Manually Updating the Amazon ECS Container Agent (for Non-Amazon ECS-optimized AMIs)
To manually update the Amazon ECS container agent (for non-Amazon ECS-optimized AMIs)
Log into your container instance via SSH.
Check to see if your agent uses the
ECS_DATADIRenvironment variable to save its state.Copy
docker inspect ecs-agent | grep ECS_DATADIR
If the previous command does not return the
ECS_DATADIRenvironment variable, you must stop any tasks running on this container instance before updating your agent. Newer agents with the
ECS_DATADIRenvironment variable save their state and you can update them while tasks are running without issues.
Stop the Amazon ECS container agent.Copy
docker stop ecs-agent
Delete the agent container.Copy
docker rm ecs-agent
Run the following commands on your container instance to enable IAM roles for tasks. For more information, see IAM Roles for Tasks.Copy
sysctl -w net.ipv4.conf.all.route_localnet=1
iptables -t nat -A PREROUTING -p tcp -d 169.254.170.2 --dport 80 -j DNAT --to-destination 127.0.0.1:51679
iptables -t nat -A OUTPUT -d 169.254.170.2 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 51679
Pull the latest Amazon ECS container agent image from Docker Hub.Copy
docker pull amazon/amazon-ecs-agent:latest
Pulling repository amazon/amazon-ecs-agent a5a56a5e13dc: Download complete 511136ea3c5a: Download complete 9950b5d678a1: Download complete c48ddcf21b63: Download complete Status: Image is up to date for amazon/amazon-ecs-agent:latest
Run the latest Amazon ECS container agent on your container instance.
You should use Docker restart policies or a process manager (such as upstart or systemd) to treat the container agent as a service or a daemon and ensure that it is restarted if it exits. For more information, see Automatically start containers and Restart policies in the Docker documentation. The Amazon ECS-optimized AMI uses the
ecs-initRPM for this purpose, and you can view the source code for this RPM on GitHub.
The following example agent run command is broken into separate lines to show each option.
--env=ECS_CLUSTER=option is not required if you want to register into your default cluster.
You can optionally store your agent environment variables in a file (which can be downloaded to your container instances from Amazon S3 at launch time using EC2 user data) and pass them all at one time with the
--env-fileoption. This is recommended for sensitive information such as authentication credentials for private repositories. For more information, see Storing Container Instance Configuration in Amazon S3 and Private Registry Authentication.
If your task definitions specify log configuration options for a particular log driver, the Amazon ECS container agent running on your container instances must register the specified log driver with the
ECS_AVAILABLE_LOGGING_DRIVERSenvironment variable. For example, to register a container instance with the
awslogslogging drivers, add the
--env=ECS_AVAILABLE_LOGGING_DRIVERS=option to the docker run command below. For more information, see Amazon ECS Container Agent Configuration.
Operating systems with SELinux enabled require the
--privilegedoption in your docker run command. In addition, for SELinux-enabled container instances, we recommend that you add the
:Zoption to the
/datavolume mounts; however, the host mounts for these volumes must exist before you run the command or you will receive a
no such file or directoryerror. Take the following action if you experience difficulty running the Amazon ECS agent on an SELinux-enabled container instance:
Create the host volume mount points on your container instance.Copy
sudo mkdir -p /var/log/ecs
sudo mkdir -p /var/lib/ecs/data
--privilegedoption to the docker run command below.
:Zoption to the
/datacontainer volume mounts (for example,
--volume=/var/log/ecs/:/log:Z) to the docker run command below.
For more information about these and other agent runtime options, see Amazon ECS Container Agent Configuration.Copy
sudo docker run --name ecs-agent \ --detach=true \ --restart=on-failure:10 \ --volume=/var/run/docker.sock:/var/run/docker.sock \ --volume=/var/log/ecs/:/log \ --volume=/var/lib/ecs/data:/data \ --net=host \ --env=ECS_LOGFILE=/log/ecs-agent.log \ --env=ECS_LOGLEVEL=info \ --env=ECS_DATADIR=/data \ --env=ECS_CLUSTER=
cluster_name\ --env=ECS_ENABLE_TASK_IAM_ROLE=true \ --env=ECS_ENABLE_TASK_IAM_ROLE_NETWORK_HOST=true \ amazon/amazon-ecs-agent:latest
If you receive an
Error response from daemon: Cannot start containermessage, you can delete the failed container with the sudo docker rm ecs-agent command and try running the agent again.