All news with #amazon ecs tag

Amazon ECS Managed Instances: Configurable Scale-In Delay

🚀 Amazon ECS Managed Instances now lets you configure a scale-in delay so you can better align instance terminations with workload patterns and business requirements. You can set the scaleInAfter parameter to any value up to 60 minutes, or set it to -1 to disable automatic infrastructure optimization and allow instances to remain until they are patched after 14 days. Configure scaleInAfter when creating or updating an ECS Managed Instances capacity provider via the ECS API, console, SDKs, CDK, or CloudFormation. This capability is available in all commercial AWS Regions and helps teams balance cost optimization against availability.

Amazon ECS improves service availability for rolling deploys

🔁 Amazon Elastic Container Service (Amazon ECS) now replaces unhealthy or terminated tasks with healthy tasks from the same service revision during rolling deployments instead of prioritizing the new revision. This prevents service availability drops when new task versions fail health checks or cannot start. Application Auto Scaling scale-outs are applied across both revisions so the running version can handle increased load. These changes respect maximumPercent and minimumHealthyPercent and are enabled by default in all Regions.

ECS Service Connect: Cross-Account Support in GovCloud

🔗 Amazon ECS Service Connect now supports cross-account communication in AWS GovCloud through integration with AWS Resource Access Manager (AWS RAM). You can share the underlying AWS Cloud Map namespaces with individual accounts, Organizational Units (OUs), or your entire AWS Organization to register services from multiple accounts in a single namespace. The capability works for both Fargate and EC2 launch modes in GovCloud (US-West and US-East) and is available via Console, API, SDK, CLI, and CloudFormation, simplifying service discovery and reducing duplication.

CloudWatch Application Signals Now in AWS GovCloud

🔒 CloudWatch Application Signals is now available in AWS GovCloud (US-East) and AWS GovCloud (US-West), extending automated application observability to government and regulated workloads. The service automatically collects telemetry from Amazon EC2, Amazon ECS, Amazon EKS and AWS Lambda to provide real-time health, dependency visualization and anomaly detection. By eliminating manual instrumentation, it helps teams meet compliance and monitoring requirements while improving incident detection and resolution. For pricing and setup, consult the CloudWatch pricing page and Application Signals documentation.

Amazon ECS Adds Built-in Linear and Canary Deployments

🚀 Amazon ECS now supports built-in linear and canary deployment strategies to give teams finer control over traffic shifts during container rollouts. Linear deployments shift traffic in equal percentage steps with configurable step percentage and step bake time, while canary deployments route a small portion of traffic to the new revision for a configurable canary bake time before completing the shift. Both strategies provide a post-deployment bake time, support deployment lifecycle hooks, and can use Amazon CloudWatch alarms to detect failures and trigger automated rollbacks. The feature is available in all commercial AWS Regions and is supported via Console, SDK, CLI, CloudFormation, CDK, and Terraform for services using ALB or ECS Service Connect.

Amazon ECS Service Connect Adds Envoy Access Logs Support

🔍 Amazon ECS Service Connect now captures per-request telemetry with Envoy access logs to improve visibility into service-to-service traffic for tracing, debugging, and compliance. Access logging is enabled via the ServiceConnectConfiguration and emits Envoy logs to STDOUT alongside application logs, flowing through the existing ECS log pipeline without extra infrastructure. Query strings are redacted by default and the feature supports HTTP, HTTP/2, gRPC, and TCP protocols. The capability is available in all regions where Service Connect is supported.

Amazon ECS Managed Instances Now in All Commercial Regions

🚀 Amazon ECS Managed Instances is now available in all commercial AWS Regions as a fully managed, EC2-based compute option that reduces infrastructure management overhead while retaining the full capabilities of Amazon EC2. Managed Instances dynamically scales EC2 capacity, continuously optimizes task placement, and applies security patching on a 14-day cadence. You specify task requirements such as vCPU, memory, and CPU architecture, and Amazon ECS provisions and operates optimal instances in your account. Management fees apply in addition to regular EC2 charges.

Amazon ECS Adds CloudTrail Data Events for Agent API

🔍 Amazon ECS now emits AWS CloudTrail data events for ECS Agent API activities, giving teams detailed visibility into container instance operations. Customers can opt in to the new data event resource type AWS::ECS::ContainerInstance to capture actions such as ecs:Poll, ecs:StartTelemetrySession, and ecs:PutSystemLogEvents. The capability is available for ECS on EC2 across all AWS Regions and for ECS Managed Instances in select regions. Standard CloudTrail data event charges apply.

