[ aws . batch ]

register-job-definition

Description

Registers an Batch job definition.

See also: AWS API Documentation

Synopsis

  register-job-definition
--job-definition-name <value>
--type <value>
[--parameters <value>]
[--scheduling-priority <value>]
[--container-properties <value>]
[--node-properties <value>]
[--retry-strategy <value>]
[--propagate-tags | --no-propagate-tags]
[--timeout <value>]
[--tags <value>]
[--platform-capabilities <value>]
[--eks-properties <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]
[--no-cli-pager]
[--cli-auto-prompt]
[--no-cli-auto-prompt]

Options

--job-definition-name (string)

The name of the job definition to register. It can be up to 128 letters long. It can contain uppercase and lowercase letters, numbers, hyphens (-), and underscores (_).

--type (string)

The type of job definition. For more information about multi-node parallel jobs, see Creating a multi-node parallel job definition in the Batch User Guide .

Note

If the job is run on Fargate resources, then multinode isn’t supported.

Possible values:

  • container

  • multinode

--parameters (map)

Default parameter substitution placeholders to set in the job definition. Parameters are specified as a key-value pair mapping. Parameters in a SubmitJob request override any corresponding parameter defaults from the job definition.

key -> (string)

value -> (string)

Shorthand Syntax:

KeyName1=string,KeyName2=string

JSON Syntax:

{"string": "string"
  ...}

--scheduling-priority (integer)

The scheduling priority for jobs that are submitted with this job definition. This only affects jobs in job queues with a fair share policy. Jobs with a higher scheduling priority are scheduled before jobs with a lower scheduling priority.

The minimum supported value is 0 and the maximum supported value is 9999.

--container-properties (structure)

An object with various properties specific to Amazon ECS based single-node container-based jobs. If the job definition’s type parameter is container , then you must specify either containerProperties or nodeProperties . This must not be specified for Amazon EKS based job definitions.

Note

If the job runs on Fargate resources, then you must not specify nodeProperties ; use only containerProperties .

image -> (string)

The image used to start a container. This string is passed directly to the Docker daemon. Images in the Docker Hub registry are available by default. Other repositories are specified with `` repository-url /image :tag `` . It can be 255 characters long. It can contain uppercase and lowercase letters, numbers, hyphens (-), underscores (_), colons (:), periods (.), forward slashes (/), and number signs (#). This parameter maps to Image in the Create a container section of the Docker Remote API and the IMAGE parameter of docker run .

Note

Docker image architecture must match the processor architecture of the compute resources that they’re scheduled on. For example, ARM-based Docker images can only run on ARM-based compute resources.

  • Images in Amazon ECR Public repositories use the full registry/repository[:tag] or registry/repository[@digest] naming conventions. For example, ``public.ecr.aws/registry_alias /my-web-app :latest `` .

  • Images in Amazon ECR repositories use the full registry and repository URI (for example, 123456789012.dkr.ecr.<region-name>.amazonaws.com/<repository-name> ).

  • Images in official repositories on Docker Hub use a single name (for example, ubuntu or mongo ).

  • Images in other repositories on Docker Hub are qualified with an organization name (for example, amazon/amazon-ecs-agent ).

  • Images in other online repositories are qualified further by a domain name (for example, quay.io/assemblyline/ubuntu ).

vcpus -> (integer)

This parameter is deprecated, use resourceRequirements to specify the vCPU requirements for the job definition. It’s not supported for jobs running on Fargate resources. For jobs running on EC2 resources, it specifies the number of vCPUs reserved for the job.

Each vCPU is equivalent to 1,024 CPU shares. This parameter maps to CpuShares in the Create a container section of the Docker Remote API and the --cpu-shares option to docker run . The number of vCPUs must be specified but can be specified in several places. You must specify it at least once for each node.

memory -> (integer)

This parameter is deprecated, use resourceRequirements to specify the memory requirements for the job definition. It’s not supported for jobs running on Fargate resources. For jobs that run on EC2 resources, it specifies the memory hard limit (in MiB) for a container. If your container attempts to exceed the specified number, it’s terminated. You must specify at least 4 MiB of memory for a job using this parameter. The memory hard limit can be specified in several places. It must be specified for each node at least once.

command -> (list)

The command that’s passed to the container. This parameter maps to Cmd in the Create a container section of the Docker Remote API and the COMMAND parameter to docker run . For more information, see https://docs.docker.com/engine/reference/builder/#cmd .

(string)

jobRoleArn -> (string)

The Amazon Resource Name (ARN) of the IAM role that the container can assume for Amazon Web Services permissions. For more information, see IAM roles for tasks in the Amazon Elastic Container Service Developer Guide .

executionRoleArn -> (string)

The Amazon Resource Name (ARN) of the execution role that Batch can assume. For jobs that run on Fargate resources, you must provide an execution role. For more information, see Batch execution IAM role in the Batch User Guide .

volumes -> (list)

A list of data volumes used in a job.

(structure)

A data volume that’s used in a job’s container properties.

host -> (structure)

The contents of the host parameter determine whether your data volume persists on the host container instance and where it’s stored. If the host parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data isn’t guaranteed to persist after the containers that are associated with it stop running.

Note

This parameter isn’t applicable to jobs that are running on Fargate resources and shouldn’t be provided.

sourcePath -> (string)

The path on the host container instance that’s presented to the container. If this parameter is empty, then the Docker daemon has assigned a host path for you. If this parameter contains a file location, then the data volume persists at the specified location on the host container instance until you delete it manually. If the source path location doesn’t exist on the host container instance, the Docker daemon creates it. If the location does exist, the contents of the source path folder are exported.

Note

This parameter isn’t applicable to jobs that run on Fargate resources. Don’t provide this for these jobs.

name -> (string)

The name of the volume. It can be up to 255 characters long. It can contain uppercase and lowercase letters, numbers, hyphens (-), and underscores (_). This name is referenced in the sourceVolume parameter of container definition mountPoints .

efsVolumeConfiguration -> (structure)

This parameter is specified when you’re using an Amazon Elastic File System file system for job storage. Jobs that are running on Fargate resources must specify a platformVersion of at least 1.4.0 .

fileSystemId -> (string)

The Amazon EFS file system ID to use.

rootDirectory -> (string)

The directory within the Amazon EFS file system to mount as the root directory inside the host. If this parameter is omitted, the root of the Amazon EFS volume is used instead. Specifying / has the same effect as omitting this parameter. The maximum length is 4,096 characters.

Warning

If an EFS access point is specified in the authorizationConfig , the root directory parameter must either be omitted or set to / , which enforces the path set on the Amazon EFS access point.

transitEncryption -> (string)

Determines whether to enable encryption for Amazon EFS data in transit between the Amazon ECS host and the Amazon EFS server. Transit encryption must be enabled if Amazon EFS IAM authorization is used. If this parameter is omitted, the default value of DISABLED is used. For more information, see Encrypting data in transit in the Amazon Elastic File System User Guide .

transitEncryptionPort -> (integer)

The port to use when sending encrypted data between the Amazon ECS host and the Amazon EFS server. If you don’t specify a transit encryption port, it uses the port selection strategy that the Amazon EFS mount helper uses. The value must be between 0 and 65,535. For more information, see EFS mount helper in the Amazon Elastic File System User Guide .

authorizationConfig -> (structure)

The authorization configuration details for the Amazon EFS file system.

accessPointId -> (string)

The Amazon EFS access point ID to use. If an access point is specified, the root directory value specified in the EFSVolumeConfiguration must either be omitted or set to / which enforces the path set on the EFS access point. If an access point is used, transit encryption must be enabled in the EFSVolumeConfiguration . For more information, see Working with Amazon EFS access points in the Amazon Elastic File System User Guide .

iam -> (string)

Whether or not to use the Batch job IAM role defined in a job definition when mounting the Amazon EFS file system. If enabled, transit encryption must be enabled in the EFSVolumeConfiguration . If this parameter is omitted, the default value of DISABLED is used. For more information, see Using Amazon EFS access points in the Batch User Guide . EFS IAM authorization requires that TransitEncryption be ENABLED and that a JobRoleArn is specified.

environment -> (list)

The environment variables to pass to a container. This parameter maps to Env in the Create a container section of the Docker Remote API and the --env option to docker run .

Warning

We don’t recommend using plaintext environment variables for sensitive information, such as credential data.

Note

Environment variables cannot start with “AWS_BATCH “. This naming convention is reserved for variables that Batch sets.

(structure)

A key-value pair object.

name -> (string)

The name of the key-value pair. For environment variables, this is the name of the environment variable.

value -> (string)

The value of the key-value pair. For environment variables, this is the value of the environment variable.

mountPoints -> (list)

The mount points for data volumes in your container. This parameter maps to Volumes in the Create a container section of the Docker Remote API and the --volume option to docker run .

