diff --git a/clients/client-ecs/src/commands/DeleteAccountSettingCommand.ts b/clients/client-ecs/src/commands/DeleteAccountSettingCommand.ts index cde33f22b5e4..385c95725cb0 100644 --- a/clients/client-ecs/src/commands/DeleteAccountSettingCommand.ts +++ b/clients/client-ecs/src/commands/DeleteAccountSettingCommand.ts @@ -45,14 +45,14 @@ export interface DeleteAccountSettingCommandOutput extends DeleteAccountSettingR * // const { ECSClient, DeleteAccountSettingCommand } = require("@aws-sdk/client-ecs"); // CommonJS import * const client = new ECSClient(config); * const input = { // DeleteAccountSettingRequest - * name: "serviceLongArnFormat" || "taskLongArnFormat" || "containerInstanceLongArnFormat" || "awsvpcTrunking" || "containerInsights" || "fargateFIPSMode" || "tagResourceAuthorization", // required + * name: "serviceLongArnFormat" || "taskLongArnFormat" || "containerInstanceLongArnFormat" || "awsvpcTrunking" || "containerInsights" || "fargateFIPSMode" || "tagResourceAuthorization" || "fargateTaskRetirementWaitPeriod", // required * principalArn: "STRING_VALUE", * }; * const command = new DeleteAccountSettingCommand(input); * const response = await client.send(command); * // { // DeleteAccountSettingResponse * // setting: { // Setting - * // name: "serviceLongArnFormat" || "taskLongArnFormat" || "containerInstanceLongArnFormat" || "awsvpcTrunking" || "containerInsights" || "fargateFIPSMode" || "tagResourceAuthorization", + * // name: "serviceLongArnFormat" || "taskLongArnFormat" || "containerInstanceLongArnFormat" || "awsvpcTrunking" || "containerInsights" || "fargateFIPSMode" || "tagResourceAuthorization" || "fargateTaskRetirementWaitPeriod", * // value: "STRING_VALUE", * // principalArn: "STRING_VALUE", * // }, diff --git a/clients/client-ecs/src/commands/ListAccountSettingsCommand.ts b/clients/client-ecs/src/commands/ListAccountSettingsCommand.ts index 798f6c157e37..57e0f4f022dd 100644 --- a/clients/client-ecs/src/commands/ListAccountSettingsCommand.ts +++ b/clients/client-ecs/src/commands/ListAccountSettingsCommand.ts @@ -44,7 +44,7 @@ export interface ListAccountSettingsCommandOutput extends ListAccountSettingsRes * // const { ECSClient, ListAccountSettingsCommand } = require("@aws-sdk/client-ecs"); // CommonJS import * const client = new ECSClient(config); * const input = { // ListAccountSettingsRequest - * name: "serviceLongArnFormat" || "taskLongArnFormat" || "containerInstanceLongArnFormat" || "awsvpcTrunking" || "containerInsights" || "fargateFIPSMode" || "tagResourceAuthorization", + * name: "serviceLongArnFormat" || "taskLongArnFormat" || "containerInstanceLongArnFormat" || "awsvpcTrunking" || "containerInsights" || "fargateFIPSMode" || "tagResourceAuthorization" || "fargateTaskRetirementWaitPeriod", * value: "STRING_VALUE", * principalArn: "STRING_VALUE", * effectiveSettings: true || false, @@ -56,7 +56,7 @@ export interface ListAccountSettingsCommandOutput extends ListAccountSettingsRes * // { // ListAccountSettingsResponse * // settings: [ // Settings * // { // Setting - * // name: "serviceLongArnFormat" || "taskLongArnFormat" || "containerInstanceLongArnFormat" || "awsvpcTrunking" || "containerInsights" || "fargateFIPSMode" || "tagResourceAuthorization", + * // name: "serviceLongArnFormat" || "taskLongArnFormat" || "containerInstanceLongArnFormat" || "awsvpcTrunking" || "containerInsights" || "fargateFIPSMode" || "tagResourceAuthorization" || "fargateTaskRetirementWaitPeriod", * // value: "STRING_VALUE", * // principalArn: "STRING_VALUE", * // }, diff --git a/clients/client-ecs/src/commands/PutAccountSettingCommand.ts b/clients/client-ecs/src/commands/PutAccountSettingCommand.ts index 308c2859f32f..45bfa30e966d 100644 --- a/clients/client-ecs/src/commands/PutAccountSettingCommand.ts +++ b/clients/client-ecs/src/commands/PutAccountSettingCommand.ts @@ -41,20 +41,20 @@ export interface PutAccountSettingCommandOutput extends PutAccountSettingRespons * and roles that do not have specified individual account settings. For more information, * see Account * Settings in the Amazon Elastic Container Service Developer Guide.
