{"id":13481816,"url":"https://github.com/aws/amazon-ecs-cli","last_synced_at":"2025-05-15T04:05:31.574Z","repository":{"id":43710647,"uuid":"43446846","full_name":"aws/amazon-ecs-cli","owner":"aws","description":"The Amazon ECS CLI enables users to run their applications on ECS/Fargate using the Docker Compose file format, quickly provision resources, push/pull images in ECR, and monitor running applications on ECS/Fargate.","archived":false,"fork":false,"pushed_at":"2024-06-11T00:41:10.000Z","size":13902,"stargazers_count":1800,"open_issues_count":147,"forks_count":301,"subscribers_count":110,"default_branch":"mainline","last_synced_at":"2025-05-08T00:07:54.427Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_CLI.html","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aws.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-09-30T17:11:40.000Z","updated_at":"2025-05-07T13:32:10.000Z","dependencies_parsed_at":"2024-11-20T11:28:59.040Z","dependency_job_id":null,"html_url":"https://github.com/aws/amazon-ecs-cli","commit_stats":null,"previous_names":[],"tags_count":52,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aws%2Famazon-ecs-cli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aws%2Famazon-ecs-cli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aws%2Famazon-ecs-cli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aws%2Famazon-ecs-cli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aws","download_url":"https://codeload.github.com/aws/amazon-ecs-cli/tar.gz/refs/heads/mainline","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254270643,"owners_count":22042859,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T17:00:56.135Z","updated_at":"2025-05-15T04:05:26.547Z","avatar_url":"https://github.com/aws.png","language":"Go","funding_links":[],"categories":["Go","Open Source Repos","Amazon Elastic Container Service (Amazon ECS)"],"sub_categories":["CLI","Udemy courses"],"readme":"__✨ The [AWS Copilot CLI](https://github.com/aws/copilot-cli) is now in Generally Available! The CLI makes it easy to build, release and operate your container apps on Amazon ECS and AWS Fargate.__\n\n\u003cdetails\u003e\n\u003csummary\u003eLearn more about the AWS Copilot CLI\u003c/summary\u003e\n\nThe [AWS Copilot CLI](https://github.com/aws/copilot-cli) is a CLI focused on the full developer experience of building, deploying and operating your containerized apps. From helping manage all of your infrastructure, to setting up CD Pipelines, `copilot` is here to help. To learn more about AWS Copilot, check out the [documentation](https://aws.github.io/copilot-cli/).\n\u003c/details\u003e\n\n\n# Amazon ECS CLI\n\nThe Amazon ECS Command Line Interface (CLI) is a command line tool for Amazon Elastic Container\nService (Amazon ECS) that provides high-level commands to simplify creating, updating, and\nmonitoring clusters and tasks from a local development environment. The Amazon ECS CLI supports\n[Docker Compose](https://docs.docker.com/compose/), a popular open-source tool for defining and\nrunning multi-container applications. Use the CLI as part of your everyday development and testing\ncycle as an alternative to the AWS Management Console or the AWS CLI.\n\nFor more information about Amazon ECS, see the [Amazon ECS Developer\nGuide](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/Welcome.html).\n\nThe AWS Command Line Interface (AWS CLI) is a unified client for AWS services that provides commands\nfor all public API operations. These commands are lower level than those provided by the Amazon ECS\nCLI. For more information about supported services and to download the AWS CLI, see the [AWS Command\nLine Interface](http://aws.amazon.com/cli/) product detail page.\n\n- [Installing](#installing)\n\t- [Latest version](#latest-version)\n\t- [Download Links for within China](#download-links-for-within-china)\n\t- [Download specific version](#download-specific-version)\n\t- [Verifying Signatures](#verifying-signatures)\n- [Configuring the CLI](#configuring-the-cli)\n\t- [ECS Profiles](#ecs-profiles)\n\t- [Cluster Configurations](#cluster-configurations)\n\t- [Configuring Defaults](#configuring-defaults)\n- [Using the CLI](#using-the-cli)\n\t- [Creating an ECS Cluster](#creating-an-ecs-cluster)\n\t\t- [Creating a Fargate cluster](#creating-a-fargate-cluster)\n\t- [Starting/Running Tasks](#startingrunning-tasks)\n\t- [Creating a Service](#creating-a-service)\n\t- [Using ECS parameters](#using-ecs-parameters)\n\t\t- [Launching an AWS Fargate task](#launching-an-aws-fargate-task)\n\t\t- [Using Route53 Service Discovery](#using-route53-service-discovery)\n\t- [Viewing Running Tasks](#viewing-running-tasks)\n\t- [Viewing Container Logs](#viewing-container-logs)\n\t- [Using FIPS Endpoints](#using-fips-endpoints)\n\t- [Using Private Registry Authentication](#using-private-registry-authentication)\n\t- [Checking for Missing Attributes and Debugging Reason Attribute Errors](#checking-for-missing-attributes-and-debugging-reason-attribute-errors)\n\t- [Tagging Resources](#tagging-resources)\n\t\t- [ARN Formats](#arn-formats)\n\t- [Running Tasks Locally](#running-tasks-locally)\n- [Amazon ECS CLI Commands](#amazon-ecs-cli-commands)\n- [Contributing to the CLI](#contributing-to-the-cli)\n- [License](#license)\n\n#### Security disclosures\n\nIf you think you’ve found a potential security issue, please do not post it in the Issues.  Instead, please follow the instructions [here](https://aws.amazon.com/security/vulnerability-reporting/) or email AWS security directly at [aws-security@amazon.com](mailto:aws-security@amazon.com).\n\n## Installing\n\nDownload the binary archive for your platform, and install the binary on your `$PATH`.\nYou can use the provided `md5` hash to verify the integrity of your download.\n\nFor information about installing and using the Amazon ECS CLI, see the [ECS Command Line Interface](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_CLI.html).\n\n### Latest version\n* Linux (amd64):\n  * [https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-linux-amd64-latest](https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-linux-amd64-latest)\n  * [https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-linux-amd64-latest.md5](https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-linux-amd64-latest.md5)\n* Linux (arm64):\n  * [https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-linux-arm64-latest](https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-linux-arm64-latest)\n  * [https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-linux-arm64-latest.md5](https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-linux-arm64-latest.md5)\n* Macintosh:\n  * [https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-darwin-amd64-latest](https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-darwin-amd64-latest)\n  * [https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-darwin-amd64-latest.md5](https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-darwin-amd64-latest.md5)\n* Windows:\n  * [https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-windows-amd64-latest.exe](https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-windows-amd64-latest.exe)\n  * [https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-windows-amd64-latest.md5](https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-windows-amd64-latest.md5)\n\n### Download Links for within China\n\nAs of v0.6.2 the ECS CLI supports the cn-north-1 region in China. The following links are the exact\nsame binaries, but they are localized within China to provide a faster download experience.\n\n* Linux (amd64):\n  * [https://amazon-ecs-cli.s3.cn-north-1.amazonaws.com.cn/ecs-cli-linux-amd64-latest](https://amazon-ecs-cli.s3.cn-north-1.amazonaws.com.cn/ecs-cli-linux-amd64-latest)\n  * [https://amazon-ecs-cli.s3.cn-north-1.amazonaws.com.cn/ecs-cli-linux-amd64-latest.md5](https://amazon-ecs-cli.s3.cn-north-1.amazonaws.com.cn/ecs-cli-linux-amd64-latest.md5)\n* Linux (arm64):\n  * [https://amazon-ecs-cli.s3.cn-north-1.amazonaws.com.cn/ecs-cli-linux-arm64-latest](https://amazon-ecs-cli.s3.cn-north-1.amazonaws.com.cn/ecs-cli-linux-arm64-latest)\n  * [https://amazon-ecs-cli.s3.cn-north-1.amazonaws.com.cn/ecs-cli-linux-arm64-latest.md5](https://amazon-ecs-cli.s3.cn-north-1.amazonaws.com.cn/ecs-cli-linux-arm64-latest.md5)\n* Macintosh:\n  * [https://amazon-ecs-cli.s3.cn-north-1.amazonaws.com.cn/ecs-cli-darwin-amd64-latest](https://amazon-ecs-cli.s3.cn-north-1.amazonaws.com.cn/ecs-cli-darwin-amd64-latest)\n  * [https://amazon-ecs-cli.s3.cn-north-1.amazonaws.com.cn/ecs-cli-darwin-amd64-latest.md5](https://amazon-ecs-cli.s3.cn-north-1.amazonaws.com.cn/ecs-cli-darwin-amd64-latest.md5)\n* Windows:\n  * [https://amazon-ecs-cli.s3.cn-north-1.amazonaws.com.cn/ecs-cli-windows-amd64-latest.exe](https://amazon-ecs-cli.s3.cn-north-1.amazonaws.com.cn/ecs-cli-windows-amd64-latest.exe)\n  * [https://amazon-ecs-cli.s3.cn-north-1.amazonaws.com.cn/ecs-cli-windows-amd64-latest.md5](https://amazon-ecs-cli.s3.cn-north-1.amazonaws.com.cn/ecs-cli-windows-amd64-latest.md5)\n\n### Download specific version\nUsing the URLs above, replace `latest` with the desired tag, for example `v1.0.0`. After\ndownloading, remember to rename the binary file to `ecs-cli`. \n\n***NOTE:*** Windows is only supported starting with version `v1.0.0`.\n\n***NOTE:*** ARM64 is only supported starting with version `v1.20.0`.