Amazon Elastic Container Service
Developer Guide (API Version 2014-11-13)

Windows Containers

Amazon ECS now supports Windows containers on container instances that are launched with the Amazon ECS-optimized Windows AMI.

Windows container instances use their own version of the Amazon ECS container agent. On the Amazon ECS-optimized Windows AMI, the Amazon ECS container agent runs as a service on the host. Unlike the Linux platform, the agent does not run inside a container because it uses the host's registry and the named pipe at \\.\pipe\docker_engine to communicate with the Docker daemon.

The source code for the Amazon ECS container agent is available on GitHub. We encourage you to submit pull requests for changes that you would like to have included. However, we do not currently provide support for running modified copies of this software. You can view open issues for Amazon ECS and Windows on our GitHub issues page.

Windows Container Caveats

Here are some things you should know about Windows containers and Amazon ECS.

  • Windows containers cannot run on Linux container instances and vice versa. To ensure proper task placement for Windows and Linux tasks, you should keep Windows and Linux container instances in separate clusters, and only place Windows tasks on Windows clusters. You can ensure that Windows task definitions are only placed on Windows instances by setting the following placement constraint: memberOf(ecs.os-type=='windows').

  • Windows containers are only supported for tasks that use the EC2 launch type. The Fargate launch type is not currently supported for Windows containers. For more information about launch types, see Amazon ECS Launch Types.

  • Windows containers and container instances cannot support all the task definition parameters that are available for Linux containers and container instances. For some parameters, they are not supported at all, and others behave differently on Windows than they do on Linux. For more information, see Windows Task Definitions.

  • The IAM roles for tasks feature requires that you configure your Windows container instances to allow the feature at launch, and your containers must run some provided PowerShell code when they use the feature. For more information, see Windows IAM Roles for Tasks.

  • The IAM roles for tasks feature uses a credential proxy to provide credentials to the containers. This credential proxy occupies port 80 on the container instance, so if you use IAM roles for tasks, port 80 is not available for tasks. For web service containers, you can use an Application Load Balancer and dynamic port mapping to provide standard HTTP port 80 connections to your containers. For more information, see Service Load Balancing.

  • The Windows server Docker images are large (9 GiB), so your container instances require more storage space than Linux container instances, which typically have smaller image sizes.