- *When serviceLongArnFormat
, taskLongArnFormat
, or
- * containerInstanceLongArnFormat
are specified, the Amazon Resource Name
- * (ARN) and resource ID format of the resource type for a specified user, role, or
- * the root user for an account is affected. The opt-in and opt-out account setting must be
- * set for each Amazon ECS resource separately. The ARN and resource ID format of a resource
- * is defined by the opt-in status of the user or role that created the resource. You
- * must turn on this setting to use Amazon ECS features such as resource tagging.
When awsvpcTrunking
is specified, the elastic network interface (ENI)
- * limit for any new container instances that support the feature is changed. If
- * awsvpcTrunking
is turned on, any new container instances that support the
- * feature are launched have the increased ENI limits available to them. For more
+ *
When you specify serviceLongArnFormat
, taskLongArnFormat
, or
+ * containerInstanceLongArnFormat
, the Amazon Resource Name (ARN) and
+ * resource ID format of the resource type for a specified user, role, or the root user for an
+ * account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS
+ * resource separately. The ARN and resource ID format of a resource is defined by the
+ * opt-in status of the user or role that created the resource. You must turn on this
+ * setting to use Amazon ECS features such as resource tagging.
When you specify awsvpcTrunking
, the elastic network interface (ENI) limit for
+ * any new container instances that support the feature is changed. If
+ * awsvpcTrunking
is turned on, any new container instances that support
+ * the feature are launched have the increased ENI limits available to them. For more
* information, see Elastic Network
* Interface Trunking in the Amazon Elastic Container Service Developer Guide.
When containerInsights
is specified, the default setting indicating whether
+ *
When you specify containerInsights
, the default setting indicating whether
* Amazon Web Services CloudWatch Container Insights is turned on for your clusters is changed. If
* containerInsights
is turned on, any new clusters that are created will
* have Container Insights turned on unless you disable it during cluster creation. For
@@ -68,6 +68,11 @@ export interface PutAccountSettingCommandOutput extends PutAccountSettingRespons
* more information, see Grant
* permission to tag resources on creation in the Amazon ECS Developer
* Guide.
When Amazon Web Services determines that a security or infrastructure update is needed for an Amazon ECS
+ * task hosted on Fargate, the tasks need to be stopped and new tasks launched to replace
+ * them. Use fargateTaskRetirementWaitPeriod
to configure the wait time to
+ * retire a Fargate task. For information about the Fargate tasks maintenance, see Amazon Web Services Fargate task maintenance in the Amazon ECS Developer
+ * Guide.
he managed scaling settings for the Auto Scaling group capacity provider.
+ *The managed scaling settings for the Auto Scaling group capacity provider.
*/ managedScaling?: ManagedScaling; @@ -3568,6 +3568,7 @@ export const SettingName = { CONTAINER_INSIGHTS: "containerInsights", CONTAINER_INSTANCE_LONG_ARN_FORMAT: "containerInstanceLongArnFormat", FARGATE_FIPS_MODE: "fargateFIPSMode", + FARGATE_TASK_RETIREMENT_WAIT_PERIOD: "fargateTaskRetirementWaitPeriod", SERVICE_LONG_ARN_FORMAT: "serviceLongArnFormat", TAG_RESOURCE_AUTHORIZATION: "tagResourceAuthorization", TASK_LONG_ARN_FORMAT: "taskLongArnFormat", @@ -4857,8 +4858,18 @@ export interface SystemControl { /** * @public - *The value for the namespaced kernel parameter that's specified in
- * namespace
.
The namespaced kernel parameter to set a
+ * value
for.
Valid IPC namespace values: "kernel.msgmax" | "kernel.msgmnb" | "kernel.msgmni"
+ * | "kernel.sem" | "kernel.shmall" | "kernel.shmmax" |
+ * "kernel.shmmni" | "kernel.shm_rmid_forced"
, and
+ * Sysctls
that start with
+ * "fs.mqueue.*"
+ *
Valid network namespace values: Sysctls
that start with
+ * "net.*"
+ *
All of these values are supported by Fargate.
*/ value?: string; } @@ -5641,7 +5652,9 @@ export interface ContainerDefinition { * @public *A list of namespaced kernel parameters to set in the container. This parameter maps to
* Sysctls
in the Create a container section of the
- * Docker Remote API and the --sysctl
option to docker run.
--sysctl
option to docker run. For example, you can
+ * configure net.ipv4.tcp_keepalive_time
setting to maintain
+ * longer lived connections.
* We don't recommended that you specify network-related systemControls
* parameters for multiple containers in a single task that also uses either the
@@ -5651,6 +5664,15 @@ export interface ContainerDefinition {
* host
network mode, it changes the container instance's namespaced
* kernel parameters as well as the containers.
This parameter is not supported for Windows containers.