\n\n* Linux (amd64):\n  * [https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-linux-amd64-v1.0.0](https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-linux-amd64-v1.0.0)\n  * [https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-linux-amd64-v1.0.0.md5](https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-linux-amd64-v1.0.0.md5)\n* Linux (arm64):\n  * [https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-linux-arm64-v1.20.0](https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-linux-arm64-v1.20.0)\n  * [https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-linux-arm64-v1.20.0.md5](https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-linux-arm64-v1.20.0.md5)\n* Macintosh:\n  * [https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-darwin-amd64-v1.0.0](https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-darwin-amd64-v1.0.0)\n  * [https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-darwin-amd64-v1.0.0.md5](https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-darwin-amd64-v1.0.0.md5)\n* Windows:\n  * [https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-windows-amd64-v1.0.0.exe](https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-windows-amd64-v1.0.0.exe)\n  * [https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-windows-amd64-v1.0.0.md5](https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-windows-amd64-v1.0.0.md5)\n\n### Verifying Signatures\n\nIf you wish to verify your ECS CLI download, you can use the PGP Signatures.\n\n#### 1. Install [GnuPG](https://www.gnupg.org/)\n\n###### Linux\n\nInstall `gpg` using the package manager on your flavor of linux.\n\n###### Mac\n\nOne easy way is to use Homebrew, a package manager for OS X. Install Homebrew using the [instructions on its site](https://brew.sh/).\n\n```bash\nbrew install gnupg\nbrew install amazon-ecs-cli\n```\n\n###### Windows\n\nGo to the GnuPG [download page](https://gnupg.org/download/) and download the simple installer for Windows. Use the installer to install the GPG tool.\n\n#### 2. Import the Amazon ECS PGP Public Key\n\nYou can find the Public Key in our GitHub Repo, in the file [amazon-ecs-public-key.gpg](amazon-ecs-public-key.gpg).\n\n```\ngpg --import amazon-ecs-public-key.gpg\n```\n\nKey Metadata:\n\n- Key ID: 0x2D51784F\n- Type: RSA\n- Size: 4096/4096\n- Expires: Never\n- User ID: Amazon ECS \u003cecs-security@amazon.com\u003e\n- Key fingerprint: F34C 3DDA E729 26B0 79BE AEC6 BCE9 D9A4 2D51 784F\n\n#### 4. Downloading Signatures\n\nECS CLI signatures are ascii armored detached PGP signatures stored in files with the extension \".asc\". The signatures file will have the same name as its corresponding executable with \".asc\" appended. In the\n\n###### Mac\n```\ncurl -o ecs-cli.asc https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-darwin-amd64-latest.asc\n```\n\n###### Linux (amd64)\n```\ncurl -o ecs-cli.asc https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-linux-amd64-latest.asc\n```\n\n###### Linux (arm64)\n```\ncurl -o ecs-cli.asc https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-linux-arm64-latest.asc\n```\n\n###### Windows\n```\nPS C:\\\u003e Invoke-WebRequest -OutFile ecs-cli.asc https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-windows-amd64-latest.exe.asc\n```\n#### 4. Verifying a Signature\n\nAssuming you installed the ECS CLI in the recommended location for your platform:\n\n###### Mac and Linux\n```\ngpg --verify ecs-cli.asc /usr/local/bin/ecs-cli\n```\n###### Windows\n```\ngpg --verify ecs-cli.asc C:\\Program Files\\Amazon\\ECSCLI\\ecs-cli.exe\n```\n\nExpected output:\n\n```\ngpg: Signature made Tue Apr  3 13:29:30 2018 PDT\ngpg:                using RSA key DE3CBD61ADAF8B8E\ngpg: Good signature from \"Amazon ECS \u003cecs-security@amazon.com\u003e\" [unknown]\ngpg: WARNING: This key is not certified with a trusted signature!\ngpg:          There is no indication that the signature belongs to the owner.\nPrimary key fingerprint: F34C 3DDA E729 26B0 79BE  AEC6 BCE9 D9A4 2D51 784F\n     Subkey fingerprint: EB3D F841 E2C9 212A 2BD4  2232 DE3C BD61 ADAF 8B8E\n```\n\nThe warning in the output is expected and is not problematic; it occurs because there is not a chain of trust between your personal PGP key (if you have one) and the Amazon ECS PGP key. For more information, learn about the [Web of trust](https://en.wikipedia.org/wiki/Web_of_trust).\n\n\n## Configuring the CLI\n\nThe Amazon ECS CLI requires some basic configuration information before you can use it, such as your\nAWS credentials, the AWS region in which to create your cluster, and the name of the Amazon ECS\ncluster to use. Configuration information is stored in the `~/.ecs` directory on macOS and Linux\nsystems and in `C:\\Users\\\u003cusername\u003e\\AppData\\local\\ecs` on Windows systems.\n\n### ECS Profiles\n\nThe Amazon ECS CLI supports configuring multiple sets of AWS credentials as named profiles using the\n`ecs-cli configure profile command`. These profiles can then be referenced when you run Amazon ECS\nCLI commands using the `--ecs-profile` flag; if a custom profile is not specified, the default\nprofile will be used.\n\nSet up a CLI profile with the following command, substituting `profile_name` with your desired\nprofile name, and `$AWS_ACCESS_KEY_ID`, `$AWS_SECRET_ACCESS_KEY`, and `AWS_SESSION_TOKEN` environment variables with your\nAWS credentials.\n\n`ecs-cli configure profile --profile-name profile_name --access-key $AWS_ACCESS_KEY_ID --secret-key $AWS_SECRET_ACCESS_KEY --session-token AWS_SESSION_TOKEN`\n\n### Cluster Configurations\n\nA cluster configuration is the set of fields that describes an Amazon ECS cluster, including the\nname of the cluster and the region. These configurations can then be referenced when you run Amazon\nECS CLI commands using the `--cluster-config` flag; otherwise, the default configuration is used.\n\nCreate a cluster configuration with the following command, substituting `region_name` with your\ndesired AWS region, `cluster_name` with the name of an existing Amazon ECS cluster or a new cluster\nto use, and `configuration_name` with the name you'd like to give this configuration.\n\n`ecs-cli configure --cluster cluster_name --region region_name --config-name configuration_name`\n\nYou can also optionally add `--default-launch-type` to your cluster configuration. This value will\nbe used as the launch type for tasks run in this cluster (see: [Launching an AWS Fargate\nTask](#launching-an-aws-fargate-task)) , and will also be used to determine which resources to\ncreate when you bring up a cluster (see: [Creating a Fargate Cluster](#creating-a-fargate-cluster)).\nValid values for this field are EC2 or FARGATE. If not specified, ECS will default to EC2 launch\ntype.\n\n### Configuring Defaults\n\nThe first Cluster Configuration or ECS Profile that you configure will be set as the default. The\ndefault ECS Profile can be changed using the `ecs-cli configure profile default` command; the\ndefault cluster configuration can be changed using the `ecs-cli configure default` command. Note\nthat unlike in the AWS CLI, the default ECS Profile does not need to be named \"default\".\n\n#### Using Credentials from `~/.aws/credentials`, Assuming a Role, and Multi-Factor Authentication\n\nThe `--aws-profile` flag and `$AWS_PROFILE` environment variable allow you to reference any named profile in `~/.aws/credentials`.\n\nHere is an example on how to assume a role: [amazon-ecs-cli/blob/master/ecs-cli/modules/config/aws_credentials_example.ini](https://github.com/aws/amazon-ecs-cli/blob/master/ecs-cli/modules/config/aws_credentials_example.ini)\n\nIf you are trying to use Multi-Factor Authentication, please see this comment and the associated issue: [#284 (comment)](https://github.com/aws/amazon-ecs-cli/issues/284#issuecomment-336310034).\n\n#### Order of Resolution for credentials\n\n1) ECS CLI Profile Flags\n  a) ECS Profile (--ecs-profile)\n  b) AWS Profile (--aws-profile)\n2) Environment Variables - attempts to fetch the credentials from environment variables:\n  a) ECS_PROFILE\n  b) AWS_PROFILE\n  c) AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY, Optional: AWS_SESSION_TOKEN\n3) ECS Config - attempts to fetch the credentials from the default ECS Profile\n4) Default AWS Profile - attempts to use credentials (aws_access_key_id, aws_secret_access_key) or assume_role (role_arn, source_profile) from AWS profile name\n  a) AWS_DEFAULT_PROFILE environment variable (defaults to 'default')\n5) EC2 Instance role\n\n#### Order of Resolution for Region\n\n1) ECS CLI Flags\n   a) Region Flag --region\n   b) Cluster Config Flag (--cluster-config)\n2) ECS Config - attempts to fetch the region from the default ECS Profile\n3) Environment Variable - attempts to fetch the region from environment variables:\n   a) AWS_REGION (OR)\n   b) AWS_DEFAULT_REGION\n4)  AWS Profile - attempts to use region from AWS profile name\n   a) AWS_PROFILE environment variable (OR) –aws-\n   b) AWS_DEFAULT_PROFILE environment variable (defaults to 'default')\n\n\nFor more information, see [ECS CLI Configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_CLI_Configuration.html).\n\n## Using the CLI\n\nECS now offers two different launch types for tasks and services: EC2 and FARGATE. With the FARGATE\nlaunch type, customers no longer have to manage their own container-instances.\n\nIn the ECS-CLI, you can specify either launch type when you bring up a cluster using the\n`--launch-type` flag (see: [Creating an ECS Cluster](#creating-an-ecs-cluster)). You can also\nconfigure your cluster to use a particular launch type with the `--default-launch-type` flag (see:\n[Cluster Configurations](#cluster-configurations)).\n\nYou can also specify which launch type to use for a task or service in `compose up` or `compose\nservice up`, regardless of which launch type is configured for your cluster (see: [Starting/Running\nTasks](#startingrunning-tasks)).