How do I set up dynamic port mapping for Amazon ECS?

3 minute read

I want to set up dynamic port mapping for my container instance in Amazon Elastic Container Service (Amazon ECS).

Short description

When you use Classic Load Balancer, you can't run multiple copies of a task on the same instance. Instead, when you use the Classic Load Balancer, you must instead statically map port numbers on a container instance. However, because an Application Load Balancer uses dynamic port mapping, you can run multiple tasks from a single service on the same container instance.

Note: You can also use Network Load Balancers for dynamic port mapping. For more information, see Use a Network Load Balancer for Amazon ECS.


To set up dynamic port mapping, complete the following steps:

  1. Create an Application Load Balancer for Amazon ECS and a target group.
    Important: To correctly route health check traffic when you create a target group, expand Advanced health check settings. For Port, select traffic port.

  2. Open the Amazon ECS console, and then set the host port to 0 for the task definition that you're creating or updating. Set the container port mappings for your application.
    Important: The host and awsvpc network modes don't support dynamic host port mapping.

  3. Add a rule to allow inbound traffic from your load balancer to your container instances. The security group and network access control list (network ACL) must allow traffic from the load balancer to the instances over the ephemeral port range.
    Note: For more information about ephemeral port ranges, see PortMapping.

  4. Open the Amazon ECS console, and then configure your service to use the Application Load Balancer that you created.
    Important: You can change these configurations or add a load balancer inside an existing service when you create the service. If you update the service task definition, then the container name and container port specified at service creation must remain in the task definition. For more information, see Service load balancing. Or, you can use the AWS Command Line Interface (AWS CLI) update-service command to change configurations or add a load balancer:

    aws ecs update-service --service <service-name> --cluster <cluster-name> --load-balancers targetGroupArn=<target-group-arn>,containerName=<container-name>,containerPort=<container-port>
  5. Open the Amazon Elastic Compute Cloud (Amazon EC2) console, and then complete the following steps:
    From the navigation pane, choose Target Groups.
    Choose the hyperlinked name for your target group.
    Review the Targets tab. You can see what port is used for the task in the service that you created.

If dynamic port mapping is correctly set up, then you see the registered targets in the target group and the assigned port for the task. You also see the task in the registered targets for the following ephemeral port ranges: 49153-65535 and 32768-61000.

Related information

What is Elastic Load Balancing?

What is an Application Load Balancer?

AWS OFFICIALUpdated a month ago