(structure)

Details for a Docker volume mount point that’s used in a job’s container properties. This parameter maps to Volumes in the Create a container section of the Docker Remote API and the --volume option to docker run.

containerPath -> (string)

The path on the container where the host volume is mounted.

readOnly -> (boolean)

If this value is true , the container has read-only access to the volume. Otherwise, the container can write to the volume. The default value is false .

sourceVolume -> (string)

The name of the volume to mount.

readonlyRootFilesystem -> (boolean)

When this parameter is true, the container is given read-only access to its root file system. This parameter maps to ReadonlyRootfs in the Create a container section of the Docker Remote API and the --read-only option to docker run .

privileged -> (boolean)

When this parameter is true, the container is given elevated permissions on the host container instance (similar to the root user). This parameter maps to Privileged in the Create a container section of the Docker Remote API and the --privileged option to docker run . The default value is false.

Note

This parameter isn’t applicable to jobs that are running on Fargate resources and shouldn’t be provided, or specified as false.

ulimits -> (list)

A list of ulimits to set in the container. This parameter maps to Ulimits in the Create a container section of the Docker Remote API and the --ulimit option to docker run .

Note

This parameter isn’t applicable to jobs that are running on Fargate resources and shouldn’t be provided.

(structure)

The ulimit settings to pass to the container.

Note

This object isn’t applicable to jobs that are running on Fargate resources.

hardLimit -> (integer)

The hard limit for the ulimit type.

name -> (string)

The type of the ulimit .

softLimit -> (integer)

The soft limit for the ulimit type.

user -> (string)

The user name to use inside the container. This parameter maps to User in the Create a container section of the Docker Remote API and the --user option to docker run .

instanceType -> (string)

The instance type to use for a multi-node parallel job. All node groups in a multi-node parallel job must use the same instance type.

Note

This parameter isn’t applicable to single-node container jobs or jobs that run on Fargate resources, and shouldn’t be provided.

resourceRequirements -> (list)

The type and amount of resources to assign to a container. The supported resources include GPU , MEMORY , and VCPU .

(structure)

The type and amount of a resource to assign to a container. The supported resources include GPU , MEMORY , and VCPU .

value -> (string)

The quantity of the specified resource to reserve for the container. The values vary based on the type specified.

type=”GPU”

The number of physical GPUs to reserve for the container. Make sure that the number of GPUs reserved for all containers in a job doesn’t exceed the number of available GPUs on the compute resource that the job is launched on.

Note

GPUs aren’t available for jobs that are running on Fargate resources.

type=”MEMORY”

The memory hard limit (in MiB) present to the container. This parameter is supported for jobs that are running on EC2 resources. If your container attempts to exceed the memory specified, the container is terminated. This parameter maps to Memory in the Create a container section of the Docker Remote API and the --memory option to docker run . You must specify at least 4 MiB of memory for a job. This is required but can be specified in several places for multi-node parallel (MNP) jobs. It must be specified for each node at least once. This parameter maps to Memory in the Create a container section of the Docker Remote API and the --memory option to docker run .

Note

If you’re trying to maximize your resource utilization by providing your jobs as much memory as possible for a particular instance type, see Memory management in the Batch User Guide .

For jobs that are running on Fargate resources, then value is the hard limit (in MiB), and must match one of the supported values and the VCPU values must be one of the values supported for that memory value.

value = 512

VCPU = 0.25

value = 1024

VCPU = 0.25 or 0.5

value = 2048

VCPU = 0.25, 0.5, or 1

value = 3072

VCPU = 0.5, or 1

value = 4096

VCPU = 0.5, 1, or 2

value = 5120, 6144, or 7168

VCPU = 1 or 2

value = 8192

VCPU = 1, 2, 4, or 8

value = 9216, 10240, 11264, 12288, 13312, 14336, or 15360

VCPU = 2 or 4

value = 16384

VCPU = 2, 4, or 8

value = 17408, 18432, 19456, 21504, 22528, 23552, 25600, 26624, 27648, 29696, or 30720

VCPU = 4

value = 20480, 24576, or 28672

VCPU = 4 or 8

value = 36864, 45056, 53248, or 61440

VCPU = 8

value = 32768, 40960, 49152, or 57344

VCPU = 8 or 16

value = 65536, 73728, 81920, 90112, 98304, 106496, 114688, or 122880

VCPU = 16

type=”VCPU”

The number of vCPUs reserved for the container. This parameter maps to CpuShares in the Create a container section of the Docker Remote API and the --cpu-shares option to docker run . Each vCPU is equivalent to 1,024 CPU shares. For EC2 resources, you must specify at least one vCPU. This is required but can be specified in several places; it must be specified for each node at least once.

The default for the Fargate On-Demand vCPU resource count quota is 6 vCPUs. For more information about Fargate quotas, see Fargate quotas in the Amazon Web Services General Reference .

For jobs that are running on Fargate resources, then value must match one of the supported values and the MEMORY values must be one of the values supported for that VCPU value. The supported values are 0.25, 0.5, 1, 2, 4, 8, and 16

value = 0.25

MEMORY = 512, 1024, or 2048

value = 0.5

MEMORY = 1024, 2048, 3072, or 4096

value = 1

MEMORY = 2048, 3072, 4096, 5120, 6144, 7168, or 8192

value = 2

MEMORY = 4096, 5120, 6144, 7168, 8192, 9216, 10240, 11264, 12288, 13312, 14336, 15360, or 16384

value = 4

MEMORY = 8192, 9216, 10240, 11264, 12288, 13312, 14336, 15360, 16384, 17408, 18432, 19456, 20480, 21504, 22528, 23552, 24576, 25600, 26624, 27648, 28672, 29696, or 30720

value = 8

MEMORY = 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, or 61440

value = 16

MEMORY = 32768, 40960, 49152, 57344, 65536, 73728, 81920, 90112, 98304, 106496, 114688, or 122880

type -> (string)

The type of resource to assign to a container. The supported resources include GPU , MEMORY , and VCPU .

linuxParameters -> (structure)

Linux-specific modifications that are applied to the container, such as details for device mappings.

devices -> (list)

Any of the host devices to expose to the container. This parameter maps to Devices in the Create a container section of the Docker Remote API and the --device option to docker run .

Note

This parameter isn’t applicable to jobs that are running on Fargate resources. Don’t provide it for these jobs.

(structure)

An object that represents a container instance host device.

Note

This object isn’t applicable to jobs that are running on Fargate resources and shouldn’t be provided.

hostPath -> (string)

The path for the device on the host container instance.

containerPath -> (string)

The path inside the container that’s used to expose the host device. By default, the hostPath value is used.

permissions -> (list)

The explicit permissions to provide to the container for the device. By default, the container has permissions for read , write , and mknod for the device.

(string)

initProcessEnabled -> (boolean)

If true, run an init process inside the container that forwards signals and reaps processes. This parameter maps to the --init option to docker run . This parameter requires version 1.25 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version | grep "Server API version"

sharedMemorySize -> (integer)

The value for the size (in MiB) of the /dev/shm volume. This parameter maps to the --shm-size option to docker run .

Note

This parameter isn’t applicable to jobs that are running on Fargate resources. Don’t provide it for these jobs.

tmpfs -> (list)

The container path, mount options, and size (in MiB) of the tmpfs mount. This parameter maps to the --tmpfs option to docker run .

Note

This parameter isn’t applicable to jobs that are running on Fargate resources. Don’t provide this parameter for this resource type.

(structure)

The container path, mount options, and size of the tmpfs mount.

Note

This object isn’t applicable to jobs that are running on Fargate resources.

containerPath -> (string)

The absolute file path in the container where the tmpfs volume is mounted.

size -> (integer)

The size (in MiB) of the tmpfs volume.

mountOptions -> (list)

The list of tmpfs volume mount options.

Valid values: “defaults “ | “ro “ | “rw “ | “suid “ | “nosuid “ | “dev “ | “nodev “ | “exec “ | “noexec “ | “sync “ | “async “ | “dirsync “ | “remount “ | “mand “ | “nomand “ | “atime “ | “noatime “ | “diratime “ | “nodiratime “ | “bind “ | “rbind" | "unbindable" | "runbindable" | "private" | "rprivate" | "shared" | "rshared" | "slave" | "rslave" | "relatime “ | “norelatime “ | “strictatime “ | “nostrictatime “ | “mode “ | “uid “ | “gid “ | “nr_inodes “ | “nr_blocks “ | “mpol

(string)

maxSwap -> (integer)

The total amount of swap memory (in MiB) a container can use. This parameter is translated to the --memory-swap option to docker run where the value is the sum of the container memory plus the maxSwap value. For more information, see ` --memory-swap details <https://docs.docker.com/config/containers/resource_constraints/#–memory-swap-details>`__ in the Docker documentation.

If a maxSwap value of 0 is specified, the container doesn’t use swap. Accepted values are 0 or any positive integer. If the maxSwap parameter is omitted, the container doesn’t use the swap configuration for the container instance that it’s running on. A maxSwap value must be set for the swappiness parameter to be used.