\n\n### Creating an ECS Cluster\nAfter installing the Amazon ECS CLI and configuring your credentials, you are ready to create an ECS cluster. The basic command for creating a cluster is:\n```\necs-cli up\n```\n\n(To see all available options, run `ecs-cli up --help`)\n\nFor example, to create an ECS cluster with two Amazon EC2 instances using the EC2 launch type, use\nthe following command:\n\n```\n$ ecs-cli up --keypair my-key --capability-iam --size 2\n```\n\nIt takes a few minutes to create the resources requested by `ecs-cli up`.  To see when the cluster\nis ready to run tasks, use the AWS CLI to confirm that the ECS instances are registered:\n\n```\n$ aws ecs list-container-instances --cluster your-cluster-name\n{\n    \"containerInstanceArns\": [\n        \"arn:aws:ecs:us-east-1:980116778723:container-instance/6a302e06-0aa6-4bbc-9428-59b17089b887\",\n        \"arn:aws:ecs:us-east-1:980116778723:container-instance/7db3c588-0ef4-49fa-be32-b1e1464f6eb5\",\n    ]\n}\n\n```\nIn addition to EC2 Instances, other resources created by default include:\n* Autoscaling Group\n* Autoscaling Launch Configuration\n* EC2 VPC\n* EC2 Internet Gateway\n* EC2 VPC Gateway Attachment\n* EC2 Route Table\n* EC2 Route\n* 2 Public EC2 Subnets\n* 2 EC2 SubnetRouteTableAssocitaions\n* EC2 Security Group\n\nYou can provide your own resources (such as subnets, VPC, or security groups) via their flag options.\n\n**Note:** The default security group created by `ecs-cli up` allows inbound traffic on port 80 by\ndefault. To allow inbound traffic from a different port, specify the port you wish to open with the\n`--port` option. To add more ports to the default security group, go to **EC2 Security Groups** in\nthe AWS Management Console and search for the security group containing “ecs-cli”. Add a rule as\ndescribed in the [Adding Rules to a Security Group](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#adding-security-group-rule)\ntopic.\n\nAlternatively, you may specify one or more existing security group IDs with the `--security-group` option.\n\nYou can also create an empty ECS cluster by using the `--empty` or `--e` flag:\n\n```\necs-cli up --cluster myCluster --empty\n```\n\nThis is equivalent to the [create-cluster command](https://docs.aws.amazon.com/cli/latest/reference/ecs/create-cluster.html), and will not create a CloudFormation stack associated with your cluster.\n\n#### AMI\n\nYou can specify the AMI to use with your EC2 instances using the `--image-id` flag. Alternatively, if you do not specify an image ID, the ECS CLI will use the [recommended Amazon Linux 2 ECS Optimized AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/retrieve-ecs-optimized_AMI.html). By default, the x86 variant of this AMI is used. However, if you specify an instance in the A1 family using `--instance-type`, then the `arm64` version of the ECS Optimized AMI will be used. Note: `arm64` ECS Optimized AMIs are only supported in some regions; please see [Amazon ECS-Optimized Amazon Linux 2 AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/al2ami.html).\n\n#### User Data\n\nFor the EC2 launch type, the ECS CLI always creates EC2 instances that include the following User Data:\n\n```\n#!/bin/bash\necho ECS_CLUSTER={ clusterName } \u003e\u003e /etc/ecs/ecs.config\n```\n\nThis user data directs the EC2 instance to join your ECS Cluster. You can optionally include extra user data with `--extra-user-data`; this flag takes a file name as its argument.\nThe flag can be used multiple times to specify multiple files. Extra user data can be shell scripts or cloud-init directives- see the [EC2 documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html) for more information.\nThe ECS CLI takes all the User Data, and packs it into a MIME Multipart archive which can be used by cloud-init on the EC2 instance. The ECS CLI even allows existing MIME Multipart archives to be passed in with `--extra-user-data`.\nThe CLI will unpack the existing archive, and then repack it into the final archive (preserving all header and content type information). Here is an example of specifying extra user data:\n\n```\necs-cli up \\\n  --capability-iam \\\n  --extra-user-data my-shellscript \\\n  --extra-user-data my-cloud-boot-hook \\\n  --extra-user-data my-mime-multipart-archive \\\n  --launch-type EC2\n```\n\n#### Creating a Fargate cluster\n\n```\n$ ecs-cli up --launch-type FARGATE\n```\n\nThis will create an ECS Cluster without container instances. By default, this will create the\nfollowing resources:\n\n* EC2 VPC\n* EC2 Internet Gateway\n* EC2 VPC Gateway Attachment\n* EC2 Route Table\n* EC2 Route\n* 2 Public EC2 Subnets\n* 2 EC2 SubnetRouteTableAssocitaions\n\nThe subnet and VPC ids will be printed to the terminal once the creation is complete. You can then\nuse the subnet IDs in your ECS Params file to launch Fargate tasks.\n\nFor more information on using AWS Fargate, see the [ECS CLI Fargate tutorial](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_CLI_tutorial_fargate.html).\n\n### Starting/Running Tasks\nAfter the cluster is created, you can run tasks – groups of containers – on the ECS cluster. First,\nauthor a [Docker Compose configuration file](https://docs.docker.com/compose).  You can run the\nconfiguration file locally using Docker Compose. Information about specific compose versions and fields supported by the ecs-cli can be found [here](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cmd-ecs-cli-compose-parameters.html).\n\nHere is an example Docker Compose configuration file that creates a web page:\n\n```\nversion: '2'\nservices:\n  web:\n    image: amazon/amazon-ecs-sample\n    ports:\n     - \"80:80\"\n```\n\nTo run the configuration file on Amazon ECS, use `ecs-cli compose up`. This creates an ECS task\ndefinition and starts an ECS task. You can see the task that is running with `ecs-cli compose ps`,\nfor example:\n\n```\n$ ecs-cli compose ps\nName                                      State    Ports                     TaskDefinition\nfd8d5a69-87c5-46a4-80b6-51918092e600/web  RUNNING  54.209.244.64:80-\u003e80/tcp  web:1\n```\n\nNavigate your web browser to the task’s IP address to see the sample app running in the ECS cluster.\n\n### Creating a Service\nYou can also run tasks as services. The ECS service scheduler ensures that the specified number of\ntasks are constantly running and reschedules tasks when a task fails (for example, if the underlying\ncontainer instance fails for some reason).\n\n```\n$ ecs-cli compose --project-name wordpress-test service create\n\nINFO[0000] Using Task definition                         TaskDefinition=wordpress-test:1\nINFO[0000] Created an ECS Service                        serviceName=wordpress-test taskDefinition=wordpress-test:1\n\n```\n\nYou can then start the tasks in your service with the following command:\n`$ ecs-cli compose --project-name wordpress-test service start`\n\nIt may take a minute for the tasks to start. You can monitor the progress using\nthe following command:\n```\n$ ecs-cli compose --project-name wordpress-test service ps\nName                                            State    Ports                      TaskDefinition\n34333aa6-e976-4096-991a-0ec4cd5af5bd/wordpress  RUNNING  54.186.138.217:80-\u003e80/tcp  wordpress-test:1\n34333aa6-e976-4096-991a-0ec4cd5af5bd/mysql      RUNNING                             wordpress-test:1\n```\n\nSee the `$ ecs-cli compose service` [documentation page](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cmd-ecs-cli-compose-service.html) for more information about available service options, including load balancing.\n\n### Using ECS parameters\n\nSince there are certain fields in an ECS task definition that do not correspond to fields in a\nDocker Composefile, you can specify those values using the `--ecs-params` flag. Currently, the file\nsupports the follow schema:\n\n```\nversion: 1\ntask_definition:\n  ecs_network_mode: string               // Supported string values: none, bridge, host, or awsvpc\n  task_role_arn: string\n  task_execution_role: string            // Needed to use Cloudwatch Logs or ECR with your ECS tasks\n  task_size:                             // Required for running tasks with Fargate launch type\n    cpu_limit: string\n    mem_limit: string                    // Values specified without units default to MiB\n  pid_mode: string                       // Supported string values: task or host\n  ipc_mode: string                       // Supported string values: task, host, or none\n  services:\n    \u003cservice_name\u003e:\n      essential: boolean\n      depends_on:\n        - container_name: string         // \u003cservice_name\u003e of any other service in services\n          condition: string              // Valid values: START | COMPLETE | SUCCESS | HEALTHY\n      repository_credentials:\n        credentials_parameter: string\n      cpu_shares: integer\n      firelens_configuration:\n        type: string                     // Supported string values: fluentd or fluentbit\n        options: list of strings\n      mem_limit: string                  // Values specified without units default to bytes, as in docker run\n      mem_reservation: string\n      gpu: string\n      init_process_enabled: boolean\n      healthcheck:\n        test: string or list of strings\n        interval: string\n        timeout: string\n        retries: integer\n        start_period: string\n      logging:\n        secret_options:\n          - value_from: string\n            name: string\n      secrets:\n        - value_from: string\n          name: string\n  docker_volumes:\n    - name: string\n      scope: string                      // Valid values: \"shared\" | \"task\"\n      autoprovision: boolean             // only valid if scope = \"shared\"\n      driver: string\n      driver_opts:\n        string: string\n      labels:\n        string: string\n  efs_volumes:\n     - name: string\n       filesystem_id: string\n       root_directory: string\n       transit_encryption: string       // Valid values: \"ENABLED\" | \"DISABLED\" (default). Required if \n                                        //   IAM is enabled or an access point ID is  \n                                        //   specified\n       transit_encryption_port: int64   // required if transit_encryption is enabled\n       access_point: string\n       iam: string                      // Valid values: \"ENABLED\" | \"DISABLED\" (default). Enable IAM \n                                        //   authentication for FS access. \n  placement_constraints:\n    - type: string                      // Valid values: \"memberOf\"\n      expression: string\n\nrun_params:\n  network_configuration:\n    awsvpc_configuration:\n      subnets: array of strings          // These should be in the same VPC and Availability Zone as your instance\n      security_groups: list of strings   // These should be in the same VPC as your instance\n      assign_public_ip: string           // supported values: ENABLED or DISABLED\n  task_placement:\n    strategy:\n      - type: string                     // Valid values: \"spread\"|\"binpack\"|\"random\"\n        field: string                    // Not valid if type is \"random\"\n    constraints:\n      - type: string                     // Valid values: \"memberOf\"|\"distinctInstance\"\n        expression: string               // Not valid if type is \"distinctInstance\"\n  service_discovery:\n    container_name: string\n    container_port: integer\n    private_dns_namespace:\n      id: string\n      name: string\n      vpc: string\n      description: string\n    public_dns_namespace:\n      id: string\n      name: string\n    service_discovery_service:\n      name: string\n      description: string\n      dns_config:\n        type: string\n        ttl: integer\n      healthcheck_custom_config:\n        failure_threshold: integer\n```\n\n**Version**\nSchema version being used for the ecs-params.yml file. Currently, we only support version 1.\n\n**Task Definition**\nFields listed under `task_definition` correspond to fields that will be included in your ECS Task Definition.\n\n* `ecs_network_mode` corresponds to NetworkMode on an ECS Task Definition (Not to be confused with the network_mode field in Docker Compose). Supported values are none, bridge, host, or awsvpc. If not specified, this will default to bridge mode. If you wish to run tasks with Network Configuration, this field *must* be set to `awsvpc`.\n\n* `task_role_arn` should be the ARN of an IAM role. **NOTE**: If this role does not have the proper permissions/trust relationships on it, the `up` command will fail.\n\n* `services` correspond to the services listed in your docker compose file, with `service_name` matching the name of the container you wish to run. Its fields will be merged into an [ECS Container Definition](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinitions.html).\n  * If the [`essential`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinitions.html#cfn-ecs-taskdefinition-containerdefinition-essential) field is not specified, the value defaults to true.\n  * `depends_on` field maps to [`dependsOn`](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#container_definition_dependson) parameter in task definition. It allows you to specify a list of [`ContainerDependency`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdependency.html), which can be used for conditional startup of dependent containers or ensuring order of startup between containers. Refer [example](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/example_task_definitions.html#example_task_definition-containerdependency).\n  * If you are using Docker compose version 3, the `cpu_shares`, `mem_limit`, and `mem_reservation` fields are optional and must be specified in the ECS params file rather than the compose file.\n  * In Docker compose version 2, the `cpu_shares`, `mem_limit`, and `mem_reservation` fields can be specified in either the compose or ECS params file. If they are specified in the ECS params file, the values will override values present in the compose file.\n  * If you are using a private repository for pulling images, `repository_credentials` allows you to specify an AWS Secrets Manager secret ARN for the name of the secret containing your private repository credentials as a `credential_parameter`.\n  * `init_process_enabled` is a [Linux-specific option](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_LinuxParameters.html) that can be be set to run an init process inside the container that forwards signals and reaps processes. This parameter maps to the `--init` option to [docker run](https://docs.docker.com/engine/reference/run/). This parameter requires version 1.25 of the Docker Remote API or greater on your container instance.\n  * `firelens_configuration` contains configuration parameters for [Firelens](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_FirelensConfiguration.html).\n    * `type` Valid options are fluentbit or fluentd\n    * `options` Please see the [AWS docs for Firelens](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_FirelensConfiguration.html)\n  * `gpu` is the number of physical GPUs the Amazon ECS container agent will reserve for the container. Maps to the GPU [resource requirement](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ResourceRequirement.html) field in the task definition. For example: \"1\", \"4\", \"8\", \"16\".\n  * `healthcheck` This parameter maps to `healthcheck` in the [Docker compose file reference](https://docs.docker.com/compose/compose-file/#healthcheck). This field can either be used here in the ECS Params file, or it can be used in Compose File version 3 with the ECS CLI.\n    * `test` can also be specified as `command` and must be either a string or a list or strings. If `test` is specified as a list of strings, the first item must be either NONE, CMD, or CMD-SHELL. If test or command is specified as a string, CMD-SHELL will be prepended and ECS will run the command in the container's default shell.\n    * `interval`, `timeout`, and `start_period` are specified as durations in a string format. For example: 2.5s, 10s, 1m30s, 2h23m, or 5h34m56s.\n  * `secrets` allows you to specify secrets which will be retrieved from SSM Parameter Store. See the [ECS Docs](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html) for more information, including how reference AWS Secrets Managers secrets from SSM Parameter Store.\n    * `value_from` is the SSM (or Secrets Manager) Parameter ARN or name (if the parameter is in the same region as your ECS Task).\n    * `name` is the name of the environment variable in which the secret will be stored.\n  * If you need to inject secrets into your logging configuration, you may set `secret_options` under `logging`. For more information, See the [logging secrets section](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html#secrets-logconfig) of the ECS docs.\n    * `value_from` is the SSM (or Secrets Manager) Parameter ARN or name (if the parameter is in the same region as your ECS Task).\n    * `name` is the name of the logging option in which the secret will be stored.\n\n* `docker_volumes` allows you to create docker volumes. The name key is required, and `scope`, `autoprovision`, `driver`, `driver_opts` and `labels` correspond with the fields under [dockerVolumeConfiguration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/docker-volumes.html) in an ECS Task Definition. Volumes defined with the `docker_volumes` key can be referenced in your compose file by name, even if they were not also specified in the compose file.\n\n* `efs_volumes` allows you to mount EFS volumes to your container. The name and EFS filesystem ID are required. EFS volumes can be referenced by name in your compose file like `docker_volumes`. \n\n* `task_execution_role` should be the ARN of an IAM role. **NOTE**: This field is required to enable ECS Tasks to be configured with Cloudwatch Logs, or to pull images from ECR for your tasks.\n\n* `task_size` Contains two fields, CPU and Memory. These fields are required for launching tasks with Fargate launch type. See [the documentation on ECS Task Definition Parameters](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html) for more information.\n\n* `placement_constraints` allows you to specify a list of constraints on task placement within the task definition. Not supported with the `FARGATE` launch type.\n\n* `pid_mode` allows you to control the process namespace in which your containers run. Valid values are `task` or `host`. See the [ECS documentation](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_definition_pidmode) for more information.\n\n* `ipc_mode` allows you to control the IPC resource namespace in which your containers run. Valid values are `task`, `host`, or `none`. See the [ECS documentation](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_definition_ipcmode) for more information.\n\n**Run Params**\nFields listed under `run_params` are for values needed as options to API calls not related to a Task Definition, such as `compose up` (RunTask) and `compose service up` (CreateService).