# Fargate platform versions for Amazon ECS
<a name="platform-fargate"></a>

AWS Fargate platform versions are used to refer to a specific runtime environment for Fargate task infrastructure. It is a combination of the kernel and container runtime versions. You select a platform version when you run a task or when you create a service to maintain a number of identical tasks.

New revisions of platform versions are released as the runtime environment evolves, for example, if there are kernel or operating system updates, new features, bug fixes, or security updates. A Fargate platform version is updated by making a new platform version revision. Each task runs on one platform version revision during its lifecycle. If you want to use the latest platform version revision, then you must start a new task. A new task that runs on Fargate always runs on the latest revision of a platform version, ensuring that tasks are always started on secure and patched infrastructure.

If a security issue is found that affects an existing platform version, AWS creates a new patched revision of the platform version and retires tasks running on the vulnerable revision. In some cases, you may be notified that your tasks on Fargate have been scheduled for retirement. For more information, see [Task retirement and maintenance for AWS Fargate on Amazon ECS](task-maintenance.md).

You specify the platform version when you run a task, or deploy a service.

Consider the following when specifying a platform version:
+ You can specify a a specific version number, for example `1.4.0`, or `LATEST`.

  The **LATEST** Linux platform version is `1.4.0`.

  The **LATEST** Windows platform version is `1.0.0`.
+ If you want to update the platform version for a service, create a deployment. For example, assume that you have a service that runs tasks on the Linux platform version `1.3.0`. To change the service to run tasks on the Linux platform version `1.4.0`, you update your service and specify a new platform version. Your tasks are redeployed with the latest platform version and the latest platform version revision. For more information about deployments, see [Amazon ECS services](ecs_services.md).
+ If your service is scaled up without updating the platform version, those tasks receive the platform version that was specified on the service's current deployment. For example, assume that you have a service that runs tasks on the Linux platform version `1.3.0`. If you increase the desired count of the service, the service scheduler starts the new tasks using the latest platform version revision of platform version `1.3.0`.
+ New tasks always run on the latest revision of a platform version. This ensures tasks are always on secured and patched infrastructure.
+ The platform version numbers for Linux containers and Windows containers on Fargate are independent. For example, the behavior, features, and software used in platform version `1.0.0` for Windows containers on Fargate aren't comparable to those of platform version `1.0.0` for Linux containers on Fargate.
+ The following applies to Fargate Windows platform versions.

  Microsoft Windows Server container images must be created from a specific version of Windows Server. You must select the same version of Windows Server in the `platformFamily` when you run a task or create a service that matches the Windows Server container image. Additionally, you can provide a matching `operatingSystemFamily` in the task definition to prevent tasks from being run on the wrong Windows version. For more information, see [Matching container host version with container image versions](https://learn.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/version-compatibility#matching-container-host-version-with-container-image-versions) on the Microsoft Learn website.

# Migrating to Linux platform version 1.4.0 on Amazon ECS
<a name="platform-version-migration"></a>

Consider the following when migrating your Amazon ECS on Fargate tasks from platform version `1.0.0`, `1.1.0`, `1.2.0`, or `1.3.0` to platform version `1.4.0`. It is best practice to confirm your task works properly on platform version `1.4.0` before you migrate the tasks.
+ The network traffic behavior to and from tasks has been updated. Starting with platform version 1.4.0, all Amazon ECS on Fargate tasks receive a single elastic network interface (referred to as the task ENI) and all network traffic flows through that ENI within your VPC. The traffic is visible to you through your VPC flow logs. For more information see [Amazon ECS task networking options for Fargate](fargate-task-networking.md).
+ If you use interface VPC endpoints, consider the following.
  + For container images hosted with Amazon ECR, you need the following endpoints. For more information, see [Amazon ECR interface VPC endpoints (AWS PrivateLink)](https://docs.aws.amazon.com/AmazonECR/latest/userguide/vpc-endpoints.html) in the *Amazon Elastic Container Registry User Guide*.
    + **com.amazonaws.*region*.ecr.dkr** Amazon ECR VPC endpoint
    + **com.amazonaws.*region*.ecr.api** Amazon ECR VPC endpoint
    +  Amazon S3 gateway endpoint
  + When your task definition references Secrets Manager secrets to retrieve sensitive data for your containers, you must create the interface VPC endpoints for Secrets Manager. For more information, see [Using Secrets Manager with VPC Endpoints](https://docs.aws.amazon.com/secretsmanager/latest/userguide/vpc-endpoint-overview.html) in the *AWS Secrets Manager User Guide*.
  + When your task definition references Systems Manager Parameter Store parameters to retrieve sensitive data for your containers, you must create the interface VPC endpoints for Systems Manager. For more information, see [Improve the security of EC2 instances by using VPC endpoints for Systems Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-create-vpc.html) in the *AWS Systems Manager User Guide*.
  + The security group for the Elastic Network Interface (ENI) associated with your task needs the security group rules to allow traffic between the task and the VPC endpoints.