Note

This parameter isn’t applicable to jobs that are running on Fargate resources. Don’t provide it for these jobs.

swappiness -> (integer)

You can use this parameter to tune a container’s memory swappiness behavior. A swappiness value of 0 causes swapping to not occur unless absolutely necessary. A swappiness value of 100 causes pages to be swapped aggressively. Valid values are whole numbers between 0 and 100 . If the swappiness parameter isn’t specified, a default value of 60 is used. If a value isn’t specified for maxSwap , then this parameter is ignored. If maxSwap is set to 0, the container doesn’t use swap. This parameter maps to the --memory-swappiness option to docker run .

Consider the following when you use a per-container swap configuration.

  • Swap space must be enabled and allocated on the container instance for the containers to use.

Note

By default, the Amazon ECS optimized AMIs don’t have swap enabled. You must enable swap on the instance to use this feature. For more information, see Instance store swap volumes in the Amazon EC2 User Guide for Linux Instances or How do I allocate memory to work as swap space in an Amazon EC2 instance by using a swap file?

  • The swap space parameters are only supported for job definitions using EC2 resources.

  • If the maxSwap and swappiness parameters are omitted from a job definition, each container has a default swappiness value of 60. Moreover, the total swap usage is limited to two times the memory reservation of the container.

Note

This parameter isn’t applicable to jobs that are running on Fargate resources. Don’t provide it for these jobs.

logConfiguration -> (structure)

The log configuration specification for the container.

This parameter maps to LogConfig in the Create a container section of the Docker Remote API and the --log-driver option to docker run . By default, containers use the same logging driver that the Docker daemon uses. However the container might use a different logging driver than the Docker daemon by specifying a log driver with this parameter in the container definition. To use a different logging driver for a container, the log system must be configured properly on the container instance (or on a different log server for remote logging options). For more information on the options for different supported log drivers, see Configure logging drivers in the Docker documentation.

Note

Batch currently supports a subset of the logging drivers available to the Docker daemon (shown in the LogConfiguration data type).

This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version | grep "Server API version"

Note

The Amazon ECS container agent running on a container instance must register the logging drivers available on that instance with the ECS_AVAILABLE_LOGGING_DRIVERS environment variable before containers placed on that instance can use these log configuration options. For more information, see Amazon ECS container agent configuration in the Amazon Elastic Container Service Developer Guide .

logDriver -> (string)

The log driver to use for the container. The valid values that are listed for this parameter are log drivers that the Amazon ECS container agent can communicate with by default.

The supported log drivers are awslogs , fluentd , gelf , json-file , journald , logentries , syslog , and splunk .

Note

Jobs that are running on Fargate resources are restricted to the awslogs and splunk log drivers.

awslogs

Specifies the Amazon CloudWatch Logs logging driver. For more information, see Using the awslogs log driver in the Batch User Guide and Amazon CloudWatch Logs logging driver in the Docker documentation.

fluentd

Specifies the Fluentd logging driver. For more information including usage and options, see Fluentd logging driver in the Docker documentation .

gelf

Specifies the Graylog Extended Format (GELF) logging driver. For more information including usage and options, see Graylog Extended Format logging driver in the Docker documentation .

journald

Specifies the journald logging driver. For more information including usage and options, see Journald logging driver in the Docker documentation .

json-file

Specifies the JSON file logging driver. For more information including usage and options, see JSON File logging driver in the Docker documentation .

splunk

Specifies the Splunk logging driver. For more information including usage and options, see Splunk logging driver in the Docker documentation .

syslog

Specifies the syslog logging driver. For more information including usage and options, see Syslog logging driver in the Docker documentation .

Note

If you have a custom driver that’s not listed earlier that you want to work with the Amazon ECS container agent, you can fork the Amazon ECS container agent project that’s available on GitHub and customize it to work with that driver. We encourage you to submit pull requests for changes that you want to have included. However, Amazon Web Services doesn’t currently support running modified copies of this software.

This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version | grep "Server API version"

options -> (map)

The configuration options to send to the log driver. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version | grep "Server API version"

key -> (string)

value -> (string)

secretOptions -> (list)

The secrets to pass to the log configuration. For more information, see Specifying sensitive data in the Batch User Guide .

(structure)

An object that represents the secret to expose to your container. Secrets can be exposed to a container in the following ways:

  • To inject sensitive data into your containers as environment variables, use the secrets container definition parameter.

  • To reference sensitive information in the log configuration of a container, use the secretOptions container definition parameter.

For more information, see Specifying sensitive data in the Batch User Guide .

name -> (string)

The name of the secret.

valueFrom -> (string)

The secret to expose to the container. The supported values are either the full Amazon Resource Name (ARN) of the Secrets Manager secret or the full ARN of the parameter in the Amazon Web Services Systems Manager Parameter Store.

Note

If the Amazon Web Services Systems Manager Parameter Store parameter exists in the same Region as the job you’re launching, then you can use either the full Amazon Resource Name (ARN) or name of the parameter. If the parameter exists in a different Region, then the full ARN must be specified.

secrets -> (list)

The secrets for the container. For more information, see Specifying sensitive data in the Batch User Guide .

(structure)

An object that represents the secret to expose to your container. Secrets can be exposed to a container in the following ways:

  • To inject sensitive data into your containers as environment variables, use the secrets container definition parameter.

  • To reference sensitive information in the log configuration of a container, use the secretOptions container definition parameter.

For more information, see Specifying sensitive data in the Batch User Guide .

name -> (string)

The name of the secret.

valueFrom -> (string)

The secret to expose to the container. The supported values are either the full Amazon Resource Name (ARN) of the Secrets Manager secret or the full ARN of the parameter in the Amazon Web Services Systems Manager Parameter Store.

Note

If the Amazon Web Services Systems Manager Parameter Store parameter exists in the same Region as the job you’re launching, then you can use either the full Amazon Resource Name (ARN) or name of the parameter. If the parameter exists in a different Region, then the full ARN must be specified.

networkConfiguration -> (structure)

The network configuration for jobs that are running on Fargate resources. Jobs that are running on EC2 resources must not specify this parameter.

assignPublicIp -> (string)

Indicates whether the job has a public IP address. For a job that’s running on Fargate resources in a private subnet to send outbound traffic to the internet (for example, to pull container images), the private subnet requires a NAT gateway be attached to route requests to the internet. For more information, see Amazon ECS task networking in the Amazon Elastic Container Service Developer Guide . The default value is “DISABLED “.

fargatePlatformConfiguration -> (structure)

The platform configuration for jobs that are running on Fargate resources. Jobs that are running on EC2 resources must not specify this parameter.

platformVersion -> (string)

The Fargate platform version where the jobs are running. A platform version is specified only for jobs that are running on Fargate resources. If one isn’t specified, the LATEST platform version is used by default. This uses a recent, approved version of the Fargate platform for compute resources. For more information, see Fargate platform versions in the Amazon Elastic Container Service Developer Guide .

JSON Syntax:

{
  "image": "string",
  "vcpus": integer,
  "memory": integer,
  "command": ["string", ...],
  "jobRoleArn": "string",
  "executionRoleArn": "string",
  "volumes": [
    {
      "host": {
        "sourcePath": "string"
      },
      "name": "string",
      "efsVolumeConfiguration": {
        "fileSystemId": "string",
        "rootDirectory": "string",
        "transitEncryption": "ENABLED"|"DISABLED",
        "transitEncryptionPort": integer,
        "authorizationConfig": {
          "accessPointId": "string",
          "iam": "ENABLED"|"DISABLED"
        }
      }
    }
    ...
  ],
  "environment": [
    {
      "name": "string",
      "value": "string"
    }
    ...
  ],
  "mountPoints": [
    {
      "containerPath": "string",
      "readOnly": true|false,
      "sourceVolume": "string"
    }
    ...
  ],
  "readonlyRootFilesystem": true|false,
  "privileged": true|false,
  "ulimits": [
    {
      "hardLimit": integer,
      "name": "string",
      "softLimit": integer
    }
    ...
  ],
  "user": "string",
  "instanceType": "string",
  "resourceRequirements": [
    {
      "value": "string",
      "type": "GPU"|"VCPU"|"MEMORY"
    }
    ...
  ],
  "linuxParameters": {
    "devices": [
      {
        "hostPath": "string",
        "containerPath": "string",
        "permissions": ["READ"|"WRITE"|"MKNOD", ...]
      }
      ...
    ],
    "initProcessEnabled": true|false,
    "sharedMemorySize": integer,
    "tmpfs": [
      {
        "containerPath": "string",
        "size": integer,
        "mountOptions": ["string", ...]
      }
      ...
    ],
    "maxSwap": integer,
    "swappiness": integer
  },
  "logConfiguration": {
    "logDriver": "json-file"|"syslog"|"journald"|"gelf"|"fluentd"|"awslogs"|"splunk",
    "options": {"string": "string"
      ...},
    "secretOptions": [
      {
        "name": "string",
        "valueFrom": "string"
      }
      ...
    ]
  },
  "secrets": [
    {
      "name": "string",
      "valueFrom": "string"
    }
    ...
  ],
  "networkConfiguration": {
    "assignPublicIp": "ENABLED"|"DISABLED"
  },
  "fargatePlatformConfiguration": {
    "platformVersion": "string"
  }
}

--node-properties (structure)

An object with various properties specific to multi-node parallel jobs. If you specify node properties for a job, it becomes a multi-node parallel job. For more information, see Multi-node Parallel Jobs in the Batch User Guide . If the job definition’s type parameter is container , then you must specify either containerProperties or nodeProperties .