\nCurrently, the only parameter supported under `run_params` is `network_configuration`. This is required to run tasks with [Task Networking](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html), as well as with Fargate launch type.\n\n* `network_configuration` is required if you specify `ecs_network_mode` as `awsvpc`. It takes one nested parameter, `awsvpc_configuration`, which has three subfields:\n  * `subnets`: list of subnet ids used to launch tasks. ***NOTE*** These should be in the same VPC and availability zone as the instances on which you wish to launch your tasks.\n  * `security_groups`: list of securtiy-group ids used to launch tasks. ***NOTE*** These should be in the same VPC as the instances on which you wish to launch your tasks.\n  * `assign_public_ip`: supported values for this field are either \"ENABLED\" or \"DISABLED\". This field is *only* used for tasks launched with Fargate launch type. If this field is present in tasks with network configuration launched with EC2 launch type, the request will fail.\n* `task_placement` is an optional field with `EC2` launch-type only (it is *not* valid for `FARGATE`). It has two subfields:\n  * `strategy`: A list of objects, with two keys. Valid keys are `type` and `field`.\n    * `type`: Valid values are `random`, `binpack`, or `spread`. If `random` is specified, the `field` key should not be provided.\n    * `field`: Valid values depend on the strategy type.\n      * For `spread`, valid values are `instanceId`, `host`, or attribute key/value pairs, e.g. `attribute:ecs.instance-type =~ t2.*`\n      * For \"binpack\", valid values are \"cpu\" or \"memory\".\n  * `constraint`: A list of objects, with two keys. Valid keys are `type` and `expression`.\n    * `type`: Valid values are `distinctInstance` and `memberOf`. If `distinctInstance` is specified, the `expression` key should not be provided.\n    * `expression`: When `type` is `memberOf`, valid values are key/value pairs for attributes or task groups, e.g. `task:group == databases` or `attribute:color =~ green`.\n* `service_discovery` allows the configuration of Service Discovery using Route53 auto naming. For an explanation of these fields, see [Using Route53 Service Discovery](#using-route53-service-discovery).\n\nFor more information on task placement, see [Amazon ECS TaskPlacement] (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement.html).\n\nExample `ecs-params.yml` file:\n\n```\nversion: 1\ntask_definition:\n  ecs_network_mode: host\n  task_role_arn: myCustomRole\n  services:\n    logging:\n      essential: false\n    wordpress:\n      cpu_shares: 100\n      mem_limit: 500m\n    mysql:\n      cpu_shares: 105\n      mem_limit: 500m\n      mem_reservation: 450m\n  docker_volumes:\n    - name: database_volume\n      scope: shared\n      autoprovision: true\n      driver: local\n```\n\nExample `ecs-params.yml` with network configuration with **EC2** launch type:\n\n```\nversion: 1\ntask_definition:\n  ecs_network_mode: awsvpc\n  services:\n    my_service:\n      essential: false\n\nrun_params:\n  network_configuration:\n    awsvpc_configuration:\n      subnets:\n        - subnet-feedface\n        - subnet-deadbeef\n      security_groups:\n        - sg-bafff1ed\n        - sg-c0ffeefe\n```\nExample `ecs-params.yml` with network configuration with **FARGATE** launch type:\n\n```\nversion: 1\ntask_definition:\n  ecs_network_mode: awsvpc\n  task_execution_role: myFargateRole\n  task_size:\n    cpu_limit: 512\n    mem_limit: 2GB\n  services:\n    my_service:\n      essential: false\n\nrun_params:\n  network_configuration:\n    awsvpc_configuration:\n      subnets:\n        - subnet-feedface\n        - subnet-deadbeef\n      security_groups:\n        - sg-bafff1ed\n        - sg-c0ffeefe\n      assign_public_ip: ENABLED\n```\n\nExample `ecs-params.yml` with task placement:\n\n```\nversion: 1\nrun_params:\n  task_placement:\n    strategy:\n      - field: memory\n        type: binpack\n      - field: attribute:ecs.availability-zone\n        type: spread\n      - type: random\n    constraints:\n      - expression: attribute:ecs.instance-type =~ t2.*\n        type: memberOf\n      - type: distinctInstance`\n```\n\nExample `ecs-params.yml` with EFS volume:\n\n```\nversion: 1\ntask_definition:\n  task_execution_role: ecsTaskExecutionRole\n  ecs_network_mode: awsvpc\n  task_size:\n    mem_limit: 1.0GB\n    cpu_limit: 512\n  efs_volumes:\n    - name: \"myEFSVolume\"\n      filesystem_id: \"fs-fedc8554\"\nrun_params:\n  network_configuration:\n    awsvpc_configuration:\n      subnets:\n        - \"subnet-0b24acd73f534bb4f\"\n        - \"subnet-0f0e20022e2cccd67\"\n      security_groups:\n        - \"sg-0fb24ebc7dd5254b0\"\n      assign_public_ip: \"ENABLED\"\n```\n\nYou can then start a task by calling:\n```\necs-cli compose --ecs-params my-ecs-params.yml up\n```\n\nIf you have a file name `ecs-params.yml` in your current directory, `ecs-cli compose` will automatically read it without your having to set the `--ecs-params` flag value explicitly.\n\n```\necs-cli compose up\n```\n\n#### Launching an AWS Fargate task\n\nWith network configuration specified in your ecs-params.yml file, you can now launch a task with\nlaunch type FARGATE:\n\n```\necs-cli compose --ecs-params my-ecs-params.yml up --launch-type FARGATE\n```\n\nor\n\n```\necs-cli compose --ecs-params my-ecs-params.yml service up --launch-type FARGATE\n```\n\n#### Using Route53 Service Discovery\n\nWith the ECS CLI, you can create an ECS Service that uses [Route53 auto naming for service discovery](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html). Service Discovery requires a Service Discovery Service and a DNS Namespace. Keep in mind that:\n* When you enable Service Discovery with the ECS CLI, a new Service Discovery Service is always created using CloudFormation.\n* For the DNS Namespace, you have the option of using an existing public or private DNS Namespace, or letting the ECS CLI create a private DNS Namespace for you using CloudFormation.\n* Creation of a Public DNS Namespaces is not supported with the ECS CLI.\n* Only a single DNS Namespace may be used with Service Discovery.\n\n##### Enabling Service Discovery\n\n###### Specifying Values\n\nThe ECS-CLI simplifies the use of Service Discovery by providing default values for most fields, while still allowing maximum configurability. Here are the default values and explanations listed with the ECS Params input schema:\n\n```\nversion: 1\nrun_params:\n  service_discovery:\n    container_name: string            // Required if using SRV records\n    container_port: string            // Required if using SRV records\n    private_dns_namespace:\n      id: string                      // Allows you to specify an existing namespace by ID\n      name: string                    // DNS name for private namespace. Either used to specify an existing namespace, or if one does not exist with this name, the ECS CLI will create it\n      vpc: string                     // Required if \"id\" is not specified\n      description: string             // Only used if the namespace does not yet exist. Default = \"Created by the Amazon ECS CLI\"\n    public_dns_namespace:\n      id: string                      // Specify an existing public namespace by ID\n      name: string                    // Or specify an existing public namespace by Name\n    service_discovery_service:\n      name: string                    // Default = Name of the your ECS Service\n      description: string             // Default = \"Created by the Amazon ECS CLI\"\n      dns_config:\n        type: string                  // Valid values: A or SRV. SRV is required/the default when using bridge or host network mode. A is the default for the awsvpc network mode.\n        ttl: integer                  // Default = 60\n      healthcheck_custom_config:\n        failure_threshold: integer    // Default = 1\n```\n\n###### Simple Workflow\n\nLet's walk through a simple scenario with Service Discovery to see how it works with the ECS CLI. Many of the Service Discovery configuration values can be specified with flags, which take precedence over the ECS Params if both are present. Remember that with the ECS CLI, the Compose Project Name (name of the directory containing your Docker Compose File, unless otherwise specified using the flag) is used as the name for your ECS Service.\n\nFirst, we create a Service named `backend` and create a Private DNS Namespace in our VPC. Assume that the network mode is `awsvpc`, so the `container_name` and `container_port` values are not needed.\n\n```\n$ ecs-cli compose --project-name backend service up --private-dns-namespace tutorial --vpc vpc-04deee8176dce7d7d --enable-service-discovery\nINFO[0001] Using ECS task definition                     TaskDefinition=\"backend:1\"\nINFO[0002] Waiting for the private DNS namespace to be created...\nINFO[0002] Cloudformation stack status                   stackStatus=CREATE_IN_PROGRESS\nWARN[0033] Defaulting DNS Type to A because network mode was awsvpc\nINFO[0033] Waiting for the Service Discovery Service to be created...\nINFO[0034] Cloudformation stack status                   stackStatus=CREATE_IN_PROGRESS\nINFO[0065] Created an ECS service                        service=backend taskDefinition=\"backend:1\"\nINFO[0066] Updated ECS service successfully              desiredCount=1 serviceName=backend\nINFO[0081] (service backend) has started 1 tasks: (task 824b5a76-8f9c-4beb-a64b-6904e320630e).  