forked from bottlerocket-os/bottlerocket
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ecs.service
31 lines (29 loc) · 1.29 KB
/
ecs.service
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
[Unit]
Description=Amazon Elastic Container Service - container agent
Documentation=https://aws.amazon.com/documentation/ecs/
Requires=docker.service
After=docker.service configured.target
Wants=network-online.target configured.target
[Service]
Type=simple
Restart=on-failure
RestartPreventExitStatus=5
RestartSec=1s
EnvironmentFile=-/etc/ecs/ecs.config
EnvironmentFile=/etc/network/proxy.env
Environment=ECS_CHECKPOINT=true
ExecStartPre=/sbin/iptables -t nat -A PREROUTING -d 169.254.170.2/32 \
-p tcp -m tcp --dport 80 -j DNAT --to-destination 127.0.0.1:51679
ExecStartPre=/sbin/iptables -t nat -A OUTPUT -d 169.254.170.2/32 \
-p tcp -m tcp --dport 80 -j REDIRECT --to-ports 51679
ExecStartPre=/sbin/iptables -t filter -I INPUT --dst 127.0.0.0/8 ! \
--src 127.0.0.0/8 -m conntrack ! --ctstate RELATED,ESTABLISHED,DNAT -j DROP
ExecStart=/usr/bin/amazon-ecs-agent
ExecStopPost=-/sbin/iptables -t nat -D PREROUTING -d 169.254.170.2/32 \
-p tcp -m tcp --dport 80 -j DNAT --to-destination 127.0.0.1:51679
ExecStopPost=-/sbin/iptables -t nat -D OUTPUT -d 169.254.170.2/32 \
-p tcp -m tcp --dport 80 -j REDIRECT --to-ports 51679
ExecStopPost=-/sbin/iptables -t filter -D INPUT --dst 127.0.0.0/8 ! \
--src 127.0.0.0/8 -m conntrack ! --ctstate RELATED,ESTABLISHED,DNAT -j DROP
[Install]
WantedBy=multi-user.target