+ *This parameter is only supported for tasks that are hosted on
+ * Fargate if the tasks are using platform version 1.4.0
or later
+ * (Linux). This isn't supported for Windows containers on
+ * Fargate.
The process namespace to use for the containers in the task. The valid
- * values are host
or task
. If host
- * is specified, then all containers within the tasks that specified the
- * host
PID mode on the same container instance share the
- * same process namespace with the host Amazon EC2 instance. If task
is
- * specified, all containers within the specified task share the same
- * process namespace. If no value is specified, the default is a private
- * namespace. For more information, see PID settings in the Docker run
+ * values are host
or task
. On Fargate for
+ * Linux containers, the only valid value is task
. For
+ * example, monitoring sidecars might need pidMode
to access
+ * information about other containers running in the same task.
If host
is specified, all containers within the tasks
+ * that specified the host
PID mode on the same container
+ * instance share the same process namespace with the host Amazon EC2
+ * instance.
If task
is specified, all containers within the specified
+ * task share the same process namespace.
If no value is specified, the + * default is a private namespace for each container. For more information, + * see PID settings in the Docker run * reference.
- *If the host
PID mode is used, be aware that there is a
- * heightened risk of undesired process namespace expose. For more
- * information, see Docker
- * security.
If the host
PID mode is used, there's a heightened risk
+ * of undesired process namespace exposure. For more information, see
+ * Docker security.
This parameter is not supported for Windows containers or tasks run on Fargate.
+ *This parameter is not supported for Windows containers.
+ *This parameter is only supported for tasks that are hosted on
+ * Fargate if the tasks are using platform version 1.4.0
or later
+ * (Linux). This isn't supported for Windows containers on
+ * Fargate.
The number of tasks on the container instance that are in the RUNNING
- * status.
The number of tasks on the container instance that have a desired status (desiredStatus
) of RUNNING
.
The Amazon ECS resource name for which to modify the account setting. If
- * serviceLongArnFormat
is specified, the ARN for your Amazon ECS services is
- * affected. If taskLongArnFormat
is specified, the ARN and resource ID for
- * your Amazon ECS tasks is affected. If containerInstanceLongArnFormat
is
- * specified, the ARN and resource ID for your Amazon ECS container instances is affected. If
- * awsvpcTrunking
is specified, the elastic network interface (ENI) limit
- * for your Amazon ECS container instances is affected. If containerInsights
is
- * specified, the default setting for Amazon Web Services CloudWatch Container Insights for your clusters is
- * affected. If fargateFIPSMode
is specified, Fargate FIPS 140 compliance is
- * affected. If tagResourceAuthorization
is specified, the opt-in option for
- * tagging resources on creation is affected. For information about the opt-in timeline,
- * see Tagging authorization timeline in the Amazon ECS Developer
- * Guide.
The Amazon ECS resource name for which to modify the account setting. If you specify
+ * serviceLongArnFormat
, the ARN for your Amazon ECS services is affected. If
+ * you specify taskLongArnFormat
, the ARN and resource ID for your Amazon ECS
+ * tasks is affected. If you specify containerInstanceLongArnFormat
, the ARN
+ * and resource ID for your Amazon ECS container instances is affected. If you specify
+ * awsvpcTrunking
, the elastic network interface (ENI) limit for your
+ * Amazon ECS container instances is affected. If you specify containerInsights
,
+ * the default setting for Amazon Web Services CloudWatch Container Insights for your clusters is affected. If
+ * you specify fargateFIPSMode
, Fargate FIPS 140 compliance is affected. If
+ * you specify tagResourceAuthorization
, the opt-in option for tagging
+ * resources on creation is affected. For information about the opt-in timeline, see Tagging authorization timeline in the Amazon ECS Developer
+ * Guide. If you specify fargateTaskRetirementWaitPeriod
, the
+ * wait time to retire a Fargate task is affected.
The account setting value for the specified principal ARN. Accepted values are
* enabled
, disabled
, on
, and
* off
.
When you specify fargateTaskRetirementWaitPeriod
for the name
, the
+ * following are the valid values:
+ * 0
- immediately retire the tasks and patch Fargate
There is no advanced notification. Your tasks are retired immediately, and Fargate + * is patched without any notification.
+ *
+ * 7
-wait 7 calendar days to retire the tasks and patch Fargate
+ * 14
- wait 14 calendar days to retire the tasks and patch Fargate
You must use the root user when you set the Fargate wait time
+ * (fargateTaskRetirementWaitPeriod
).
Federated users assume the account setting of the root user and can't have * explicit account settings set for them.