timestamp=\"2018-09-12 00:00:26 +0000 UTC\"\nINFO[0157] Service status                                desiredCount=1 runningCount=1 serviceName=backend\nINFO[0157] ECS Service has reached a stable state        desiredCount=1 runningCount=1 serviceName=backend\n```\n\nNext, we create another service called `frontend` in the same Private DNS Namespace. Since the Namespace was already created, the ECS CLI knows to use the existing one.\n\n```\n$ ecs-cli compose --project-name frontend service up --private-dns-namespace tutorial --vpc vpc-04deee8176dce7d7d --enable-service-discovery\nINFO[0001] Using ECS task definition                     TaskDefinition=\"frontend:1\"\nINFO[0002] Using existing namespace ns-kvhnzhb5vxplfmls\nWARN[0033] Defaulting DNS Type to A because network mode was awsvpc\nINFO[0033] Waiting for the Service Discovery Service to be created...\nINFO[0034] Cloudformation stack status                   stackStatus=CREATE_IN_PROGRESS\nINFO[0065] Created an ECS service                        service=frontend taskDefinition=\"frontend:1\"\nINFO[0066] Updated ECS service successfully              desiredCount=1 serviceName=frontend\nINFO[0081] (service frontend) has started 1 tasks: (task 824b5a76-8f9c-4beb-a64b-6904e320630e).  timestamp=\"2018-09-12 00:00:26 +0000 UTC\"\nINFO[0157] Service status                                desiredCount=1 runningCount=1 serviceName=frontend\nINFO[0157] ECS Service has reached a stable state        desiredCount=1 runningCount=1 serviceName=frontend\n```\n\nNow, the two Services can find each other in the VPC using DNS. The DNS host name will be the name of the Service Discovery Service plus the name of the DNS Namespace. So the ECS Service `frontend` can be found at `frontend.tutorial`, and `backend` can be found at `backend.tutorial`. Remember that since this is a Private DNS Namespace, these domain names can only be resolved within your VPC.\n\nNow, let's update some of the Service Discovery settings for `frontend`; the only values that can be updated are `DNS TTL` and `Health Check Custom Config Failure Threshold` (the failure threshold for the health check administered by ECS, which determines when unhealthy containers will have their DNS records removed).\n\n```\n$ ecs-cli compose --project-name frontend service up --update-service-discovery --dns-type SRV --dns-ttl 120 --healthcheck-custom-config-failure-threshold 2\nINFO[0001] Using ECS task definition                     TaskDefinition=\"frontend:1\"\nINFO[0001] Updated ECS service successfully              desiredCount=1 serviceName=frontend\nINFO[0001] Service status                                desiredCount=1 runningCount=1 serviceName=frontend\nINFO[0001] ECS Service has reached a stable state        desiredCount=1 runningCount=1 serviceName=frontend\nINFO[0002] Waiting for your Service Discovery resources to be updated...\nINFO[0002] Cloudformation stack status                   stackStatus=UPDATE_IN_PROGRESS\n```\n\nNext, we delete the services and the Service Discovery resources. When we delete `frontend`, the CLI automatically removes its associated Service Discovery Service.\n\n```\n$ ecs-cli compose --project-name frontend service down\nINFO[0000] Updated ECS service successfully              desiredCount=0 serviceName=frontend\nINFO[0001] Service status                                desiredCount=0 runningCount=1 serviceName=frontend\nINFO[0016] Service status                                desiredCount=0 runningCount=0 serviceName=frontend\nINFO[0016] (service frontend) has stopped 1 running tasks: (task 824b5a76-8f9c-4beb-a64b-6904e320630e).  timestamp=\"2018-09-12 00:37:25 +0000 UTC\"\nINFO[0016] ECS Service has reached a stable state        desiredCount=0 runningCount=0 serviceName=frontend\nINFO[0016] Deleted ECS service                           service=frontend\nINFO[0016] ECS Service has reached a stable state        desiredCount=0 runningCount=0 serviceName=frontend\nINFO[0027] Waiting for your Service Discovery Service resource to be deleted...\nINFO[0027] Cloudformation stack status                   stackStatus=DELETE_IN_PROGRESS\n```\n\nFinally, we delete `backend` and the Private DNS Namespace which was created with it (the CLI associates the CloudFormation Stack for the Namespace with the ECS Service that it was originally created for, so the two should be deleted together).\n\n```\n$ ecs-cli compose --project-name backend service down --delete-namespace\nINFO[0000] Updated ECS service successfully              desiredCount=0 serviceName=backend\nINFO[0001] Service status                                desiredCount=0 runningCount=1 serviceName=backend\nINFO[0016] Service status                                desiredCount=0 runningCount=0 serviceName=backend\nINFO[0016] (service backend) has stopped 1 running tasks: (task 824b5a76-8f9c-4beb-a64b-6904e320630e).  timestamp=\"2018-09-12 00:37:25 +0000 UTC\"\nINFO[0016] ECS Service has reached a stable state        desiredCount=0 runningCount=0 serviceName=backend\nINFO[0016] Deleted ECS service                           service=backend\nINFO[0016] ECS Service has reached a stable state        desiredCount=0 runningCount=0 serviceName=backend\nINFO[0027] Waiting for your Service Discovery Service resource to be deleted...\nINFO[0027] Cloudformation stack status                   stackStatus=DELETE_IN_PROGRESS\nINFO[0059] Waiting for your Private DNS Namespace resource to be deleted...\nINFO[0059] Cloudformation stack status                   stackStatus=DELETE_IN_PROGRESS\n```\n\n\n### Viewing Running Tasks\n\nThe PS commands allow you to see running and recently stopped tasks. To see the Tasks running in your cluster:\n\n```\n$ ecs-cli ps\nName                                            State    Ports                     TaskDefinition\n37e873f6-37b4-42a7-af47-eac7275c6152/web        RUNNING  10.0.1.27:8080-\u003e8080/tcp  TaskNetworking:2\n37e873f6-37b4-42a7-af47-eac7275c6152/lb         RUNNING  10.0.1.27:80-\u003e80/tcp      TaskNetworking:2\n37e873f6-37b4-42a7-af47-eac7275c6152/redis      RUNNING                            TaskNetworking:2\n40bedf31-d707-446e-affc-766eac4cfb85/mysql      RUNNING                            fargate:1\n40bedf31-d707-446e-affc-766eac4cfb85/wordpress  RUNNING  54.16.93.6:80-\u003e80/tcp     fargate:1\n```\n\nThe IP address displayed by the ECS CLI depends on how your cluster is configured and which launch-type is used. If you are running tasks with launch type EC2 without task networking, then the IP address shown will be the public IP of the EC2 instance running your task. If no public IP was assigned, the instance's private IP will be displayed.\n\nFor tasks that use Task Networking with EC2 launch type, the ECS CLI will only show the private IP address of the ENI attached to the task.\n\nFor Fargate tasks, the ECS CLI will return the public IP assigned to the ENI attached to the Fargate task. The ENI for your Fargate task will be assigned a public IP if `assign_public_ip: ENABLED` is present in your ECS Params file. If the ENI lacks a public IP, then its private IP is shown.\n\nYou can use the `--desired-status` flag to filter for \"STOPPED\" or \"RUNNING\" containers.\n\n### Viewing Container Logs\n\nView the CloudWatch Logs for a given task and container:\n\n`ecs-cli logs --task-id 4c2df707-a160-475e-9c16-15dfb9df01cc --container-name mysql`\n\nFor Fargate tasks, it is recommended that you send your container logs to CloudWatch. *Note: For Fargate tasks you must specify a Task Execution IAM Role in your ECS Params file in order to use CloudWatch Logs.* You can specify the `awslogs` driver and logging options in your compose file like this:\n\n```\nservices:\n  \u003cMy Service\u003e:\n    logging:\n      driver: awslogs\n      options:\n        awslogs-group: \u003cLog Group Name\u003e\n        awslogs-region: \u003cLog Region\u003e\n        awslogs-stream-prefix: \u003cPrefix Name\u003e\n```\n\nThe log stream prefix is technically optional; however, it is highly recommended that you specify it. If you do specify it, then you can use the `ecs-cli logs` command. The Logs command allows you to retrieve the Logs for a task. There are many options for the logs command:\n\n```\nOPTIONS:\n--task-id value            Print the logs for this ECS Task.\n--task-def value           [Optional] Specifies the name or full Amazon Resource Name (ARN) of the ECS Task Definition associated with the Task ID. This is only needed if the Task is using an inactive Task Definition.\n--follow                   [Optional] Specifies if the logs should be streamed.\n--filter-pattern value     [Optional] Substring to search for within the logs.\n--container-name value     [Optional] Prints the logs for the given container. Required if containers in the Task use different log groups\n--since value              [Optional] Returns logs newer than a relative duration in minutes. Cannot be used with --start-time (default: 0)\n--start-time value         [Optional] Returns logs after a specific date (format: RFC 3339. Example: 2006-01-02T15:04:05+07:00). Cannot be used with --since flag\n--end-time value           [Optional] Returns logs before a specific date (format: RFC 3339. Example: 2006-01-02T15:04:05+07:00). Cannot be used with --follow\n--timestamps, -t           [Optional] Shows timestamps on each line in the log output.\n```\n\n### Using FIPS Endpoints\nThe ECS-CLI supports using [FIPS endpoints](https://aws.amazon.com/compliance/fips/) for calls to ECR. To ensure you are accessing ECR using FIPS endpoints, use the `--use-fips` flag on the `push`, `pull`, or `images` command. FIPS endpoints are currently available in us-west-1, us-west-2, us-east-1, us-east-2, and in the [GovCloud partition](https://docs.aws.amazon.com/govcloud-us/latest/ug-west/using-govcloud-endpoints.html).