Amazon ECS: Run Firelens Logging Containers Non-Root

🔒 Amazon Elastic Container Service (Amazon ECS) now lets you run Firelens containers as a non-root user by specifying a numeric user ID in the user field of your Task Definition. Running Firelens as non-root reduces the potential attack surface and helps meet security and compliance requirements, including checks surfaced by AWS Security Hub. This capability replaces the previous default of "user": "0" and is available in all AWS Regions. See the Firelens documentation for configuration details.

AWS for Fluent Bit 3.0.0 Released with Fluent Bit 4.1.1

🚀 AWS for Fluent Bit 3.0.0, based on Fluent Bit 4.1.1 and built on Amazon Linux 2023, is now available for Amazon ECS and Amazon EKS customers. The release introduces native OpenTelemetry (OTel) support to ingest and forward OTLP logs, metrics, and traces with AWS SigV4 authentication, removing the need for additional sidecars. It delivers faster JSON parsing and higher log throughput per vCPU with lower latency, plus configurable TLS minimum versions and cipher controls to strengthen output security. Upgrade by pulling the 3.0.0 image from the Amazon ECR Public Gallery, updating your ECS FireLens task definition, or updating the DaemonSet/Helm release on EKS.

Amazon ECS adds one-click event capture and querying

🔎 The Amazon Elastic Container Service (ECS) console now offers one-click event capture and an integrated event history query interface. With a single click the console configures underlying EventBridge rules and CloudWatch log groups and provides pre-built query templates and filters for time range, task ID, deployment ID, stop codes, and exit codes. Available in all AWS Commercial and GovCloud (US) Regions.

Amazon ECS Managed Instances: Fully Managed EC2 Compute

⚙️ AWS today introduced Amazon ECS Managed Instances, a fully managed compute option that provisions, configures, and operates Amazon EC2 instances on behalf of customers to reduce infrastructure overhead. You specify task requirements (vCPUs, memory, CPU architecture) or desired instance types and ECS automatically selects and manages optimal instances. The service dynamically scales capacity, optimizes task placement, and applies security patching on a 14-day cadence with support for scheduled EC2 event windows.

Amazon ECS Adds Native IPv6-Only Task and Service Support

🚀 Amazon Elastic Container Service (Amazon ECS) now supports running tasks and services in IPv6-only subnets, eliminating the prior requirement for IPv4 addresses. This enables containerized applications to scale without IPv4 address constraints and helps organizations meet IPv6 compliance mandates. The capability works across all ECS launch types and networking modes; create IPv6-only VPC subnets and ECS will provision networking automatically. See the task networking documentation and a blog walkthrough for launch-specific details and migration guidance.

ECS Service Connect Enables Cross-Account Namespace Sharing

🚀 Amazon ECS Service Connect now supports cross-account communication by letting teams share AWS Cloud Map namespaces via AWS RAM. Platform engineers can create a resource share and grant access to individual accounts, OUs, or the whole organization so services in multiple accounts register to a single namespace. This reduces duplication, simplifies service discovery, and works with Fargate and EC2 across commercial regions.

Amazon ECS adds Amazon Q Developer task definition AI

🤖 Amazon ECS now offers generative AI assistance from Amazon Q Developer to streamline task definition creation and updates in the AWS Management Console. Developers can use an inline chat to generate, explain, or refactor task definition JSON, inject suggestions at any point, and accept or reject proposed edits. Inline suggestions are enhanced to let Amazon Q Developer autocomplete whole blocks of sample code in addition to property-based hints. The capability is available where Amazon Q Developer is offered and can be enabled or disabled via the console code editor settings or controlled with IAM permissions.

AWS Console Adds ECS Exec for Direct Container Shell Access

🔐 The AWS Management Console now supports ECS Exec, allowing operators to open secure, interactive shell sessions to running containers directly from the console. This removes the need to switch to the CLI, API, or SDKs for troubleshooting and avoids opening inbound ports or managing SSH keys. You can enable ECS Exec when creating or updating services and standalone tasks, and configure encryption and logging at the cluster level. Sessions launch through CloudShell, and the console displays the underlying AWS CLI command for reuse in a local terminal.