*The resource name for which to modify the account setting. If
- * serviceLongArnFormat
is specified, the ARN for your Amazon ECS services is
- * affected. If taskLongArnFormat
is specified, the ARN and resource ID for
- * your Amazon ECS tasks is affected. If containerInstanceLongArnFormat
is
- * specified, the ARN and resource ID for your Amazon ECS container instances is affected. If
- * awsvpcTrunking
is specified, the ENI limit for your Amazon ECS container
- * instances is affected. If containerInsights
is specified, the default
- * setting for Amazon Web Services CloudWatch Container Insights for your clusters is affected. If
- * tagResourceAuthorization
is specified, the opt-in option for tagging
- * resources on creation is affected. For information about the opt-in timeline, see Tagging authorization timeline in the Amazon ECS Developer
- * Guide.
The resource name for which to modify the account setting. If you specify
+ * serviceLongArnFormat
, the ARN for your Amazon ECS services is affected. If
+ * you specify taskLongArnFormat
, the ARN and resource ID for your Amazon ECS
+ * tasks is affected. If you specify containerInstanceLongArnFormat
, the ARN
+ * and resource ID for your Amazon ECS container instances is affected. If you specify
+ * awsvpcTrunking
, the ENI limit for your Amazon ECS container instances is
+ * affected. If you specify containerInsights
, the default setting for Amazon Web Services
+ * CloudWatch Container Insights for your clusters is affected. If you specify
+ * tagResourceAuthorization
, the opt-in option for tagging resources on
+ * creation is affected. For information about the opt-in timeline, see Tagging authorization timeline in the Amazon ECS Developer
+ * Guide. If you specify fargateTaskRetirementWaitPeriod
, the
+ * default wait time to retire a Fargate task due to required maintenance is
+ * affected.
When you specify fargateFIPSMode
for the name
and
* enabled
for the value
, Fargate uses FIPS-140 compliant
* cryptographic algorithms on your tasks. For more information about FIPS-140 compliance
* with Fargate, see Amazon Web Services Fargate Federal Information Processing Standard (FIPS) 140-2
* compliance in the Amazon Elastic Container Service Developer Guide.
When Amazon Web Services determines that a security or infrastructure update is needed for an Amazon ECS task
+ * hosted on Fargate, the tasks need to be stopped and new tasks launched to replace
+ * them. Use fargateTaskRetirementWaitPeriod
to set the wait time to retire a
+ * Fargate task to the default. For information about the Fargate tasks maintenance,
+ * see Amazon Web Services Fargate task
+ * maintenance in the Amazon ECS Developer Guide.
The account setting value for the specified principal ARN. Accepted values are
* enabled
, disabled
, on
, and
* off
.
When you specify fargateTaskRetirementWaitPeriod
for the
+ * name
, the following are the valid values:
+ * 0
- immediately retire the tasks and patch Fargate
There is no advanced notification. Your tasks are retired immediately, and + * Fargate is patched without any notification.
+ *
+ * 7
-wait 7 calendar days to retire the tasks and patch Fargate
+ *
+ * 14
- wait 14 calendar days to retire the tasks and patch
+ * Fargate
The process namespace to use for the containers in the task. The valid
- * values are host
or task
. If host
- * is specified, then all containers within the tasks that specified the
- * host
PID mode on the same container instance share the
- * same process namespace with the host Amazon EC2 instance. If task
is
- * specified, all containers within the specified task share the same
- * process namespace. If no value is specified, the default is a private
- * namespace. For more information, see PID settings in the Docker run
+ * values are host
or task
. On Fargate for
+ * Linux containers, the only valid value is task
. For
+ * example, monitoring sidecars might need pidMode
to access
+ * information about other containers running in the same task.
If host
is specified, all containers within the tasks
+ * that specified the host
PID mode on the same container
+ * instance share the same process namespace with the host Amazon EC2
+ * instance.
If task
is specified, all containers within the specified
+ * task share the same process namespace.
If no value is specified, the + * default is a private namespace for each container. For more information, + * see PID settings in the Docker run * reference.
- *If the host
PID mode is used, be aware that there is a
- * heightened risk of undesired process namespace expose. For more
- * information, see Docker
- * security.
If the host
PID mode is used, there's a heightened risk
+ * of undesired process namespace exposure. For more information, see
+ * Docker security.
This parameter is not supported for Windows containers or tasks run on Fargate.
+ *This parameter is not supported for Windows containers.
+ *This parameter is only supported for tasks that are hosted on
+ * Fargate if the tasks are using platform version 1.4.0
or later
+ * (Linux). This isn't supported for Windows containers on
+ * Fargate.
he managed scaling settings for the Auto Scaling group capacity provider.
" + "smithy.api#documentation": "The managed scaling settings for the Auto Scaling group capacity provider.
" } }, "managedTerminationProtection": { @@ -2433,7 +2433,7 @@ "systemControls": { "target": "com.amazonaws.ecs#SystemControls", "traits": { - "smithy.api#documentation": "A list of namespaced kernel parameters to set in the container. This parameter maps to\n\t\t\t\tSysctls
in the Create a container section of the\n\t\t\tDocker Remote API and the --sysctl
option to docker run.
