Skip to main content

ECS update container timeout

ECS update container timeout modifies the start and stop timeouts for ECS containers in Amazon ECS clusters. The fault allows you to specify the duration for which the containers should be allowed to start or stop before they are considered failed.

ECS Update Container Timeout

Use cases

ECS update container timeout:

  • Tests the resilience of ECS tasks and their containers to timeouts during updates or deployments.
  • Verifies the behavior of ECS tasks and their containers when the start or stop timeout is exceeded during updates or deployments.
  • Tests the recovery mechanisms of the ECS service and container instances in case of timeouts.
  • Simulates scenarios where containers take longer than expected to start or stop.
  • Evaluates the impact of above-mentioned scenarios on the overall application availability and performance.


  • Kubernetes >= 1.17
  • ECS cluster running with the desired tasks and containers and familiarity with ECS service update and deployment concepts.
  • Create a Kubernetes secret that has the AWS access configuration(key) in the CHAOS_NAMESPACE. Below is a sample secret file:
apiVersion: v1
kind: Secret
name: cloud-secret
type: Opaque
cloud_config.yml: |-
# Add the cloud AWS credentials respectively
aws_access_key_id = XXXXXXXXXXXXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXXX
  • It is recommended to use the same secret name, that is, cloud-secret. Otherwise, you will need to update the AWS_SHARED_CREDENTIALS_FILE environment variable in the fault template and you may be unable to use the default health check probes.

Permissions required

Here is an example AWS policy to execute the fault.

"Version": "2012-10-17",
"Statement": [
"Effect": "Allow",
"Action": [
"Resource": "*"
"Effect": "Allow",
"Action": [
"Resource": "*"

Mandatory tunables

Tunable Description Notes
CLUSTER_NAME Name of the target ECS cluster. For example, cluster-1.
SERVICE_NAME Name of the ECS service under chaos. For example, nginx-svc.
REGION Region name of the target ECS cluster For example, us-east-1.

Optional tunables

Tunable Description Notes
TOTAL_CHAOS_DURATION Duration that you specify, through which chaos is injected into the target resource (in seconds). Defaults to 30s.
CHAOS_INTERVAL Interval between successive instance terminations (in seconds). Defaults to 30s.
AWS_SHARED_CREDENTIALS_FILE Path to the AWS secret credentials. Defaults to /tmp/cloud_config.yml.
START_TIMEOUT This is the maximum amount of time that ECS allows for a container to start successfully. If the container fails to start within this timeout period, ECS marks the task as failed and may trigger a restart or rescheduling of the task. It is specified in seconds, and its default value is set to 3,600 seconds if not provided.
STOP_TIMEOUT This is the maximum amount of time that ECS allows for a container to stop gracefully. If the container does not stop within the STOP_TIMEOUT period, ECS forcefully terminates the container, which may result in data loss or other undesirable consequen It is specified in seconds, and its default value is set to 3,600 seconds if not provided.
RAMP_TIME Period to wait before and after injecting chaos (in seconds). For example, 30s.

Start and stop timeout

The start and stop timeout for the task containers. Tune it by using the START_TIMEOUT and STOP_TIMEOUT environment variable. Its default value is set to 3,600 seconds.

The following YAML snippet illustrates the use of this environment variable:

# set start and stop timeout for the target container
kind: ChaosEngine
name: aws-nginx
engineState: "active"
annotationCheck: "false"
chaosServiceAccount: litmus-admin
- name: ecs-update-container-timeout
# Provide the start and stop timeout for the ecs container
value: '30'
value: '30'
- name: REGION
value: 'us-east-2'
VALUE: '60'