in ecs-init/docker/docker.go [278:321]
func (c *client) getContainerConfig(envVarsFromFiles map[string]string) *godocker.Config {
// default environment variables
envVariables := map[string]string{
"ECS_LOGFILE": logDir + "/" + config.AgentLogFile,
"ECS_DATADIR": dataDir,
"ECS_AGENT_CONFIG_FILE_PATH": config.AgentJSONConfigFile(),
"ECS_UPDATE_DOWNLOAD_DIR": config.CacheDirectory(),
"ECS_UPDATES_ENABLED": "true",
"ECS_AVAILABLE_LOGGING_DRIVERS": `["json-file","syslog","awslogs","fluentd","none"]`,
"ECS_ENABLE_TASK_IAM_ROLE": "true",
"ECS_ENABLE_TASK_IAM_ROLE_NETWORK_HOST": "true",
"ECS_AGENT_LABELS": "",
"ECS_VOLUME_PLUGIN_CAPABILITIES": `["efsAuth"]`,
}
// for al, al2 add host ssl cert directory envvar if available
if certDir := config.HostCertsDirPath(); certDir != "" {
envVariables["SSL_CERT_DIR"] = certDir
}
// merge in platform-specific environment variables
for envKey, envValue := range getPlatformSpecificEnvVariables() {
envVariables[envKey] = envValue
}
for key, val := range envVarsFromFiles {
envVariables[key] = val
}
if config.RunningInExternal() {
// Task networking is not supported when not running on EC2. Explicitly disable since it's enabled by default.
envVariables["ECS_ENABLE_TASK_ENI"] = "false"
}
var env []string
for envKey, envValue := range envVariables {
env = append(env, envKey+"="+envValue)
}
cfg := &godocker.Config{
Env: env,
Image: config.AgentImageName,
}
setLabels(cfg, envVariables["ECS_AGENT_LABELS"])
return cfg
}