We don't recommended that you specify network-related systemControls
\n\t\t\t\tparameters for multiple containers in a single task that also uses either the\n\t\t\t\t\tawsvpc
or host
network modes. For tasks that use the\n\t\t\t\t\tawsvpc
network mode, the container that's started last determines\n\t\t\t\twhich systemControls
parameters take effect. For tasks that use the\n\t\t\t\t\thost
network mode, it changes the container instance's namespaced\n\t\t\t\tkernel parameters as well as the containers.
A list of namespaced kernel parameters to set in the container. This parameter maps to\n\t\t\t\tSysctls
in the Create a container section of the\n\t\t\tDocker Remote API and the --sysctl
option to docker run. For example, you can\n\t\t\tconfigure net.ipv4.tcp_keepalive_time
setting to maintain\n\t\t\tlonger lived connections.
We don't recommended that you specify network-related systemControls
\n\t\t\t\tparameters for multiple containers in a single task that also uses either the\n\t\t\t\t\tawsvpc
or host
network modes. For tasks that use the\n\t\t\t\t\tawsvpc
network mode, the container that's started last determines\n\t\t\t\twhich systemControls
parameters take effect. For tasks that use the\n\t\t\t\t\thost
network mode, it changes the container instance's namespaced\n\t\t\t\tkernel parameters as well as the containers.
This parameter is not supported for Windows containers.
\nThis parameter is only supported for tasks that are hosted on\n Fargate if the tasks are using platform version 1.4.0
or later\n (Linux). This isn't supported for Windows containers on\n Fargate.
The number of tasks on the container instance that are in the RUNNING
\n\t\t\tstatus.
The number of tasks on the container instance that have a desired status (desiredStatus
) of RUNNING
.
Modifies an account setting. Account settings are set on a per-Region basis.
\nIf you change the root user account setting, the default settings are reset for users\n\t\t\tand roles that do not have specified individual account settings. For more information,\n\t\t\tsee Account\n\t\t\t\tSettings in the Amazon Elastic Container Service Developer Guide.
\nWhen serviceLongArnFormat
, taskLongArnFormat
, or\n\t\t\t\tcontainerInstanceLongArnFormat
are specified, the Amazon Resource Name\n\t\t\t(ARN) and resource ID format of the resource type for a specified user, role, or\n\t\t\tthe root user for an account is affected. The opt-in and opt-out account setting must be\n\t\t\tset for each Amazon ECS resource separately. The ARN and resource ID format of a resource\n\t\t\tis defined by the opt-in status of the user or role that created the resource. You\n\t\t\tmust turn on this setting to use Amazon ECS features such as resource tagging.
When awsvpcTrunking
is specified, the elastic network interface (ENI)\n\t\t\tlimit for any new container instances that support the feature is changed. If\n\t\t\t\tawsvpcTrunking
is turned on, any new container instances that support the\n\t\t\tfeature are launched have the increased ENI limits available to them. For more\n\t\t\tinformation, see Elastic Network\n\t\t\t\tInterface Trunking in the Amazon Elastic Container Service Developer Guide.
When containerInsights
is specified, the default setting indicating whether\n\t\t\tAmazon Web Services CloudWatch Container Insights is turned on for your clusters is changed. If\n\t\t\t\tcontainerInsights
is turned on, any new clusters that are created will\n\t\t\thave Container Insights turned on unless you disable it during cluster creation. For\n\t\t\tmore information, see CloudWatch\n\t\t\t\tContainer Insights in the Amazon Elastic Container Service Developer Guide.
Amazon ECS is introducing tagging authorization for resource creation. Users must have\n\t\t\tpermissions for actions that create the resource, such as ecsCreateCluster
.\n\t\t\tIf tags are specified when you create a resource, Amazon Web Services performs additional\n\t\t\tauthorization to verify if users or roles have permissions to create tags. Therefore,\n\t\t\tyou must grant explicit permissions to use the ecs:TagResource
action. For\n\t\t\tmore information, see Grant\n\t\t\t\tpermission to tag resources on creation in the Amazon ECS Developer\n\t\t\t\t\tGuide.
Modifies an account setting. Account settings are set on a per-Region basis.
\nIf you change the root user account setting, the default settings are reset for users\n\t\t\tand roles that do not have specified individual account settings. For more information,\n\t\t\tsee Account\n\t\t\t\tSettings in the Amazon Elastic Container Service Developer Guide.
\nWhen you specify serviceLongArnFormat
, taskLongArnFormat
, or\n\t\t\t\tcontainerInstanceLongArnFormat
, the Amazon Resource Name (ARN) and\n\t\t\tresource ID format of the resource type for a specified user, role, or the root user for an\n\t\t\taccount is affected. The opt-in and opt-out account setting must be set for each Amazon ECS\n\t\t\tresource separately. The ARN and resource ID format of a resource is defined by the\n\t\t\topt-in status of the user or role that created the resource. You must turn on this\n\t\t\tsetting to use Amazon ECS features such as resource tagging.
