Use bind mounts with Amazon ECS
With bind mounts, a file or directory on a host, such as an Amazon EC2 instance, is mounted
into a container. Bind mounts are supported for tasks that are hosted on both Fargate and
Amazon EC2 instances. Bind mounts are tied to the lifecycle of the container that uses them.
After all of the containers that use a bind mount are stopped, such as when a task is
stopped, the data is removed. For tasks that are hosted on Amazon EC2 instances, the data can be
tied to the lifecycle of the host Amazon EC2 instance by specifying a host
and
optional sourcePath
value in your task definition. For more information, see
Using bind mounts
The following are common use cases for bind mounts.
-
To provide an empty data volume to mount in one or more containers.
-
To mount a host data volume in one or more containers.
-
To share a data volume from a source container with other containers in the same task.
-
To expose a path and its contents from a Dockerfile to one or more containers.
Considerations when using bind mounts
When using bind mounts, consider the following.
-
By default, tasks that are hosted on AWS Fargate using platform version
1.4.0
or later (Linux) or1.0.0
or later (Windows) receive a minimum of 20 GiB of ephemeral storage for bind mounts. You can increase the total amount of ephemeral storage up to a maximum of 200 GiB by specifying theephemeralStorage
parameter in your task definition. -
To expose files from a Dockerfile to a data volume when a task is run, the Amazon ECS data plane looks for a
VOLUME
directive. If the absolute path that's specified in theVOLUME
directive is the same as thecontainerPath
that's specified in the task definition, the data in theVOLUME
directive path is copied to the data volume. In the following Dockerfile example, a file that's namedexamplefile
in the/var/log/exported
directory is written to the host and then mounted inside the container.FROM public.ecr.aws/amazonlinux/amazonlinux:latest RUN mkdir -p
/var/log/exported
RUN touch/var/log/exported/examplefile
VOLUME ["/var/log/exported
"]By default, the volume permissions are set to
0755
and the owner asroot
. You can customize these permissions in the Dockerfile. The following example defines the owner of the directory asnode
.FROM public.ecr.aws/amazonlinux/amazonlinux:latest RUN yum install -y shadow-utils && yum clean all RUN useradd
node
RUN mkdir -p /var/log/exported && chownnode
:node
/var/log/exported RUN touch /var/log/exported/examplefile USERnode
VOLUME ["/var/log/exported"] -
For tasks that are hosted on Amazon EC2 instances, when a
host
andsourcePath
value aren't specified, the Docker daemon manages the bind mount for you. When no containers reference this bind mount, the Amazon ECS container agent task cleanup service eventually deletes it. By default, this happens three hours after the container exits. However, you can configure this duration with theECS_ENGINE_TASK_CLEANUP_WAIT_DURATION
agent variable. For more information, see Amazon ECS container agent configuration. If you need this data to persist beyond the lifecycle of the container, specify asourcePath
value for the bind mount.