\n\n```\n$ ecs-cli push myRepository:latest --use-fips --debug\nDEBU[0000] Using FIPS endpoint: https://ecr-fips.us-west-2.amazonaws.com\nINFO[0000] Getting AWS account ID...\nDEBU[0000] Getting authorization token...\nDEBU[0000] Checking file cache                           registry=xxxxxxxxxx123\nDEBU[0000] Calling ECR.GetAuthorizationToken             registry=xxxxxxxxxx123\nDEBU[0000] Saving credentials to file cache              registry=xxxxxxxxxx123\nDEBU[0000] Retrieved authorization token via endpoint: https://xxxxxxxxxxx123.dkr.ecr-fips.us-west-2.amazonaws.com\nINFO[0000] Tagging image                                 image=myRepository repository=xxxxxxxxxxx123.dkr.ecr-fips.us-west-2.amazonaws.com/myRepository tag=latest\nINFO[0000] Image tagged\nDEBU[0000] Check if repository exists                    repository=myRepository\nINFO[0000] Pushing image                                 repository=xxxxxxxxxxx123.dkr.ecr-fips.us-west-2.amazonaws.com/myRepository tag=latest\nINFO[0002] Image pushed\n```\n\n### Using Private Registry Authentication\n\nIf you want to use privately hosted container images with ECS, the ECS CLI can store your private registry credentials in AWS Secrets Manager and create an IAM role which ECS can use to access the credentials and private images. This allows you to:\n\n* Store private registry credentials within AWS for use with ECS\n* Add the permissions needed to use your registry secrets to a new or existing Task Execution Role\n* Automatically add your private registry credentials to your task definition when running a task or service\n\nUsing privately hosted images with the ECS CLI is done in two parts:\n\n1) Create new AWS Secrets Manager secrets and an IAM Task Execution Role with `ecs-cli registry-creds up`\n2) Run `ecs-cli compose` commands to create and run a task definition that includes the new resources\n\n#### Storing private registry credentials with `ecs-cli registry-creds up`\n\nTo get started, first create an input file that contains the name of your registry and the credentials needed to access it:\n\n```\n# file name: cred_input.yml\n# when using environment variables, only '${VAR_NAME}' format is supported\n\nversion: '1'\nregistry_credentials:\n  my-registry.example.com:\n    secrets_manager_arn:        # required when using (with no modification) or updating an existing secret\n    username: myUserName        # required when creating or updating a new secret\n    password: ${MY_PASSWORD}    # required when creating or updating a new secret\n    kms_key_id:                 # optional custom KMS Key ID to use to encrypt new secret\n    container_names:            # required to match credential resources with docker-compose services\n      - web\n      - log\n```\n\nIn this example, we're storing credentials for a registry called `my-registry.example.com` and passing in the password with an environment variable. `container_names` is a list of the `service_names` in your Docker Compose project which need access to images in this registry. If you don't plan to use the output of `registry-creds up` to launch a task or service with `compose`, then you can leave this field empty.\n\nOther options:\n* To store credentials for multiple private registries, add additional (up to 10 total) registry names and their required details as separate keys under `registry_credentials`.\n  * Existing registry secrets from other regions can be included by specifying their `secrets_manager_arn` and associated `kms_key_id`. Creating or updating secrets must be done from within that region.\n* If you want to encrypt the AWS Secrets Manager secret for your registry with a custom KMS Key, then add the ARN, ID or Alias of the Key in the `kms_key_id` field. Otherwise, AWS Secrets Manager will use the default key in your account.\n* If you don't want to create or update an IAM Task Execution Role for these secrets, use the `--no-role` flag instead of specifying a role name.\n* If you don't want to generate an output file for use with `compose` or for records purposes, use the `--no-output-file` flag.\n* If you want the output file to be created in a specific directory on your machine, you can specify it with the `--output-dir \u003cvalue\u003e` flag. Otherwise, the file will be created in your working directory.\n\nAfter creating the input file, run the `registry-creds up` command on the file and pass in the name of the new or existing Task Execution Role you want to use for the secrets:\n\n```\n$ ecs-cli registry-creds up ./cred_input.yml --role-name myTaskExecutionRole\n```\n\nThe command will output the names of the resources it creates, including the name of the output file which was generated:\n\n```\n$ ecs-cli registry-creds up ./cred_input.yml --role-name myTaskExecutionRole\nINFO[0000] Processing credentials for registry my-registry.example.com...\nINFO[0000] New credential secret created: arn:aws:secretsmanager:region:aws_account_id:secret:amazon-ecs-cli-setup-my-registry.example.com-VeDqXm\nINFO[0000] Creating resources for task execution role myTaskExecutionRole...\nINFO[0000] Created new task execution role arn:aws:iam::aws_account_id:role/myTaskExecutionRole\nINFO[0000] Created new task execution role policy arn:aws:iam::aws_account_id:policy/amazon-ecs-cli-setup-myTaskExecutionRole-policy-20181023T210805Z\nINFO[0000] Attached AWS managed policy arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy to role myTaskExecutionRole\nINFO[0001] Attached new policy arn:aws:iam::aws_account_id:policy/amazon-ecs-cli-setup-myTaskExecutionRole-policy-20181023T210805Z to role myTaskExecutionRole\nINFO[0001] Writing registry credential output to new file C:\\Users\\myuser\\regcreds\\regCredTest\\ecs-registry-creds_20181023T210805Z.yml\n```\n\nThe output file `ecs-registry-creds_20181023T210805Z.yml` should like like this:\n```\nversion: \"1\"\nregistry_credential_outputs:\n  task_execution_role: myTaskExecutionRole\n  container_credentials:\n    my-registry.example.com:\n      credentials_parameter: arn:aws:secretsmanager:region:aws_account_id:secret:amazon-ecs-cli-setup-my-registry.example.com-VeDqXm\n      container_names:\n      - web\n      - log\n```\n\nThis file contains:\n* the name of the IAM Task Execution Role with permissions for the new secrets\n* the ARN of the new `credentials_parameter` created for the registry\n* the list of containers the new `credentials_parameter` should be used for when running a task or service\n\nWe can now use this file with `ecs-cli compose` commands to start a task with images in our private registry.\n\n#### Using private registry credentials when launching tasks or services\n\nNow that we have an output file that identifies which resources we need to use our private registry, the ECS CLI will incorporate them into our Docker Compose project when we run `ecs-cli compose`.\n\nIn the same directory (let's call it \"privateImageApp\"), create a docker-compose.yml file for your application:\n\n```\nversion: \"3\"\nservices:\n  web:\n    environment:\n      - SERVICE_NAME=web\n    image: my-registry.example.com/httpd\n    ports:\n      - \"80:80\"\n  log:\n    environment:\n      - SERVICE_NAME=log\n    image: my-registry.example.com/logging\n    logging:\n      driver: awslogs\n      options:\n        awslogs-group: myApps\n        awslogs-region: us-west-2\n        awslogs-stream-prefix: privateImageApp\n```\n\nNow run the command `ecs-cli compose up` to launch a task. The ECS CLI will automatically detect and use the newest `ecs-registry-creds` file within the current directory:\n\n```\n$~\\privateImageApp\u003e ecs-cli compose up\nINFO[0000] Found ecs-registry-creds file C:\\Users\\myuser\\regcreds\\regCredTest\\ecs-registry-creds_20181023T210805Z.yml\nINFO[0000] Using ecs-registry-creds value arn:aws:secretsmanager:region:aws_account_id:secret:amazon-ecs-cli-setup-my-registry.example.com-VeDqXm container name=web option name=credentials_parameter\nUsing ecs-registry-creds value arn:aws:secretsmanager:region:aws_account_id:secret:amazon-ecs-cli-setup-my-registry.example.com-VeDqXm container name=log option name=credentials_parameter\nINFO[0000] Using ecs-registry-creds value myTaskExecutionRole option name=task_execution_role\nINFO[0000] Using ECS task definition TaskDefinition=\"privateImageApp:1\"\nINFO[0000] Starting container... container=bf35a813-dd76-4fe0-b5a2-c1334c2331f4/web\nINFO[0000] Starting container... container=bf35a813-dd76-4fe0-b5a2-c1334c2331f4/log\nINFO[0012] Describe ECS container status container=bf35a813-dd76-4fe0-b5a2-c1334c2331f4/web desiredStatus=RUNNING lastStatus=PENDING taskDefinition=\"privateImageApp:1\"\nINFO[0013] Describe ECS container status container=bf35a813-dd76-4fe0-b5a2-c1334c2331f4/log desiredStatus=RUNNING lastStatus=PENDING taskDefinition=\"privateImageApp:1\"\nINFO[0018] Started container... container=bf35a813-dd76-4fe0-b5a2-c1334c2331f4/web desiredStatus=RUNNING lastStatus=RUNNING taskDefinition=\"privateImageApp:1\"\nINFO[0018] Started container... container=bf35a813-dd76-4fe0-b5a2-c1334c2331f4/log desiredStatus=RUNNING lastStatus=RUNNING taskDefinition=\"privateImageApp:1\"\n```\n\n The within your new task definition `privateImageApp:1`, the container definitions for both `web` and `log` should have your \"my-registry.example.com\" secret as a `credentialsParameter`. The `executionRoleArn` field will be the role we created in the previous step, \"myTaskExecutionRole\".\n\n Other options:\n * to use an ecs-registry-creds output file from outside the current directory, you can specify it in with the `--registry-creds \u003cvalue\u003e` flag\n\n For more information about using private registries with ECS, see [Private Registry Authentication for Tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/private-auth.html).