Note

If the job runs on Fargate resources, then you must not specify nodeProperties ; use containerProperties instead.

Note

If the job runs on Amazon EKS resources, then you must not specify nodeProperties .

numNodes -> (integer)

The number of nodes that are associated with a multi-node parallel job.

mainNode -> (integer)

Specifies the node index for the main node of a multi-node parallel job. This node index value must be fewer than the number of nodes.

nodeRangeProperties -> (list)

A list of node ranges and their properties that are associated with a multi-node parallel job.

(structure)

An object that represents the properties of the node range for a multi-node parallel job.

targetNodes -> (string)

The range of nodes, using node index values. A range of 0:3 indicates nodes with index values of 0 through 3 . If the starting range value is omitted (:n ), then 0 is used to start the range. If the ending range value is omitted (n: ), then the highest possible node index is used to end the range. Your accumulative node ranges must account for all nodes (0:n ). You can nest node ranges (for example, 0:10 and 4:5 ). In this case, the 4:5 range properties override the 0:10 properties.

container -> (structure)

The container details for the node range.

image -> (string)

The image used to start a container. This string is passed directly to the Docker daemon. Images in the Docker Hub registry are available by default. Other repositories are specified with `` repository-url /image :tag `` . It can be 255 characters long. It can contain uppercase and lowercase letters, numbers, hyphens (-), underscores (_), colons (:), periods (.), forward slashes (/), and number signs (#). This parameter maps to Image in the Create a container section of the Docker Remote API and the IMAGE parameter of docker run .

Note

Docker image architecture must match the processor architecture of the compute resources that they’re scheduled on. For example, ARM-based Docker images can only run on ARM-based compute resources.

  • Images in Amazon ECR Public repositories use the full registry/repository[:tag] or registry/repository[@digest] naming conventions. For example, ``public.ecr.aws/registry_alias /my-web-app :latest `` .

  • Images in Amazon ECR repositories use the full registry and repository URI (for example, 123456789012.dkr.ecr.<region-name>.amazonaws.com/<repository-name> ).

  • Images in official repositories on Docker Hub use a single name (for example, ubuntu or mongo ).

  • Images in other repositories on Docker Hub are qualified with an organization name (for example, amazon/amazon-ecs-agent ).

  • Images in other online repositories are qualified further by a domain name (for example, quay.io/assemblyline/ubuntu ).

vcpus -> (integer)

This parameter is deprecated, use resourceRequirements to specify the vCPU requirements for the job definition. It’s not supported for jobs running on Fargate resources. For jobs running on EC2 resources, it specifies the number of vCPUs reserved for the job.

Each vCPU is equivalent to 1,024 CPU shares. This parameter maps to CpuShares in the Create a container section of the Docker Remote API and the --cpu-shares option to docker run . The number of vCPUs must be specified but can be specified in several places. You must specify it at least once for each node.

memory -> (integer)

This parameter is deprecated, use resourceRequirements to specify the memory requirements for the job definition. It’s not supported for jobs running on Fargate resources. For jobs that run on EC2 resources, it specifies the memory hard limit (in MiB) for a container. If your container attempts to exceed the specified number, it’s terminated. You must specify at least 4 MiB of memory for a job using this parameter. The memory hard limit can be specified in several places. It must be specified for each node at least once.

command -> (list)

The command that’s passed to the container. This parameter maps to Cmd in the Create a container section of the Docker Remote API and the COMMAND parameter to docker run . For more information, see https://docs.docker.com/engine/reference/builder/#cmd .

(string)

jobRoleArn -> (string)

The Amazon Resource Name (ARN) of the IAM role that the container can assume for Amazon Web Services permissions. For more information, see IAM roles for tasks in the Amazon Elastic Container Service Developer Guide .

executionRoleArn -> (string)

The Amazon Resource Name (ARN) of the execution role that Batch can assume. For jobs that run on Fargate resources, you must provide an execution role. For more information, see Batch execution IAM role in the Batch User Guide .

volumes -> (list)

A list of data volumes used in a job.

(structure)

A data volume that’s used in a job’s container properties.

host -> (structure)

The contents of the host parameter determine whether your data volume persists on the host container instance and where it’s stored. If the host parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data isn’t guaranteed to persist after the containers that are associated with it stop running.

Note

This parameter isn’t applicable to jobs that are running on Fargate resources and shouldn’t be provided.

sourcePath -> (string)

The path on the host container instance that’s presented to the container. If this parameter is empty, then the Docker daemon has assigned a host path for you. If this parameter contains a file location, then the data volume persists at the specified location on the host container instance until you delete it manually. If the source path location doesn’t exist on the host container instance, the Docker daemon creates it. If the location does exist, the contents of the source path folder are exported.

Note

This parameter isn’t applicable to jobs that run on Fargate resources. Don’t provide this for these jobs.

name -> (string)

The name of the volume. It can be up to 255 characters long. It can contain uppercase and lowercase letters, numbers, hyphens (-), and underscores (_). This name is referenced in the sourceVolume parameter of container definition mountPoints .

efsVolumeConfiguration -> (structure)

This parameter is specified when you’re using an Amazon Elastic File System file system for job storage. Jobs that are running on Fargate resources must specify a platformVersion of at least 1.4.0 .

fileSystemId -> (string)

The Amazon EFS file system ID to use.

rootDirectory -> (string)

The directory within the Amazon EFS file system to mount as the root directory inside the host. If this parameter is omitted, the root of the Amazon EFS volume is used instead. Specifying / has the same effect as omitting this parameter. The maximum length is 4,096 characters.

Warning

If an EFS access point is specified in the authorizationConfig , the root directory parameter must either be omitted or set to / , which enforces the path set on the Amazon EFS access point.

transitEncryption -> (string)

Determines whether to enable encryption for Amazon EFS data in transit between the Amazon ECS host and the Amazon EFS server. Transit encryption must be enabled if Amazon EFS IAM authorization is used. If this parameter is omitted, the default value of DISABLED is used. For more information, see Encrypting data in transit in the Amazon Elastic File System User Guide .

transitEncryptionPort -> (integer)

The port to use when sending encrypted data between the Amazon ECS host and the Amazon EFS server. If you don’t specify a transit encryption port, it uses the port selection strategy that the Amazon EFS mount helper uses. The value must be between 0 and 65,535. For more information, see EFS mount helper in the Amazon Elastic File System User Guide .

authorizationConfig -> (structure)

The authorization configuration details for the Amazon EFS file system.

accessPointId -> (string)

The Amazon EFS access point ID to use. If an access point is specified, the root directory value specified in the EFSVolumeConfiguration must either be omitted or set to / which enforces the path set on the EFS access point. If an access point is used, transit encryption must be enabled in the EFSVolumeConfiguration . For more information, see Working with Amazon EFS access points in the Amazon Elastic File System User Guide .

iam -> (string)

Whether or not to use the Batch job IAM role defined in a job definition when mounting the Amazon EFS file system. If enabled, transit encryption must be enabled in the EFSVolumeConfiguration . If this parameter is omitted, the default value of DISABLED is used. For more information, see Using Amazon EFS access points in the Batch User Guide . EFS IAM authorization requires that TransitEncryption be ENABLED and that a JobRoleArn is specified.

environment -> (list)

The environment variables to pass to a container. This parameter maps to Env in the Create a container section of the Docker Remote API and the --env option to docker run .

Warning

We don’t recommend using plaintext environment variables for sensitive information, such as credential data.

Note

Environment variables cannot start with “AWS_BATCH “. This naming convention is reserved for variables that Batch sets.

(structure)

A key-value pair object.

name -> (string)

The name of the key-value pair. For environment variables, this is the name of the environment variable.

value -> (string)

The value of the key-value pair. For environment variables, this is the value of the environment variable.

mountPoints -> (list)

The mount points for data volumes in your container. This parameter maps to Volumes in the Create a container section of the Docker Remote API and the --volume option to docker run .

(structure)

Details for a Docker volume mount point that’s used in a job’s container properties. This parameter maps to Volumes in the Create a container section of the Docker Remote API and the --volume option to docker run.

containerPath -> (string)

The path on the container where the host volume is mounted.

readOnly -> (boolean)

If this value is true , the container has read-only access to the volume. Otherwise, the container can write to the volume. The default value is false .

sourceVolume -> (string)

The name of the volume to mount.

readonlyRootFilesystem -> (boolean)

When this parameter is true, the container is given read-only access to its root file system. This parameter maps to ReadonlyRootfs in the Create a container section of the Docker Remote API and the --read-only option to docker run .

privileged -> (boolean)

When this parameter is true, the container is given elevated permissions on the host container instance (similar to the root user). This parameter maps to Privileged in the Create a container section of the Docker Remote API and the --privileged option to docker run . The default value is false.

