Sachin helps you set up
dynamic port mapping
for Amazon ECS


I want to set up dynamic port mapping for my container instance in Amazon Elastic Container Service (Amazon ECS). How can I do this?

Dynamic port mapping with an Application Load Balancer makes it easier to run multiple tasks on the same Amazon ECS service on an Amazon ECS cluster.

With the Classic Load Balancer, you must statically map port numbers on a container instance. The Classic Load Balancer does not allow you to run multiple copies of a task on the same instance because the ports conflict. An Application Load Balancer uses dynamic port mapping so that you can run multiple tasks from a single service on the same container instance.

To set up dynamic port mapping, complete the following steps:

  1. Open the Amazon EC2 console, and then create an Application Load Balancer and a target group.
    Important: To route health check traffic correctly when you create a target group, choose Target Groups, and then choose Actions. Choose Edit health check. For Port, choose traffic port.
  2. Open the Amazon ECS console, and then set the host port to 0 for the task definition that you are creating or updating.
  3. Map the host port to your container port.
  4. Open the Amazon EC2 console, and then confirm that the security group and network access control list (ACL) allow traffic from the load balancer to the instances over the ephemeral port range.
    Note: For more information about configuring security groups, see Create a Security Group Rule for Your Container Instances. For more information about ephemeral port ranges, see PortMapping.
  5. Open the Amazon ECS console, and then configure your service to use the Application Load Balancer that you created.
    Important: You can add a load balancer only during the creation of the service. After you create a service, the target group Amazon Resource Name (ARN), container name, and container port specified in the service definition can't be changed. You can't add, remove, or change the load balancer configuration of an existing service. If you update the task definition for the service, then the container name and container port that was specified when the service was created must remain in the task definition. For more information, see Load Balancing Concepts.
  6. Open the Amazon EC2 console, choose Target Groups, and then choose the Targets view to check what port is used for the task in the service that you created.

If dynamic port mapping is set up correctly, then you'll see the registered targets in the target group and the assigned port for the task. You'll also see the task in the registered targets for the following ephemeral port ranges: 49153–65535 and 32768–61000.

Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2016-05-26

Updated: 2019-01-10