When you specify awsvpcTrunking
, the elastic network interface (ENI) limit for\n\t\t\tany new container instances that support the feature is changed. If\n\t\t\t\tawsvpcTrunking
is turned on, any new container instances that support\n\t\t\tthe feature are launched have the increased ENI limits available to them. For more\n\t\t\tinformation, see Elastic Network\n\t\t\t\tInterface Trunking in the Amazon Elastic Container Service Developer Guide.
When you specify containerInsights
, the default setting indicating whether\n\t\t\tAmazon Web Services CloudWatch Container Insights is turned on for your clusters is changed. If\n\t\t\t\tcontainerInsights
is turned on, any new clusters that are created will\n\t\t\thave Container Insights turned on unless you disable it during cluster creation. For\n\t\t\tmore information, see CloudWatch\n\t\t\t\tContainer Insights in the Amazon Elastic Container Service Developer Guide.
Amazon ECS is introducing tagging authorization for resource creation. Users must have\n\t\t\tpermissions for actions that create the resource, such as ecsCreateCluster
.\n\t\t\tIf tags are specified when you create a resource, Amazon Web Services performs additional\n\t\t\tauthorization to verify if users or roles have permissions to create tags. Therefore,\n\t\t\tyou must grant explicit permissions to use the ecs:TagResource
action. For\n\t\t\tmore information, see Grant\n\t\t\t\tpermission to tag resources on creation in the Amazon ECS Developer\n\t\t\t\t\tGuide.
When Amazon Web Services determines that a security or infrastructure update is needed for an Amazon ECS\n\t\t\ttask hosted on Fargate, the tasks need to be stopped and new tasks launched to replace\n\t\t\tthem. Use fargateTaskRetirementWaitPeriod
to configure the wait time to\n\t\t\tretire a Fargate task. For information about the Fargate tasks maintenance, see Amazon Web Services Fargate task maintenance in the Amazon ECS Developer\n\t\t\t\t\tGuide.
The resource name for which to modify the account setting. If\n\t\t\t\tserviceLongArnFormat
is specified, the ARN for your Amazon ECS services is\n\t\t\taffected. If taskLongArnFormat
is specified, the ARN and resource ID for\n\t\t\tyour Amazon ECS tasks is affected. If containerInstanceLongArnFormat
is\n\t\t\tspecified, the ARN and resource ID for your Amazon ECS container instances is affected. If\n\t\t\t\tawsvpcTrunking
is specified, the ENI limit for your Amazon ECS container\n\t\t\tinstances is affected. If containerInsights
is specified, the default\n\t\t\tsetting for Amazon Web Services CloudWatch Container Insights for your clusters is affected. If\n\t\t\t\ttagResourceAuthorization
is specified, the opt-in option for tagging\n\t\t\tresources on creation is affected. For information about the opt-in timeline, see Tagging authorization timeline in the Amazon ECS Developer\n\t\t\t\tGuide.
When you specify fargateFIPSMode
for the name
and\n\t\t\tenabled
for the value
, Fargate uses FIPS-140 compliant\n\t\t\tcryptographic algorithms on your tasks. For more information about FIPS-140 compliance\n\t\t\twith Fargate, see Amazon Web Services Fargate Federal Information Processing Standard (FIPS) 140-2\n\t\t\t\tcompliance in the Amazon Elastic Container Service Developer Guide.
The resource name for which to modify the account setting. If you specify\n\t\t\t\tserviceLongArnFormat
, the ARN for your Amazon ECS services is affected. If\n\t\t\tyou specify taskLongArnFormat
, the ARN and resource ID for your Amazon ECS\n\t\t\ttasks is affected. If you specify containerInstanceLongArnFormat
, the ARN\n\t\t\tand resource ID for your Amazon ECS container instances is affected. If you specify\n\t\t\t\tawsvpcTrunking
, the ENI limit for your Amazon ECS container instances is\n\t\t\taffected. If you specify containerInsights
, the default setting for Amazon Web Services\n\t\t\tCloudWatch Container Insights for your clusters is affected. If you specify\n\t\t\t\ttagResourceAuthorization
, the opt-in option for tagging resources on\n\t\t\tcreation is affected. For information about the opt-in timeline, see Tagging authorization timeline in the Amazon ECS Developer\n\t\t\t\tGuide. If you specify fargateTaskRetirementWaitPeriod
, the\n\t\t\tdefault wait time to retire a Fargate task due to required maintenance is\n\t\t\taffected.