Note

This parameter isn’t applicable to jobs that are running on Fargate resources and shouldn’t be provided, or specified as false.

ulimits -> (list)

A list of ulimits to set in the container. This parameter maps to Ulimits in the Create a container section of the Docker Remote API and the --ulimit option to docker run .

Note

This parameter isn’t applicable to jobs that are running on Fargate resources and shouldn’t be provided.

(structure)

The ulimit settings to pass to the container.

Note

This object isn’t applicable to jobs that are running on Fargate resources.

hardLimit -> (integer)

The hard limit for the ulimit type.

name -> (string)

The type of the ulimit .

softLimit -> (integer)

The soft limit for the ulimit type.

user -> (string)

The user name to use inside the container. This parameter maps to User in the Create a container section of the Docker Remote API and the --user option to docker run .

instanceType -> (string)

The instance type to use for a multi-node parallel job. All node groups in a multi-node parallel job must use the same instance type.

Note

This parameter isn’t applicable to single-node container jobs or jobs that run on Fargate resources, and shouldn’t be provided.

resourceRequirements -> (list)

The type and amount of resources to assign to a container. The supported resources include GPU , MEMORY , and VCPU .

(structure)

The type and amount of a resource to assign to a container. The supported resources include GPU , MEMORY , and VCPU .

value -> (string)

The quantity of the specified resource to reserve for the container. The values vary based on the type specified.

type=”GPU”

The number of physical GPUs to reserve for the container. Make sure that the number of GPUs reserved for all containers in a job doesn’t exceed the number of available GPUs on the compute resource that the job is launched on.

Note

GPUs aren’t available for jobs that are running on Fargate resources.

type=”MEMORY”

The memory hard limit (in MiB) present to the container. This parameter is supported for jobs that are running on EC2 resources. If your container attempts to exceed the memory specified, the container is terminated. This parameter maps to Memory in the Create a container section of the Docker Remote API and the --memory option to docker run . You must specify at least 4 MiB of memory for a job. This is required but can be specified in several places for multi-node parallel (MNP) jobs. It must be specified for each node at least once. This parameter maps to Memory in the Create a container section of the Docker Remote API and the --memory option to docker run .

Note

If you’re trying to maximize your resource utilization by providing your jobs as much memory as possible for a particular instance type, see Memory management in the Batch User Guide .

For jobs that are running on Fargate resources, then value is the hard limit (in MiB), and must match one of the supported values and the VCPU values must be one of the values supported for that memory value.

value = 512

VCPU = 0.25

value = 1024

VCPU = 0.25 or 0.5

value = 2048

VCPU = 0.25, 0.5, or 1

value = 3072

VCPU = 0.5, or 1

value = 4096

VCPU = 0.5, 1, or 2

value = 5120, 6144, or 7168

VCPU = 1 or 2

value = 8192

VCPU = 1, 2, 4, or 8

value = 9216, 10240, 11264, 12288, 13312, 14336, or 15360

VCPU = 2 or 4

value = 16384

VCPU = 2, 4, or 8

value = 17408, 18432, 19456, 21504, 22528, 23552, 25600, 26624, 27648, 29696, or 30720

VCPU = 4

value = 20480, 24576, or 28672

VCPU = 4 or 8

value = 36864, 45056, 53248, or 61440

VCPU = 8

value = 32768, 40960, 49152, or 57344

VCPU = 8 or 16

value = 65536, 73728, 81920, 90112, 98304, 106496, 114688, or 122880

VCPU = 16

type=”VCPU”

The number of vCPUs reserved for the container. This parameter maps to CpuShares in the Create a container section of the Docker Remote API and the --cpu-shares option to docker run . Each vCPU is equivalent to 1,024 CPU shares. For EC2 resources, you must specify at least one vCPU. This is required but can be specified in several places; it must be specified for each node at least once.

The default for the Fargate On-Demand vCPU resource count quota is 6 vCPUs. For more information about Fargate quotas, see Fargate quotas in the Amazon Web Services General Reference .

For jobs that are running on Fargate resources, then value must match one of the supported values and the MEMORY values must be one of the values supported for that VCPU value. The supported values are 0.25, 0.5, 1, 2, 4, 8, and 16

value = 0.25

MEMORY = 512, 1024, or 2048

value = 0.5

MEMORY = 1024, 2048, 3072, or 4096

value = 1

MEMORY = 2048, 3072, 4096, 5120, 6144, 7168, or 8192

value = 2

MEMORY = 4096, 5120, 6144, 7168, 8192, 9216, 10240, 11264, 12288, 13312, 14336, 15360, or 16384

value = 4

MEMORY = 8192, 9216, 10240, 11264, 12288, 13312, 14336, 15360, 16384, 17408, 18432, 19456, 20480, 21504, 22528, 23552, 24576, 25600, 26624, 27648, 28672, 29696, or 30720

value = 8

MEMORY = 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, or 61440

value = 16

MEMORY = 32768, 40960, 49152, 57344, 65536, 73728, 81920, 90112, 98304, 106496, 114688, or 122880

type -> (string)

The type of resource to assign to a container. The supported resources include GPU , MEMORY , and VCPU .

linuxParameters -> (structure)

Linux-specific modifications that are applied to the container, such as details for device mappings.

devices -> (list)

Any of the host devices to expose to the container. This parameter maps to Devices in the Create a container section of the Docker Remote API and the --device option to docker run .

Note

This parameter isn’t applicable to jobs that are running on Fargate resources. Don’t provide it for these jobs.

(structure)

An object that represents a container instance host device.

Note

This object isn’t applicable to jobs that are running on Fargate resources and shouldn’t be provided.

hostPath -> (string)

The path for the device on the host container instance.

containerPath -> (string)

The path inside the container that’s used to expose the host device. By default, the hostPath value is used.

permissions -> (list)

The explicit permissions to provide to the container for the device. By default, the container has permissions for read , write , and mknod for the device.

(string)

initProcessEnabled -> (boolean)

If true, run an init process inside the container that forwards signals and reaps processes. This parameter maps to the --init option to docker run . This parameter requires version 1.25 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version | grep "Server API version"

sharedMemorySize -> (integer)

The value for the size (in MiB) of the /dev/shm volume. This parameter maps to the --shm-size option to docker run .

Note

This parameter isn’t applicable to jobs that are running on Fargate resources. Don’t provide it for these jobs.

tmpfs -> (list)

The container path, mount options, and size (in MiB) of the tmpfs mount. This parameter maps to the --tmpfs option to docker run .

Note

This parameter isn’t applicable to jobs that are running on Fargate resources. Don’t provide this parameter for this resource type.

(structure)

The container path, mount options, and size of the tmpfs mount.

Note

This object isn’t applicable to jobs that are running on Fargate resources.

containerPath -> (string)

The absolute file path in the container where the tmpfs volume is mounted.

size -> (integer)

The size (in MiB) of the tmpfs volume.

mountOptions -> (list)

The list of tmpfs volume mount options.

Valid values: “defaults “ | “ro “ | “rw “ | “suid “ | “nosuid “ | “dev “ | “nodev “ | “exec “ | “noexec “ | “sync “ | “async “ | “dirsync “ | “remount “ | “mand “ | “nomand “ | “atime “ | “noatime “ | “diratime “ | “nodiratime “ | “bind “ | “rbind" | "unbindable" | "runbindable" | "private" | "rprivate" | "shared" | "rshared" | "slave" | "rslave" | "relatime “ | “norelatime “ | “strictatime “ | “nostrictatime “ | “mode “ | “uid “ | “gid “ | “nr_inodes “ | “nr_blocks “ | “mpol

(string)

maxSwap -> (integer)

The total amount of swap memory (in MiB) a container can use. This parameter is translated to the --memory-swap option to docker run where the value is the sum of the container memory plus the maxSwap value. For more information, see ` --memory-swap details <https://docs.docker.com/config/containers/resource_constraints/#–memory-swap-details>`__ in the Docker documentation.

If a maxSwap value of 0 is specified, the container doesn’t use swap. Accepted values are 0 or any positive integer. If the maxSwap parameter is omitted, the container doesn’t use the swap configuration for the container instance that it’s running on. A maxSwap value must be set for the swappiness parameter to be used.

Note

This parameter isn’t applicable to jobs that are running on Fargate resources. Don’t provide it for these jobs.

swappiness -> (integer)

You can use this parameter to tune a container’s memory swappiness behavior. A swappiness value of 0 causes swapping to not occur unless absolutely necessary. A swappiness value of 100 causes pages to be swapped aggressively. Valid values are whole numbers between 0 and 100 . If the swappiness parameter isn’t specified, a default value of 60 is used. If a value isn’t specified for maxSwap , then this parameter is ignored. If maxSwap is set to 0, the container doesn’t use swap. This parameter maps to the --memory-swappiness option to docker run .

Consider the following when you use a per-container swap configuration.

  • Swap space must be enabled and allocated on the container instance for the containers to use.

