Menu
Amazon EC2 Container Service
Developer Guide (API Version 2014-11-13)

Windows Containers (Beta)

Amazon ECS now supports Windows containers on container instances that are launched with the Microsoft Windows Server 2016 Base with Containers AMI. This is considered a beta, and you should not use this for a production environment at this time.

Windows container instances use their own version of the Amazon ECS container agent. On Windows Server 2016, the Amazon ECS container agent runs as a process on the host. Unlike the Linux platform, the agent does not run inside a container because it uses the host's registry and the named pipe at \\.\pipe\docker_engine to communicate with the Docker daemon.

The source code for the Amazon ECS container agent is available on GitHub. We encourage you to submit pull requests for changes that you would like to have included. However, Amazon Web Services does not currently provide support for running modified copies of this software. You can view open issues for Amazon ECS and Windows on our GitHub issues page.

Windows Container Caveats

Here are some things you should know about Windows containers and Amazon ECS.

  • Windows containers cannot run on Linux container instances and vice versa. To ensure proper task placement for Windows and Linux tasks, you should keep Windows and Linux container instances in separate clusters, and only place Windows tasks on Windows clusters.

  • Windows containers and container instances cannot support all the task definition parameters that are available for Linux containers and container instances. For some parameters, they are not supported at all, and others behave differently on Windows than they do on Linux. For more information, see Windows Task Definitions.

  • The IAM roles for tasks feature requires that you configure your Windows container instances to allow the feature at launch, and your containers must run some provided PowerShell code when they use the feature. For more information, see Windows IAM Roles for Tasks.

  • The IAM roles for tasks feature uses a credential proxy to provide credentials to the containers. This credential proxy occupies port 80 on the container instance, so if you use IAM roles for tasks, port 80 is not available for tasks. For web service containers, you can use an Application Load Balancer and dynamic port mapping to provide standard HTTP port 80 connections to your containers. For more information, see Service Load Balancing.

  • The Windows server Docker images are large (9 GiB), so your container instances require more storage space than Linux container instances, which typically have smaller image sizes.

  • Container instances can take up to 15 minutes to download and extract the Windows server Docker images the first time they use them. This time can be doubled if you enable IAM roles for tasks.