\n\n### Checking for Missing Attributes and Debugging Reason Attribute Errors\n\nSometimes, when you try to Run a Task, the API will return the error message `\"Reasons : [\"ATTRIBUTE\"]\"`. This occurs because your container instances are missing an attribute required by your Task Definition. You can debug these failures using the `ecs-cli check-attributes` command.\n\nHere's an example of the command in action:\n\n```\n$ ecs-cli check-attributes --container-instances 28c5abd2-360e-41a0-81d8-0afca2d08d9b,45510138-f24f-47c6-a418-71c46dd51f88,ae66e18e-1d46-47ff-81c5-647f0f1426ce,dffe7f91-8faa-4e00-983b-c58fd279cf6d --cluster practice-cluster --region us-east-2 --task-def fluentd-kinesis\nContainer Instance                    Missing Attributes\ndffe7f91-8faa-4e00-983b-c58fd279cf6d  None\n28c5abd2-360e-41a0-81d8-0afca2d08d9b  com.amazonaws.ecs.capability.logging-driver.fluentd\n45510138-f24f-47c6-a418-71c46dd51f88  None\nae66e18e-1d46-47ff-81c5-647f0f1426ce  com.amazonaws.ecs.capability.logging-driver.fluentd\n```\n\nThe command outputs a table of container instances and which attributes they are missing. In this case, the Task Definition requires the Fluentd log driver, but 2 container instances lack support for it.\n\n### Tagging Resources\n\nECS CLI Commmands support a `--tags` flag which allows you to specify AWS Resource Tags in the format `key=value,key2=value2,key3=value3`. Resource tags can be used for cost allocation, automation, access control, and more. See [AWS Tagging Strategies](https://aws.amazon.com/answers/account-management/aws-tagging-strategies/) for a discussion of use cases.\n\n#### ARN Formats\n\nECS has released [new longer ARN formats](https://aws.amazon.com/blogs/compute/migrating-your-amazon-ecs-deployment-to-the-new-arn-and-resource-id-format-2/). ***You must opt in to these new formats in order to tag Tasks, Services, and Container instances.*** We strongly recommend opting-in all IAM Identities in your account. You can use the [PutAccountSettingDefault](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PutAccountSettingDefault.html) API to opt-in to the new format for all IAM Identities in your account.\n\n\n#### ecs-cli up command\n\n The ECS Cluster, and CloudFormation template with EC2 resources can be tagged. In addition, the ECS CLI will add tags to the following resources which are created by the CloudFormation template:\n * VPC\n * Subnets\n * Internet Gateway\n * Route Tables\n * Security Group\n * Autoscaling Group\n * ECS Container Instances (only if opted-in to [Container Instance Long ARN format](https://aws.amazon.com/blogs/compute/migrating-your-amazon-ecs-deployment-to-the-new-arn-and-resource-id-format-2/))\n\n For the autoscaling group, the ECS CLI will add a `Name` tag whose value will be `ECS Instance - \u003cCloudFormation stack name\u003e`, which will be propagated to your EC2 instances. You can override this behavior by specifying your own `Name` tag.\n\n#### ecs-cli compose create/up\n\nResource tags specified with `--tags` will be added to your Tasks and Task Definitions. In addition, [ECS Managed Tags](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-using-tags.html) are enabled by default for all tasks launched by the ECS CLI (if you are opted-in the the new Task Long ARN Format). ECS will automatically add a `aws:ecs:clusterName` tag to each of your tasks. You can disable this feature using `--disable-ecs-managed-tags`.\n\n#### ecs-cli compose service create/up\n\nResource tags specified with `--tags` will be added to your Service and Task Definitions. In addition, all Services created by the ECS CLI have [`propagateTags`](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CreateService.html#ECS-CreateService-request-propagateTags) set to `TASK_DEFINITION` which means that tags from the Task Definition will propagate to the tasks in the Service. If you add new tags, the ECS CLI will register a new Task Definition and these tags will be propagated by ECS to your tasks.\n\nSimilar to `compose up/create`, [ECS Managed Tags](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-using-tags.html) are enabled by default for all Services launched by the ECS CLI (if you are opted-in the the new Task Long ARN Format). ECS will automatically add `aws:ecs:clusterName` and `aws:ecs:serviceName` tags to each of the tasks launched by your service. You can disable this feature using `--disable-ecs-managed-tags`.\n\n#### ecs-cli push\n\nResource tags specified with `--tags` will be added to your ECR repository.\n\n#### ecs-cli registry-creds up\n\nResource tags specified with `--tags` will be added to new IAM Roles and new or existing AWS Secrets Manager Secrets. (Existing IAM Roles cannot be tagged.)\n\n### Running Tasks Locally\nThe ECS CLI supports creating, running, inspecting and stopping tasks defined by an ECS Task Definition through its `local` subcommands. You can run an ECS Task Definition specified in a local JSON file or pulled from a registered ECS Task Definition.\n\n#### ecs-cli local create\nIf you want to convert an ECS Task Definition to a Docker Compose file, you can run:\n\n```\n$ ecs-cli local create\n```\nWithout arguments, this will try to read an ECS Task Definition from local a file named `task-definition.json` located in the current directory and generate both a compose file, by default named `docker-compose.ecs-local.yml`, as well as a compose override file, by default named `docker-compose.ecs-local.override.yml`. This command is equivalent to a dry-run of `local up`.\n**NOTE** Using these Compose files as input to `ecs-cli compose` subcommands may not translate back to the same ECS Task Definition used as input to `local create`.\n\nTo run an ECS Task Definition specified in a different file, you can use the `--task-def-file` or `-f` flag with the name of the file.\nTo run an ECS Task Definition already registered with ECS, you can use the `--task-def-remote` or `-t` flag with the ARN or family name of the Task Definition.\nYou can also specify a different output file using the `--output` or `-o` flag.\nTo skip the overwrite confirmation prompt, use the `--force` flag.\n\n\n#### ecs-cli local up\nTo run an ECS Task Definition locally, you can run:\n\n```\n$ ecs-cli local up\n```\n\nThis command takes the same flags as `local create`. You can also specify compose override files using the `--override` flag.\n\nThis command will also create the local end [Amazon ECS Local Endpoints Container](https://github.com/awslabs/amazon-ecs-local-container-endpoints) and the network, `ecs-local-network` that your containers will be run in.\n\n\n#### ecs-cli local ps\nOnce you have your task running locally, the basic command to list your task's containers is:\n ```\n$ ecs-cli local ps\n```\nThis will search for containers created from the `./task-definition.json` file (to see all available options, run `ecs-cli local ps --help`).\n\nFor example, if you'd like to list containers created from a specific task definition file, use the following command:\n```\n$ ecs-cli local ps -f ./app-task-definition.json\nCONTAINER ID        IMAGE               STATUS              PORTS               NAMES                 TASKDEFINITION\n84ff8e68e613        nginx               Up 15 seconds                           /local-cmds_nginx_1   /path/to/app-task-definition.json\n```\n\n#### ecs-cli local down\nIf you want to stop and remove a task's containers, you can run:\n```\n$ ecs-cli local down\n```\nThis will stop and remove all the containers started from the `./task-definition.json` file  (to see all available options, run `ecs-cli local down --help`).\n\nFor example, you can stop and remove all tasks running locally using the `--all` flag:\n```\n$ ecs-cli local down --all\nINFO[0000] Searching for all running containers\nINFO[0000] Stop and remove 1 container(s)\nINFO[0000] Stopped container with id 84ff8e68e613\nINFO[0000] Removed container with id 84ff8e68e613\nINFO[0000] The network ecs-local-network has no more running tasks\nINFO[0001] Stopped container with name amazon-ecs-local-container-endpoints\nINFO[0001] Removed container with name amazon-ecs-local-container-endpoints\nINFO[0001] Removed network with name ecs-local-network\n```\n\nIf you have no more tasks running, then this command will also stop and remove the [Amazon ECS Local Container Endpoints](https://github.com/awslabs/amazon-ecs-local-container-endpoints)\nand finally remove the `ecs-local-network` as well.\n\n## Amazon ECS CLI Commands\n\nFor a complete list of commands, see the\n[Amazon ECS CLI documentation](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_CLI.html).\n\n## Contributing to the CLI\nContributions and feedback are welcome! Proposals and pull requests will be considered and responded to.\nFor more information, see the [CONTRIBUTING.md](https://github.com/aws/amazon-ecs-cli/blob/master/CONTRIBUTING.md) file.\n\nAmazon Web Services does not currently provide support for modified copies of\nthis software.\n\n## License\n\nThe Amazon ECS CLI is distributed under the [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0).\nSee [LICENSE](https://github.com/aws/amazon-ecs-cli/blob/master/LICENSE) and [NOTICE](https://github.com/aws/amazon-ecs-cli/blob/master/NOTICE) for more information.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faws%2Famazon-ecs-cli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faws%2Famazon-ecs-cli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faws%2Famazon-ecs-cli/lists"}