Note

By default, the Amazon ECS optimized AMIs don’t have swap enabled. You must enable swap on the instance to use this feature. For more information, see Instance store swap volumes in the Amazon EC2 User Guide for Linux Instances or How do I allocate memory to work as swap space in an Amazon EC2 instance by using a swap file?

  • The swap space parameters are only supported for job definitions using EC2 resources.

  • If the maxSwap and swappiness parameters are omitted from a job definition, each container has a default swappiness value of 60. Moreover, the total swap usage is limited to two times the memory reservation of the container.

Note

This parameter isn’t applicable to jobs that are running on Fargate resources. Don’t provide it for these jobs.

logConfiguration -> (structure)

The log configuration specification for the container.

This parameter maps to LogConfig in the Create a container section of the Docker Remote API and the --log-driver option to docker run . By default, containers use the same logging driver that the Docker daemon uses. However the container might use a different logging driver than the Docker daemon by specifying a log driver with this parameter in the container definition. To use a different logging driver for a container, the log system must be configured properly on the container instance (or on a different log server for remote logging options). For more information on the options for different supported log drivers, see Configure logging drivers in the Docker documentation.

Note

Batch currently supports a subset of the logging drivers available to the Docker daemon (shown in the LogConfiguration data type).

This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version | grep "Server API version"

Note

The Amazon ECS container agent running on a container instance must register the logging drivers available on that instance with the ECS_AVAILABLE_LOGGING_DRIVERS environment variable before containers placed on that instance can use these log configuration options. For more information, see Amazon ECS container agent configuration in the Amazon Elastic Container Service Developer Guide .

logDriver -> (string)

The log driver to use for the container. The valid values that are listed for this parameter are log drivers that the Amazon ECS container agent can communicate with by default.

The supported log drivers are awslogs , fluentd , gelf , json-file , journald , logentries , syslog , and splunk .

Note

Jobs that are running on Fargate resources are restricted to the awslogs and splunk log drivers.

awslogs

Specifies the Amazon CloudWatch Logs logging driver. For more information, see Using the awslogs log driver in the Batch User Guide and Amazon CloudWatch Logs logging driver in the Docker documentation.

fluentd

Specifies the Fluentd logging driver. For more information including usage and options, see Fluentd logging driver in the Docker documentation .

gelf

Specifies the Graylog Extended Format (GELF) logging driver. For more information including usage and options, see Graylog Extended Format logging driver in the Docker documentation .

journald

Specifies the journald logging driver. For more information including usage and options, see Journald logging driver in the Docker documentation .

json-file

Specifies the JSON file logging driver. For more information including usage and options, see JSON File logging driver in the Docker documentation .

splunk

Specifies the Splunk logging driver. For more information including usage and options, see Splunk logging driver in the Docker documentation .

syslog

Specifies the syslog logging driver. For more information including usage and options, see Syslog logging driver in the Docker documentation .

Note

If you have a custom driver that’s not listed earlier that you want to work with the Amazon ECS container agent, you can fork the Amazon ECS container agent project that’s available on GitHub and customize it to work with that driver. We encourage you to submit pull requests for changes that you want to have included. However, Amazon Web Services doesn’t currently support running modified copies of this software.

This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version | grep "Server API version"

options -> (map)

The configuration options to send to the log driver. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version | grep "Server API version"

key -> (string)

value -> (string)

secretOptions -> (list)

The secrets to pass to the log configuration. For more information, see Specifying sensitive data in the Batch User Guide .

(structure)

An object that represents the secret to expose to your container. Secrets can be exposed to a container in the following ways:

  • To inject sensitive data into your containers as environment variables, use the secrets container definition parameter.

  • To reference sensitive information in the log configuration of a container, use the secretOptions container definition parameter.

For more information, see Specifying sensitive data in the Batch User Guide .

name -> (string)

The name of the secret.

valueFrom -> (string)

The secret to expose to the container. The supported values are either the full Amazon Resource Name (ARN) of the Secrets Manager secret or the full ARN of the parameter in the Amazon Web Services Systems Manager Parameter Store.

Note

If the Amazon Web Services Systems Manager Parameter Store parameter exists in the same Region as the job you’re launching, then you can use either the full Amazon Resource Name (ARN) or name of the parameter. If the parameter exists in a different Region, then the full ARN must be specified.

secrets -> (list)

The secrets for the container. For more information, see Specifying sensitive data in the Batch User Guide .

(structure)

An object that represents the secret to expose to your container. Secrets can be exposed to a container in the following ways:

  • To inject sensitive data into your containers as environment variables, use the secrets container definition parameter.

  • To reference sensitive information in the log configuration of a container, use the secretOptions container definition parameter.

For more information, see Specifying sensitive data in the Batch User Guide .

name -> (string)

The name of the secret.

valueFrom -> (string)

The secret to expose to the container. The supported values are either the full Amazon Resource Name (ARN) of the Secrets Manager secret or the full ARN of the parameter in the Amazon Web Services Systems Manager Parameter Store.

Note

If the Amazon Web Services Systems Manager Parameter Store parameter exists in the same Region as the job you’re launching, then you can use either the full Amazon Resource Name (ARN) or name of the parameter. If the parameter exists in a different Region, then the full ARN must be specified.

networkConfiguration -> (structure)

The network configuration for jobs that are running on Fargate resources. Jobs that are running on EC2 resources must not specify this parameter.

assignPublicIp -> (string)

Indicates whether the job has a public IP address. For a job that’s running on Fargate resources in a private subnet to send outbound traffic to the internet (for example, to pull container images), the private subnet requires a NAT gateway be attached to route requests to the internet. For more information, see Amazon ECS task networking in the Amazon Elastic Container Service Developer Guide . The default value is “DISABLED “.

fargatePlatformConfiguration -> (structure)

The platform configuration for jobs that are running on Fargate resources. Jobs that are running on EC2 resources must not specify this parameter.

platformVersion -> (string)

The Fargate platform version where the jobs are running. A platform version is specified only for jobs that are running on Fargate resources. If one isn’t specified, the LATEST platform version is used by default. This uses a recent, approved version of the Fargate platform for compute resources. For more information, see Fargate platform versions in the Amazon Elastic Container Service Developer Guide .

JSON Syntax:

{
  "numNodes": integer,
  "mainNode": integer,
  "nodeRangeProperties": [
    {
      "targetNodes": "string",
      "container": {
        "image": "string",
        "vcpus": integer,
        "memory": integer,
        "command": ["string", ...],
        "jobRoleArn": "string",
        "executionRoleArn": "string",
        "volumes": [
          {
            "host": {
              "sourcePath": "string"
            },
            "name": "string",
            "efsVolumeConfiguration": {
              "fileSystemId": "string",
              "rootDirectory": "string",
              "transitEncryption": "ENABLED"|"DISABLED",
              "transitEncryptionPort": integer,
              "authorizationConfig": {
                "accessPointId": "string",
                "iam": "ENABLED"|"DISABLED"
              }
            }
          }
          ...
        ],
        "environment": [
          {
            "name": "string",
            "value": "string"
          }
          ...
        ],
        "mountPoints": [
          {
            "containerPath": "string",
            "readOnly": true|false,
            "sourceVolume": "string"
          }
          ...
        ],
        "readonlyRootFilesystem": true|false,
        "privileged": true|false,
        "ulimits": [
          {
            "hardLimit": integer,
            "name": "string",
            "softLimit": integer
          }
          ...
        ],
        "user": "string",
        "instanceType": "string",
        "resourceRequirements": [
          {
            "value": "string",
            "type": "GPU"|"VCPU"|"MEMORY"
          }
          ...
        ],
        "linuxParameters": {
          "devices": [
            {
              "hostPath": "string",
              "containerPath": "string",
              "permissions": ["READ"|"WRITE"|"MKNOD", ...]
            }
            ...
          ],
          "initProcessEnabled": true|false,
          "sharedMemorySize": integer,
          "tmpfs": [
            {
              "containerPath": "string",
              "size": integer,
              "mountOptions": ["string", ...]
            }
            ...
          ],
          "maxSwap": integer,
          "swappiness": integer
        },
        "logConfiguration": {
          "logDriver": "json-file"|"syslog"|"journald"|"gelf"|"fluentd"|"awslogs"|"splunk",
          "options": {"string": "string"
            ...},
          "secretOptions": [
            {
              "name": "string",
              "valueFrom": "string"
            }
            ...
          ]
        },
        "secrets": [
          {
            "name": "string",
            "valueFrom": "string"
          }
          ...
        ],
        "networkConfiguration": {
          "assignPublicIp": "ENABLED"|"DISABLED"
        },
        "fargatePlatformConfiguration": {
          "platformVersion": "string"
        }
      }
    }
    ...
  ]
}

--retry-strategy (structure)

The retry strategy to use for failed jobs that are submitted with this job definition. Any retry strategy that’s specified during a SubmitJob operation overrides the retry strategy defined here. If a job is terminated due to a timeout, it isn’t retried.

attempts -> (integer)

The number of times to move a job to the RUNNABLE status. You can specify between 1 and 10 attempts. If the value of attempts is greater than one, the job is retried on failure the same number of attempts as the value.

evaluateOnExit -> (list)

Array of up to 5 objects that specify the conditions where jobs are retried or failed. If this parameter is specified, then the attempts parameter must also be specified. If none of the listed conditions match, then the job is retried.