# Fargate Linux platform version change log
<a name="platform-versions-changelog"></a>

The following are the available Linux platform versions. For information about platform version deprecation, see [AWS Fargate Linux platform version deprecation](platform-versions-retired.md).

## 1.4.0
<a name="platform-version-1-4"></a>

The following is the changelog for platform version `1.4.0`.
+ Beginning on November 5, 2020, any new Amazon ECS task launched on Fargate using platform version `1.4.0` will be able to use the following features:
  + When using Secrets Manager to store sensitive data, you can inject a specific JSON key or a specific version of a secret as an environment variable or in a log configuration. For more information, see [Pass sensitive data to an Amazon ECS container](specifying-sensitive-data.md).
  + Specify environment variables in bulk using the `environmentFiles` container definition parameter. For more information, see [Pass an individual environment variable to an Amazon ECS container](taskdef-envfiles.md).
  + Tasks run in a VPC and subnet enabled for IPv6 will be assigned both a private IPv4 address and an IPv6 address. For more information, see [Amazon ECS task networking options for Fargate](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/fargate-task-networking.html).
  + The task metadata endpoint version 4 provides additional metadata about your task and container including the task launch type, the Amazon Resource Name (ARN) of the container, and the log driver and log driver options used. When querying the `/stats` endpoint you also receive network rate stats for your containers. For more information, see [Task metadata endpoint version 4](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-metadata-endpoint-v4-fargate.html).
+ Beginning on July 30, 2020, any new Amazon ECS task launched on Fargate using platform version `1.4.0` will be able to route UDP traffic using a Network Load Balancer to their Amazon ECS on Fargate tasks. For more information, see [Use load balancing to distribute Amazon ECS service traffic](service-load-balancing.md).
+ Beginning on May 28, 2020, any new Amazon ECS task launched on Fargate using platform version `1.4.0` will have its ephemeral storage encrypted with an AES-256 encryption algorithm using an AWS owned encryption key. For more information, see [Fargate task ephemeral storage for Amazon ECS](fargate-task-storage.md) and [Storage options for Amazon ECS tasks](using_data_volumes.md).
+ Added support for using Amazon EFS file system volumes for persistent task storage. For more information, see [Use Amazon EFS volumes with Amazon ECS](efs-volumes.md).
+ The ephemeral task storage has been increased to a minimum of 20 GB for each task. For more information, see [Fargate task ephemeral storage for Amazon ECS](fargate-task-storage.md).
+ The network traffic behavior to and from tasks has been updated. Starting with platform version 1.4.0, all Fargate tasks receive a single elastic network interface (referred to as the task ENI) and all network traffic flows through that ENI within your VPC and will be visible to you through your VPC flow logs. For more information about networking for the Amazon EC2 launch type, see [Amazon ECS task networking options for EC2](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html). For more information about networking for the Fargate, see [Amazon ECS task networking options for Fargate](fargate-task-networking.md).
+ Task ENIs add support for jumbo frames. Network interfaces are configured with a maximum transmission unit (MTU), which is the size of the largest payload that fits within a single frame. The larger the MTU, the more application payload can fit within a single frame, which reduces per-frame overhead and increases efficiency. Supporting jumbo frames will reduce overhead when the network path between your task and the destination supports jumbo frames, such as all traffic that remains within your VPC.
+ CloudWatch Container Insights will include network performance metrics for Fargate tasks. For more information, see [Monitor Amazon ECS containers using Container Insights with enhanced observability](cloudwatch-container-insights.md).
+ Added support for the task metadata endpoint version 4 which provides additional information for your Fargate tasks, including network stats for the task and which Availability Zone the task is running in. For more information, see [Amazon ECS task metadata endpoint version 4](task-metadata-endpoint-v4.md) and [Amazon ECS task metadata endpoint version 4 for tasks on Fargate](task-metadata-endpoint-v4-fargate.md).
+ Added support for the `SYS_PTRACE` Linux parameter in container definitions. For more information, see [Linux parameters](task_definition_parameters.md#container_definition_linuxparameters).
+ The Fargate container agent replaces the use of the Amazon ECS container agent for all Fargate tasks. Usually, this change does not have an effect on how your tasks run.
+ The container runtime is now using Containerd instead of Docker. Most likely, this change does not have an effect on how your tasks run. You will notice that some error messages that originate with the container runtime changes from mentioning Docker to more general errors. For more information, see [Amazon ECS stopped task error messages](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/stopped-task-error-codes.html).
+ Based on Amazon Linux 2.

