "HEALTHY" } ] }, { "name": "envoy", "image": "840364872350.dkr.ecr.region-code.amazonaws.com/aws-appmesh-envoy:v1.15.1.0-prod", "essential": true, "environment": [ { "name": "APPMESH_VIRTUAL_NODE_NAME", "value": "mesh/meshName/virtualNode/virtualNodeName" }, { "name": "ENVOY_LOG_LEVEL", "value": "info" } ], "healthCheck": { "command": [ "CMD-SHELL", "echo hello" ], "interval": 5, "timeout": 2, "retries": 3 } } ], "executionRoleArn": "arn:aws:iam::123456789012:role/ecsTaskExecutionRole", "networkMode": "awsvpc" } ``` ## 任务定义中的卷 使用以下内容来了解如何在任务中指定卷。 + 有关如何配置 Amazon EBS 卷的信息,请参阅[指定 Amazon ECS 部署时的 Amazon EBS 卷配置](configure-ebs-volume.md)。 + 有关如何配置 Amazon EFS 卷的信息,请参阅[使用控制台为 Amazon ECS 配置 Amazon EFS 文件系统](tutorial-efs-volumes.md)。 + 有关如何配置适用于 Windows File Server 的 FSx 卷的信息,请参阅[了解为 Amazon ECS 配置适用于 Windows File Server 的 FSx 文件系统](tutorial-wfsx-volumes.md)。 + 有关如何配置 Docker 卷的信息,请参阅 [适用于 Amazon ECS 的 Docker 卷示例](docker-volume-examples.md)。 + 有关如何配置绑定挂载的信息,请参阅[Amazon ECS 绑定挂载示例](bind-mount-examples.md)。 ## Windows 示例任务定义 以下示例任务定义可帮助您在 Amazon ECS 上开始使用 Windows 容器。 **Example 适用于 Windows 的 Amazon ECS 控制台示例应用程序** 以下任务定义是 Amazon ECS 的首次运行向导中生成的 Amazon ECS 控制台示例应用程序;它已转为使用 `microsoft/iis` Windows 容器映像。 ``` { "family": "windows-simple-iis", "containerDefinitions": [ { "name": "windows_sample_app", "image": "mcr.microsoft.com/windows/servercore/iis", "cpu": 1024, "entryPoint":["powershell", "-Command"], "command":["New-Item -Path C:\\inetpub\\wwwroot\\index.html -Type file -Value 'Your application is now running on a container in Amazon ECS.
'; C:\\ServiceMonitor.exe w3svc"], "portMappings": [ { "protocol": "tcp", "containerPort": 80 } ], "memory": 1024, "essential": true } ], "networkMode": "awsvpc", "memory": "1024", "cpu": "1024" } ```