(structure)

Specifies an array of up to 5 conditions to be met, and an action to take (RETRY or EXIT ) if all conditions are met. If none of the EvaluateOnExit conditions in a RetryStrategy match, then the job is retried.

onStatusReason -> (string)

Contains a glob pattern to match against the StatusReason returned for a job. The pattern can contain up to 512 characters. It can contain letters, numbers, periods (.), colons (:), and white spaces (including spaces or tabs). It can optionally end with an asterisk (*) so that only the start of the string needs to be an exact match.

onReason -> (string)

Contains a glob pattern to match against the Reason returned for a job. The pattern can contain up to 512 characters. It can contain letters, numbers, periods (.), colons (:), and white space (including spaces and tabs). It can optionally end with an asterisk (*) so that only the start of the string needs to be an exact match.

onExitCode -> (string)

Contains a glob pattern to match against the decimal representation of the ExitCode returned for a job. The pattern can be up to 512 characters long. It can contain only numbers, and can end with an asterisk (*) so that only the start of the string needs to be an exact match.

The string can contain up to 512 characters.

action -> (string)

Specifies the action to take if all of the specified conditions (onStatusReason , onReason , and onExitCode ) are met. The values aren’t case sensitive.

Shorthand Syntax:

attempts=integer,evaluateOnExit=[{onStatusReason=string,onReason=string,onExitCode=string,action=string},{onStatusReason=string,onReason=string,onExitCode=string,action=string}]

JSON Syntax:

{
  "attempts": integer,
  "evaluateOnExit": [
    {
      "onStatusReason": "string",
      "onReason": "string",
      "onExitCode": "string",
      "action": "RETRY"|"EXIT"
    }
    ...
  ]
}

--propagate-tags | --no-propagate-tags (boolean)

Specifies whether to propagate the tags from the job or job definition to the corresponding Amazon ECS task. If no value is specified, the tags are not propagated. Tags can only be propagated to the tasks during task creation. For tags with the same name, job tags are given priority over job definitions tags. If the total number of combined tags from the job and job definition is over 50, the job is moved to the FAILED state.

Note

If the job runs on Amazon EKS resources, then you must not specify propagateTags .

--timeout (structure)

The timeout configuration for jobs that are submitted with this job definition, after which Batch terminates your jobs if they have not finished. If a job is terminated due to a timeout, it isn’t retried. The minimum value for the timeout is 60 seconds. Any timeout configuration that’s specified during a SubmitJob operation overrides the timeout configuration defined here. For more information, see Job Timeouts in the Batch User Guide .

attemptDurationSeconds -> (integer)

The job timeout time (in seconds) that’s measured from the job attempt’s startedAt timestamp. After this time passes, Batch terminates your jobs if they aren’t finished. The minimum value for the timeout is 60 seconds.

For array jobs, the timeout applies to the child jobs, not to the parent array job.

For multi-node parallel (MNP) jobs, the timeout applies to the whole job, not to the individual nodes.

Shorthand Syntax:

attemptDurationSeconds=integer

JSON Syntax:

{
  "attemptDurationSeconds": integer
}

--tags (map)

The tags that you apply to the job definition to help you categorize and organize your resources. Each tag consists of a key and an optional value. For more information, see Tagging Amazon Web Services Resources in Batch User Guide .

key -> (string)

value -> (string)

Shorthand Syntax:

KeyName1=string,KeyName2=string

JSON Syntax:

{"string": "string"
  ...}

--platform-capabilities (list)

The platform capabilities required by the job definition. If no value is specified, it defaults to EC2 . To run the job on Fargate resources, specify FARGATE .

Note

If the job runs on Amazon EKS resources, then you must not specify platformCapabilities .

(string)

Syntax:

"string" "string" ...

Where valid values are:
  EC2
  FARGATE

--eks-properties (structure)

An object with various properties that are specific to Amazon EKS based jobs. This must not be specified for Amazon ECS based job definitions.

podProperties -> (structure)

The properties for the Kubernetes pod resources of a job.

serviceAccountName -> (string)

The name of the service account that’s used to run the pod. For more information, see Kubernetes service accounts and Configure a Kubernetes service account to assume an IAM role in the Amazon EKS User Guide and Configure service accounts for pods in the Kubernetes documentation .

hostNetwork -> (boolean)

Indicates if the pod uses the hosts’ network IP address. The default value is true . Setting this to false enables the Kubernetes pod networking model. Most Batch workloads are egress-only and don’t require the overhead of IP allocation for each pod for incoming connections. For more information, see Host namespaces and Pod networking in the Kubernetes documentation .

dnsPolicy -> (string)

The DNS policy for the pod. The default value is ClusterFirst . If the hostNetwork parameter is not specified, the default is ClusterFirstWithHostNet . ClusterFirst indicates that any DNS query that does not match the configured cluster domain suffix is forwarded to the upstream nameserver inherited from the node. For more information, see Pod’s DNS policy in the Kubernetes documentation .

Valid values: Default | ClusterFirst | ClusterFirstWithHostNet

containers -> (list)

The properties of the container that’s used on the Amazon EKS pod.

(structure)

EKS container properties are used in job definitions for Amazon EKS based job definitions to describe the properties for a container node in the pod that’s launched as part of a job. This can’t be specified for Amazon ECS based job definitions.

name -> (string)

The name of the container. If the name isn’t specified, the default name “Default “ is used. Each container in a pod must have a unique name.

image -> (string)

The Docker image used to start the container.

imagePullPolicy -> (string)

The image pull policy for the container. Supported values are Always , IfNotPresent , and Never . This parameter defaults to IfNotPresent . However, if the :latest tag is specified, it defaults to Always . For more information, see Updating images in the Kubernetes documentation .

command -> (list)

The entrypoint for the container. This isn’t run within a shell. If this isn’t specified, the ENTRYPOINT of the container image is used. Environment variable references are expanded using the container’s environment.

If the referenced environment variable doesn’t exist, the reference in the command isn’t changed. For example, if the reference is to “$(NAME1) “ and the NAME1 environment variable doesn’t exist, the command string will remain “$(NAME1) .” $$ is replaced with $ and the resulting string isn’t expanded. For example, $$(VAR_NAME) will be passed as $(VAR_NAME) whether or not the VAR_NAME environment variable exists. The entrypoint can’t be updated. For more information, see ENTRYPOINT in the Dockerfile reference and Define a command and arguments for a container and Entrypoint in the Kubernetes documentation .

(string)

args -> (list)

An array of arguments to the entrypoint. If this isn’t specified, the CMD of the container image is used. This corresponds to the args member in the Entrypoint portion of the Pod in Kubernetes. Environment variable references are expanded using the container’s environment.

If the referenced environment variable doesn’t exist, the reference in the command isn’t changed. For example, if the reference is to “$(NAME1) “ and the NAME1 environment variable doesn’t exist, the command string will remain “$(NAME1) .” $$ is replaced with $ , and the resulting string isn’t expanded. For example, $$(VAR_NAME) is passed as $(VAR_NAME) whether or not the VAR_NAME environment variable exists. For more information, see CMD in the Dockerfile reference and Define a command and arguments for a pod in the Kubernetes documentation .

(string)

env -> (list)

The environment variables to pass to a container.

Note

Environment variables cannot start with “AWS_BATCH “. This naming convention is reserved for variables that Batch sets.

(structure)

An environment variable.

name -> (string)

The name of the environment variable.

value -> (string)

The value of the environment variable.

resources -> (structure)

The type and amount of resources to assign to a container. The supported resources include memory , cpu , and nvidia.com/gpu . For more information, see Resource management for pods and containers in the Kubernetes documentation .

limits -> (map)

The type and quantity of the resources to reserve for the container. The values vary based on the name that’s specified. Resources can be requested using either the limits or the requests objects.

memory

The memory hard limit (in MiB) for the container, using whole integers, with a “Mi” suffix. If your container attempts to exceed the memory specified, the container is terminated. You must specify at least 4 MiB of memory for a job. memory can be specified in limits , requests , or both. If memory is specified in both places, then the value that’s specified in limits must be equal to the value that’s specified in requests .

Note

To maximize your resource utilization, provide your jobs with as much memory as possible for the specific instance type that you are using. To learn how, see Memory management in the Batch User Guide .

cpu

The number of CPUs that’s reserved for the container. Values must be an even multiple of 0.25 . cpu can be specified in limits , requests , or both. If cpu is specified in both places, then the value that’s specified in limits must be at least as large as the value that’s specified in requests .

nvidia.com/gpu

The number of GPUs that’s reserved for the container. Values must be a whole integer. memory can be specified in limits , requests , or both. If memory is specified in both places, then the value that’s specified in limits must be equal to the value that’s specified in requests .

key -> (string)

value -> (string)

requests -> (map)

The type and quantity of the resources to request for the container. The values vary based on the name that’s specified. Resources can be requested by using either the limits or the requests objects.

memory

The memory hard limit (in MiB) for the container, using whole integers, with a “Mi” suffix. If your container attempts to exceed the memory specified, the container is terminated. You must specify at least 4 MiB of memory for a job. memory can be specified in limits , requests , or both. If memory is specified in both, then the value that’s specified in limits must be equal to the value that’s specified in requests .