# AWS Fargate Linux platform version deprecation
<a name="platform-versions-retired"></a>

**Important**  
 We are ending support for PV 1.3.0 in Fargate on June 30, 2026. Starting June 15, 2026, we will make the platform version 1.3.0 as Retired. At that time, you will not be able to launch new tasks or create new services configured with platform version 1.3.0, but your existing tasks will continue running. On June 30, 2026, we will terminate all the remaining running tasks configured with platform version 1.3.0.   
For information about how to migrate to platform version 1.4, see [Migrating to Linux platform version 1.4.0 on Amazon ECS](platform-version-migration.md).

The following table lists Linux platform versions that AWS Fargate has deprecated or have been scheduled for deprecation. These platform versions remain available until the published deprecation date.

A *force update date* is provided for each platform version scheduled for deprecation. On the force update date, any service using the `LATEST` platform version that is pointed to a platform version that is scheduled for deprecation will be updated using the force new deployment option. When the service is updated using the force new deployment option, all tasks running on a platform version scheduled for deprecation are stopped and new tasks are launched using the platform version that the `LATEST` tag points to at that time. Standalone tasks or services with an explicit platform version set are not affected by the force update date.

For information about how to migrate to latest platform version, see [Migrating to Linux platform version 1.4.0 on Amazon ECS](platform-version-migration.md).

After a platform version reaches the *deprecation date*, the platform version will no longer be available for new tasks or services. Any standalone tasks or services which explicitly use a deprecated platform version will continue using that platform version until the tasks are stopped. After the deprecation date, a deprecated platform version will no longer receive any security updates or bug fixes.


| Platform version | Force update date | Deprecation date | 
| --- | --- | --- | 
|  1.0.0  |  October 26, 2020  |  December 14, 2020  | 
|  1.1.0  |  October 26, 2020  |  December 14, 2020  | 
|  1.2.0  |  October 26, 2020  |  December 14, 2020  | 
| 1.3.0 |  | June 15, 2026 | 

For information about current platform versions, see [Fargate platform versions for Amazon ECS](platform-fargate.md).