When you specify fargateFIPSMode
for the name
and\n\t\t\tenabled
for the value
, Fargate uses FIPS-140 compliant\n\t\t\tcryptographic algorithms on your tasks. For more information about FIPS-140 compliance\n\t\t\twith Fargate, see Amazon Web Services Fargate Federal Information Processing Standard (FIPS) 140-2\n\t\t\t\tcompliance in the Amazon Elastic Container Service Developer Guide.
When Amazon Web Services determines that a security or infrastructure update is needed for an Amazon ECS task\n\t\t\thosted on Fargate, the tasks need to be stopped and new tasks launched to replace\n\t\t\tthem. Use fargateTaskRetirementWaitPeriod
to set the wait time to retire a\n\t\t\tFargate task to the default. For information about the Fargate tasks maintenance,\n\t\t\tsee Amazon Web Services Fargate task\n\t\t\t\tmaintenance in the Amazon ECS Developer Guide.
The account setting value for the specified principal ARN. Accepted values are\n\t\t\t\tenabled
, disabled
, on
, and\n\t\t\toff
.
The account setting value for the specified principal ARN. Accepted values are\n\t\t\t\tenabled
, disabled
, on
, and\n\t\t\toff
.
When you specify fargateTaskRetirementWaitPeriod
for the\n\t\t\t\tname
, the following are the valid values:
\n 0
- immediately retire the tasks and patch Fargate
There is no advanced notification. Your tasks are retired immediately, and\n\t\t\t\t\tFargate is patched without any notification.
\n\n 7
-wait 7 calendar days to retire the tasks and patch Fargate\n\t\t\t\t
\n 14
- wait 14 calendar days to retire the tasks and patch\n\t\t\t\t\tFargate
The Amazon ECS resource name for which to modify the account setting. If\n\t\t\t\tserviceLongArnFormat
is specified, the ARN for your Amazon ECS services is\n\t\t\taffected. If taskLongArnFormat
is specified, the ARN and resource ID for\n\t\t\tyour Amazon ECS tasks is affected. If containerInstanceLongArnFormat
is\n\t\t\tspecified, the ARN and resource ID for your Amazon ECS container instances is affected. If\n\t\t\t\tawsvpcTrunking
is specified, the elastic network interface (ENI) limit\n\t\t\tfor your Amazon ECS container instances is affected. If containerInsights
is\n\t\t\tspecified, the default setting for Amazon Web Services CloudWatch Container Insights for your clusters is\n\t\t\taffected. If fargateFIPSMode
is specified, Fargate FIPS 140 compliance is\n\t\t\taffected. If tagResourceAuthorization
is specified, the opt-in option for\n\t\t\ttagging resources on creation is affected. For information about the opt-in timeline,\n\t\t\tsee Tagging authorization timeline in the Amazon ECS Developer\n\t\t\t\t\tGuide.
The Amazon ECS resource name for which to modify the account setting. If you specify\n\t\t\t\tserviceLongArnFormat
, the ARN for your Amazon ECS services is affected. If\n\t\t\tyou specify taskLongArnFormat
, the ARN and resource ID for your Amazon ECS\n\t\t\ttasks is affected. If you specify containerInstanceLongArnFormat
, the ARN\n\t\t\tand resource ID for your Amazon ECS container instances is affected. If you specify\n\t\t\t\tawsvpcTrunking
, the elastic network interface (ENI) limit for your\n\t\t\tAmazon ECS container instances is affected. If you specify containerInsights
,\n\t\t\tthe default setting for Amazon Web Services CloudWatch Container Insights for your clusters is affected. If\n\t\t\tyou specify fargateFIPSMode
, Fargate FIPS 140 compliance is affected. If\n\t\t\tyou specify tagResourceAuthorization
, the opt-in option for tagging\n\t\t\tresources on creation is affected. For information about the opt-in timeline, see Tagging authorization timeline in the Amazon ECS Developer\n\t\t\t\tGuide. If you specify fargateTaskRetirementWaitPeriod
, the\n\t\t\twait time to retire a Fargate task is affected.
The account setting value for the specified principal ARN. Accepted values are\n\t\t\t\tenabled
, disabled
, on
, and\n\t\t\toff
.
The account setting value for the specified principal ARN. Accepted values are\n\t\t\t\tenabled
, disabled
, on
, and\n\t\t\toff
.
When you specify fargateTaskRetirementWaitPeriod
for the name
, the\n\t\t\tfollowing are the valid values:
\n 0
- immediately retire the tasks and patch Fargate
There is no advanced notification. Your tasks are retired immediately, and Fargate\n\t\t\t\t\tis patched without any notification.