Note

If you’re trying to maximize your resource utilization by providing your jobs as much memory as possible for a particular instance type, see Memory management in the Batch User Guide .

cpu

The number of CPUs that are reserved for the container. Values must be an even multiple of 0.25 . cpu can be specified in limits , requests , or both. If cpu is specified in both, then the value that’s specified in limits must be at least as large as the value that’s specified in requests .

nvidia.com/gpu

The number of GPUs that are reserved for the container. Values must be a whole integer. nvidia.com/gpu can be specified in limits , requests , or both. If nvidia.com/gpu is specified in both, then the value that’s specified in limits must be equal to the value that’s specified in requests .

key -> (string)

value -> (string)

volumeMounts -> (list)

The volume mounts for the container. Batch supports emptyDir , hostPath , and secret volume types. For more information about volumes and volume mounts in Kubernetes, see Volumes in the Kubernetes documentation .

(structure)

The volume mounts for a container for an Amazon EKS job. For more information about volumes and volume mounts in Kubernetes, see Volumes in the Kubernetes documentation .

name -> (string)

The name the volume mount. This must match the name of one of the volumes in the pod.

mountPath -> (string)

The path on the container where the volume is mounted.

readOnly -> (boolean)

If this value is true , the container has read-only access to the volume. Otherwise, the container can write to the volume. The default value is false .

securityContext -> (structure)

The security context for a job. For more information, see Configure a security context for a pod or container in the Kubernetes documentation .

runAsUser -> (long)

When this parameter is specified, the container is run as the specified user ID (uid ). If this parameter isn’t specified, the default is the user that’s specified in the image metadata. This parameter maps to RunAsUser and MustRanAs policy in the Users and groups pod security policies in the Kubernetes documentation .

runAsGroup -> (long)

When this parameter is specified, the container is run as the specified group ID (gid ). If this parameter isn’t specified, the default is the group that’s specified in the image metadata. This parameter maps to RunAsGroup and MustRunAs policy in the Users and groups pod security policies in the Kubernetes documentation .

privileged -> (boolean)

When this parameter is true , the container is given elevated permissions on the host container instance. The level of permissions are similar to the root user permissions. The default value is false . This parameter maps to privileged policy in the Privileged pod security policies in the Kubernetes documentation .

readOnlyRootFilesystem -> (boolean)

When this parameter is true , the container is given read-only access to its root file system. The default value is false . This parameter maps to ReadOnlyRootFilesystem policy in the Volumes and file systems pod security policies in the Kubernetes documentation .

runAsNonRoot -> (boolean)

When this parameter is specified, the container is run as a user with a uid other than 0. If this parameter isn’t specified, so such rule is enforced. This parameter maps to RunAsUser and MustRunAsNonRoot policy in the Users and groups pod security policies in the Kubernetes documentation .

volumes -> (list)

Specifies the volumes for a job definition that uses Amazon EKS resources.

(structure)

Specifies an Amazon EKS volume for a job definition.

name -> (string)

The name of the volume. The name must be allowed as a DNS subdomain name. For more information, see DNS subdomain names in the Kubernetes documentation .

hostPath -> (structure)

Specifies the configuration of a Kubernetes hostPath volume. For more information, see hostPath in the Kubernetes documentation .

path -> (string)

The path of the file or directory on the host to mount into containers on the pod.

emptyDir -> (structure)

Specifies the configuration of a Kubernetes emptyDir volume. For more information, see emptyDir in the Kubernetes documentation .

medium -> (string)

The medium to store the volume. The default value is an empty string, which uses the storage of the node.

“”

(Default) Use the disk storage of the node.

“Memory”

Use the tmpfs volume that’s backed by the RAM of the node. Contents of the volume are lost when the node reboots, and any storage on the volume counts against the container’s memory limit.

sizeLimit -> (string)

The maximum size of the volume. By default, there’s no maximum size defined.

secret -> (structure)

Specifies the configuration of a Kubernetes secret volume. For more information, see secret in the Kubernetes documentation .

secretName -> (string)

The name of the secret. The name must be allowed as a DNS subdomain name. For more information, see DNS subdomain names in the Kubernetes documentation .

optional -> (boolean)

Specifies whether the secret or the secret’s keys must be defined.

JSON Syntax:

{
  "podProperties": {
    "serviceAccountName": "string",
    "hostNetwork": true|false,
    "dnsPolicy": "string",
    "containers": [
      {
        "name": "string",
        "image": "string",
        "imagePullPolicy": "string",
        "command": ["string", ...],
        "args": ["string", ...],
        "env": [
          {
            "name": "string",
            "value": "string"
          }
          ...
        ],
        "resources": {
          "limits": {"string": "string"
            ...},
          "requests": {"string": "string"
            ...}
        },
        "volumeMounts": [
          {
            "name": "string",
            "mountPath": "string",
            "readOnly": true|false
          }
          ...
        ],
        "securityContext": {
          "runAsUser": long,
          "runAsGroup": long,
          "privileged": true|false,
          "readOnlyRootFilesystem": true|false,
          "runAsNonRoot": true|false
        }
      }
      ...
    ],
    "volumes": [
      {
        "name": "string",
        "hostPath": {
          "path": "string"
        },
        "emptyDir": {
          "medium": "string",
          "sizeLimit": "string"
        },
        "secret": {
          "secretName": "string",
          "optional": true|false
        }
      }
      ...
    ]
  }
}

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command. The generated JSON skeleton is not stable between versions of the AWS CLI and there are no backwards compatibility guarantees in the JSON skeleton generated.

Global Options

--debug (boolean)

Turn on debug logging.

--endpoint-url (string)

Override command’s default URL with the given URL.

--no-verify-ssl (boolean)

By default, the AWS CLI uses SSL when communicating with AWS services. For each SSL connection, the AWS CLI will verify SSL certificates. This option overrides the default behavior of verifying SSL certificates.

--no-paginate (boolean)

Disable automatic pagination.

--output (string)

The formatting style for command output.

  • json

  • text

  • table

  • yaml

  • yaml-stream

--query (string)

A JMESPath query to use in filtering the response data.

--profile (string)

Use a specific profile from your credential file.

--region (string)

The region to use. Overrides config/env settings.

--version (string)

Display the version of this tool.

--color (string)

Turn on/off color output.

  • on

  • off

  • auto

--no-sign-request (boolean)

Do not sign requests. Credentials will not be loaded if this argument is provided.

--ca-bundle (string)

The CA certificate bundle to use when verifying SSL certificates. Overrides config/env settings.

--cli-read-timeout (int)

The maximum socket read time in seconds. If the value is set to 0, the socket read will be blocking and not timeout. The default value is 60 seconds.

--cli-connect-timeout (int)

The maximum socket connect time in seconds. If the value is set to 0, the socket connect will be blocking and not timeout. The default value is 60 seconds.

--cli-binary-format (string)

The formatting style to be used for binary blobs. The default format is base64. The base64 format expects binary blobs to be provided as a base64 encoded string. The raw-in-base64-out format preserves compatibility with AWS CLI V1 behavior and binary values must be passed literally. When providing contents from a file that map to a binary blob fileb:// will always be treated as binary and use the file contents directly regardless of the cli-binary-format setting. When using file:// the file contents will need to properly formatted for the configured cli-binary-format.

  • base64

  • raw-in-base64-out

--no-cli-pager (boolean)

Disable cli pager for output.

--cli-auto-prompt (boolean)

Automatically prompt for CLI input parameters.

--no-cli-auto-prompt (boolean)

Disable automatically prompt for CLI input parameters.

Examples

Note

To use the following examples, you must have the AWS CLI installed and configured. See the Getting started guide in the AWS CLI User Guide for more information.

Unless otherwise stated, all examples have unix-like quotation rules. These examples will need to be adapted to your terminal’s quoting rules. See Using quotation marks with strings in the AWS CLI User Guide .

To register a job definition

This example registers a job definition for a simple container job.

Command:

aws batch register-job-definition --job-definition-name sleep30 --type container --container-properties '{ "image": "busybox", "vcpus": 1, "memory": 128, "command": [ "sleep", "30"]}'

Output:

{
    "jobDefinitionArn": "arn:aws:batch:us-east-1:012345678910:job-definition/sleep30:1",
    "jobDefinitionName": "sleep30",
    "revision": 1
}

Output

jobDefinitionName -> (string)

The name of the job definition.

jobDefinitionArn -> (string)

The Amazon Resource Name (ARN) of the job definition.

revision -> (integer)

The revision of the job definition.