How can I run a Docker container in AWS Elastic Beanstalk with non-default run parameters?

Question

I have a Docker container that runs great on my local development machine. I would like to move this to AWS Elastic Beanstalk, but I am run

Answer 1

Add file .ebextensions/01-commands.config

container_commands:
    00001-docker-privileged: command: 'sed -i "s/docker run -d/docker run --privileged -d/" /opt/elasticbeanstalk/hooks/appdeploy/pre/04run.sh'

I am also using s3fs

Answer 2

Thanks elijahchancey for answer it was much helpful. I would just like to add small comment:

Elasticbeanstalk is now using ECS tasks to deploy and manage application cluster. There is very important paragraph in Multicontainer Docker Configuration docs (which I originally missed).

The following examples show a subset of parameters that are commonly used. More optional parameters are available. For more information on the task definition format and a full list of task definition parameters, see Amazon ECS Task Definitions in the Amazon ECS Developer Guide.

So the document is not complete reference but it just shows typical entries and you are supposed to find more elsewhere. This has quite major impact because now (2018) you are able to specify more options and you don't need to hack ebextensions any more. Only thing you need to do is to use task parameter in containerDefinitions of your multi docker Dockerrun.aws.json.

This is not mentioned in single docker containers but one can try and verify...

Example of multi docker Dockerrun.aws.json with extra cap:

{
  "AWSEBDockerrunVersion": 2,
  "containerDefinitions": [
    {
      "name": "service1",
      "image": "myapp/service1:latest",
      "essential": true,
      "memoryReservation": 128,
      "portMappings": [
        {
          "hostPort": 8080,
          "containerPort": 8080
        }
      ],
      "linuxParameters": {
        "capabilities": {
          "add": [
            "SYS_PTRACE"
          ]
        }
      }
    }
  ]
}

Answer 3

You can now add capabilities using the task definition. Here are the docs: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html

This is specifically what you would add to your task definition:

"linuxParameters": {
    "capabilities": {
      "add": [
        "SYS_PTRACE"
      ]
    }
  },

Answer 4

If you are using the latest version of aws docker stack (docker 1.7.1 for example), you'll need to slightly modify the above answer. Try this:

commands:
    00001_add_privileged:
        cwd: /tmp
        command: 'sed -i "s/docker run -d/docker run --privileged -d/" /opt/elasticbeanstalk/hooks/appdeploy/enact/00run.sh'

Notice the change of location && name of the run script