\n\n 7
-wait 7 calendar days to retire the tasks and patch Fargate
\n 14
- wait 14 calendar days to retire the tasks and patch Fargate
The ARN of the principal, which can be a user, role, or the root user. If\n\t\t\tyou specify the root user, it modifies the account setting for all users, roles,\n\t\t\tand the root user of the account unless a user or role explicitly overrides these\n\t\t\tsettings. If this field is omitted, the setting is changed only for the authenticated\n\t\t\tuser.
\nFederated users assume the account setting of the root user and can't have\n\t\t\t\texplicit account settings set for them.
\nThe ARN of the principal, which can be a user, role, or the root user. If\n\t\t\tyou specify the root user, it modifies the account setting for all users, roles,\n\t\t\tand the root user of the account unless a user or role explicitly overrides these\n\t\t\tsettings. If this field is omitted, the setting is changed only for the authenticated\n\t\t\tuser.
\nYou must use the root user when you set the Fargate wait time\n\t\t\t\t\t(fargateTaskRetirementWaitPeriod
).
Federated users assume the account setting of the root user and can't have\n\t\t\t\texplicit account settings set for them.
\nThe process namespace to use for the containers in the task. The valid\n values are host
or task
. If host
\n is specified, then all containers within the tasks that specified the\n host
PID mode on the same container instance share the\n same process namespace with the host Amazon EC2 instance. If task
is\n specified, all containers within the specified task share the same\n process namespace. If no value is specified, the default is a private\n namespace. For more information, see PID settings in the Docker run\n reference.
If the host
PID mode is used, be aware that there is a\n heightened risk of undesired process namespace expose. For more\n information, see Docker\n security.
This parameter is not supported for Windows containers or tasks run on Fargate.
\nThe process namespace to use for the containers in the task. The valid\n values are host
or task
. On Fargate for\n Linux containers, the only valid value is task
. For\n example, monitoring sidecars might need pidMode
to access\n information about other containers running in the same task.
If host
is specified, all containers within the tasks\n that specified the host
PID mode on the same container\n instance share the same process namespace with the host Amazon EC2\n instance.
If task
is specified, all containers within the specified\n task share the same process namespace.
If no value is specified, the\n default is a private namespace for each container. For more information,\n see PID settings in the Docker run\n reference.
\nIf the host
PID mode is used, there's a heightened risk\n of undesired process namespace exposure. For more information, see\n Docker security.
This parameter is not supported for Windows containers.
\nThis parameter is only supported for tasks that are hosted on\n Fargate if the tasks are using platform version 1.4.0
or later\n (Linux). This isn't supported for Windows containers on\n Fargate.
The value for the namespaced kernel parameter that's specified in\n\t\t\t\tnamespace
.
The namespaced kernel parameter to set a\n\t\t\tvalue
for.
Valid IPC namespace values: \"kernel.msgmax\" | \"kernel.msgmnb\" | \"kernel.msgmni\"\n\t\t\t| \"kernel.sem\" | \"kernel.shmall\" | \"kernel.shmmax\" |\n\t\t\t\"kernel.shmmni\" | \"kernel.shm_rmid_forced\"
, and\n\t\t\tSysctls
that start with\n\t\t\t\"fs.mqueue.*\"
\n
Valid network namespace values: Sysctls
that start with\n\t\t\t\"net.*\"
\n
All of these values are supported by Fargate.
" } } }, @@ -10933,7 +10939,7 @@ "pidMode": { "target": "com.amazonaws.ecs#PidMode", "traits": { - "smithy.api#documentation": "The process namespace to use for the containers in the task. The valid\n values are host
or task
. If host
\n is specified, then all containers within the tasks that specified the\n host
PID mode on the same container instance share the\n same process namespace with the host Amazon EC2 instance. If task
is\n specified, all containers within the specified task share the same\n process namespace. If no value is specified, the default is a private\n namespace. For more information, see PID settings in the Docker run\n reference.
If the host
PID mode is used, be aware that there is a\n heightened risk of undesired process namespace expose. For more\n information, see Docker\n security.
This parameter is not supported for Windows containers or tasks run on Fargate.
\nThe process namespace to use for the containers in the task. The valid\n values are host
or task
. On Fargate for\n Linux containers, the only valid value is task
. For\n example, monitoring sidecars might need pidMode
to access\n information about other containers running in the same task.
If host
is specified, all containers within the tasks\n that specified the host
PID mode on the same container\n instance share the same process namespace with the host Amazon EC2\n instance.
If task
is specified, all containers within the specified\n task share the same process namespace.
If no value is specified, the\n default is a private namespace for each container. For more information,\n see PID settings in the Docker run\n reference.
\nIf the host
PID mode is used, there's a heightened risk\n of undesired process namespace exposure. For more information, see\n Docker security.
This parameter is not supported for Windows containers.
\nThis parameter is only supported for tasks that are hosted on\n Fargate if the tasks are using platform version 1.4.0
or later\n (Linux). This isn't supported for Windows containers on\n Fargate.