## Deprecated Fargate Linux versions change log
<a name="deprecated-version-changelog"></a>

### 1.3.0
<a name="platform-version-1-3"></a>

The following is the changelog for platform version `1.3.0`.
+ Beginning on Sept 30, 2019, any new Fargate task that is launched supports the `awsfirelens` log driver. Configure the FireLens for Amazon ECS to use task definition parameters to route logs to an AWS service or AWS Partner Network (APN) destination for log storage and analytics. For more information, see [Send Amazon ECS logs to an AWS service or AWS Partner](using_firelens.md).
+ Added task recycling for Fargate tasks, which is the process of refreshing tasks that are a part of an Amazon ECS service. For more information, [Task retirement and maintenance for AWS Fargate on Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-maintenance.html).
+ Beginning on March 27, 2019, any new Fargate task that is launched can use additional task definition parameters that you use to define a proxy configuration, dependencies for container startup and shutdown as well as a per-container start and stop timeout value. For more information, see [Proxy configuration](task_definition_parameters.md#proxyConfiguration), [Container dependency](task_definition_parameters.md#container_definition_dependson), and [Container timeouts](task_definition_parameters.md#container_definition_timeout).
+ Beginning on April 2, 2019, any new Fargate task that is launched supports injecting sensitive data into your containers by storing your sensitive data in either AWS Secrets Manager secrets or AWS Systems Manager Parameter Store parameters and then referencing them in your container definition. For more information, see [Pass sensitive data to an Amazon ECS container](specifying-sensitive-data.md).
+ Beginning on May 1, 2019, any new Fargate task that is launched supports referencing sensitive data in the log configuration of a container using the `secretOptions` container definition parameter. For more information, see [Pass sensitive data to an Amazon ECS container](specifying-sensitive-data.md).
+ Beginning on May 1, 2019, any new Fargate task that is launched supports the `splunk` log driver in addition to the `awslogs` log driver. For more information, see [Storage and logging](task_definition_parameters.md#container_definition_storage).
+ Beginning on July 9, 2019, any new Fargate tasks that is launched supports CloudWatch Container Insights. For more information, see [Monitor Amazon ECS containers using Container Insights with enhanced observability](cloudwatch-container-insights.md).
+ Beginning on December 3, 2019, the Fargate Spot capacity provider is supported. For more information, see [Amazon ECS clusters for Fargate](fargate-capacity-providers.md).
+ Based on Amazon Linux 2.

### 1.2.0
<a name="platform-version-1-2"></a>

The following is the changelog for platform version `1.2.0`.

**Note**  
Platform version `1.2.0` is no longer available. For information about platform version deprecation, see [AWS Fargate Linux platform version deprecation](#platform-versions-retired).
+ Added support for private registry authentication using AWS Secrets Manager. For more information, see [Using non-AWS container images in Amazon ECS](private-auth.md).

### 1.1.0
<a name="platform-version-1-1"></a>

The following is the changelog for platform version `1.1.0`.

**Note**  
Platform version `1.1.0` is no longer available. For information about platform version deprecation, see [AWS Fargate Linux platform version deprecation](#platform-versions-retired).
+ Added support for the Amazon ECS task metadata endpoint. For more information, see [Amazon ECS task metadata available for tasks on Fargate](fargate-metadata.md).
+ Added support for Docker health checks in container definitions. For more information, see [Health check](task_definition_parameters.md#container_definition_healthcheck).
+ Added support for Amazon ECS service discovery. For more information, see [Use service discovery to connect Amazon ECS services with DNS names](service-discovery.md).

### 1.0.0
<a name="platform-version-1-0"></a>

The following is the changelog for platform version `1.0.0`.

**Note**  
Platform version `1.0.0` is no longer available. For information about platform version deprecation, see [AWS Fargate Linux platform version deprecation](#platform-versions-retired).
+ Based on Amazon Linux 2017.09.
+ Initial release.

# Fargate Windows platform version change log
<a name="platform-windows-fargate"></a>

The following are the available platform versions for Windows containers.

## 1.0.0
<a name="platform-version-w1-0"></a>

The following is the changelog for platform version `1.0.0`.
+ Initial release for support on the following Microsoft Windows Server operating systems:
  + Windows Server 2019 Full
  + Windows Server 2019 Core
  + Windows Server 2022 Full
  + Windows Server 2022 Core