aws-cdk-lib 2.160.0__py3-none-any.whl → 2.161.0__py3-none-any.whl

aws_cdk/aws_ecs/__init__.py

@@ -631,6 +631,23 @@ task_definition.add_container("container",
 )
 ```
 
+### Restart policy
+
+To enable a restart policy for the container, set `enableRestartPolicy` to true and also specify
+`restartIgnoredExitCodes` and `restartAttemptPeriod` if necessary.
+
+```python
+# task_definition: ecs.TaskDefinition
+
+
+task_definition.add_container("container",
+    image=ecs.ContainerImage.from_registry("amazon/amazon-ecs-sample"),
+    enable_restart_policy=True,
+    restart_ignored_exit_codes=[0, 127],
+    restart_attempt_period=Duration.seconds(360)
+)
+```
+
 ## Docker labels
 
 You can add labels to the container with the `dockerLabels` property or with the `addDockerLabel` method:
@@ -6166,6 +6183,10 @@ class CfnCapacityProvider(
         ) -> None:
             '''The managed scaling settings for the Auto Scaling group capacity provider.
 
+            When managed scaling is turned on, Amazon ECS manages the scale-in and scale-out actions of the Auto Scaling group. Amazon ECS manages a target tracking scaling policy using an Amazon ECS managed CloudWatch metric with the specified ``targetCapacity`` value as the target value for the metric. For more information, see `Using managed scaling <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/asg-capacity-providers.html#asg-capacity-providers-managed-scaling>`_ in the *Amazon Elastic Container Service Developer Guide* .
+
+            If managed scaling is off, the user must manage the scaling of the Auto Scaling group.
+
             :param instance_warmup_period: The period of time, in seconds, after a newly launched Amazon EC2 instance can contribute to CloudWatch metrics for Auto Scaling group. If this parameter is omitted, the default value of ``300`` seconds is used.
             :param maximum_scaling_step_size: The maximum number of Amazon EC2 instances that Amazon ECS will scale out at one time. If this parameter is omitted, the default value of ``10000`` is used.
             :param minimum_scaling_step_size: The minimum number of Amazon EC2 instances that Amazon ECS will scale out at one time. The scale in process is not affected by this parameter If this parameter is omitted, the default value of ``1`` is used. When additional capacity is required, Amazon ECS will scale up the minimum scaling step size even if the actual demand is less than the minimum scaling step size. If you use a capacity provider with an Auto Scaling group configured with more than one Amazon EC2 instance type or Availability Zone, Amazon ECS will scale up by the exact minimum scaling step size value and will ignore both the maximum scaling step size as well as the capacity demand.
@@ -9631,7 +9652,7 @@ class CfnService(
             - For tasks that are on AWS Fargate , because you don't have access to the underlying infrastructure your tasks are hosted on, any additional software needed must be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to.
 
             :param log_driver: The log driver to use for the container. For tasks on AWS Fargate , the supported log drivers are ``awslogs`` , ``splunk`` , and ``awsfirelens`` . For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs`` , ``fluentd`` , ``gelf`` , ``json-file`` , ``journald`` , ``syslog`` , ``splunk`` , and ``awsfirelens`` . For more information about using the ``awslogs`` log driver, see `Send Amazon ECS logs to CloudWatch <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html>`_ in the *Amazon Elastic Container Service Developer Guide* . For more information about using the ``awsfirelens`` log driver, see `Send Amazon ECS logs to an AWS service or AWS Partner <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html>`_ . .. epigraph:: If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's `available on GitHub <https://docs.aws.amazon.com/https://github.com/aws/amazon-ecs-agent>`_ and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software.
-            :param options: The configuration options to send to the log driver. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``
+            :param options: The configuration options to send to the log driver. The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following: - **awslogs-create-group** - Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to ``false`` . .. epigraph:: Your IAM policy must include the ``logs:CreateLogGroup`` permission before you attempt to use ``awslogs-create-group`` . - **awslogs-region** - Required: Yes Specify the AWS Region that the ``awslogs`` log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. - **awslogs-group** - Required: Yes Make sure to specify a log group that the ``awslogs`` log driver sends its log streams to. - **awslogs-stream-prefix** - Required: Yes, when using the Fargate launch type.Optional for the EC2 launch type, required for the Fargate launch type. Use the ``awslogs-stream-prefix`` option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format ``prefix-name/container-name/ecs-task-id`` . If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. - **awslogs-datetime-format** - Required: No This option defines a multiline start pattern in Python ``strftime`` format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see `awslogs-datetime-format <https://docs.aws.amazon.com/https://docs.docker.com/config/containers/logging/awslogs/#awslogs-datetime-format>`_ . You cannot configure both the ``awslogs-datetime-format`` and ``awslogs-multiline-pattern`` options. .. epigraph:: Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. - **awslogs-multiline-pattern** - Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see `awslogs-multiline-pattern <https://docs.aws.amazon.com/https://docs.docker.com/config/containers/logging/awslogs/#awslogs-multiline-pattern>`_ . This option is ignored if ``awslogs-datetime-format`` is also configured. You cannot configure both the ``awslogs-datetime-format`` and ``awslogs-multiline-pattern`` options. .. epigraph:: Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. - **mode** - Required: No Valid values: ``non-blocking`` | ``blocking`` This option defines the delivery mode of log messages from the container to CloudWatch Logs. The delivery mode you choose affects application availability when the flow of logs from container to CloudWatch is interrupted. If you use the ``blocking`` mode and the flow of logs to CloudWatch is interrupted, calls from container code to write to the ``stdout`` and ``stderr`` streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the ``non-blocking`` mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the ``max-buffer-size`` option. This prevents the application from becoming unresponsive when logs cannot be sent to CloudWatch. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see `Preventing log loss with non-blocking mode in the ``awslogs`` container log driver <https://docs.aws.amazon.com/containers/preventing-log-loss-with-non-blocking-mode-in-the-awslogs-container-log-driver/>`_ . - **max-buffer-size** - Required: No Default value: ``1m`` When ``non-blocking`` mode is used, the ``max-buffer-size`` log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url`` . When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker. Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream`` . When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream`` . When you export logs to Amazon OpenSearch Service, you can specify options like ``Name`` , ``Host`` (OpenSearch Service endpoint without protocol), ``Port`` , ``Index`` , ``Type`` , ``Aws_auth`` , ``Aws_region`` , ``Suppress_Type_Name`` , and ``tls`` . When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region`` , ``total_file_size`` , ``upload_timeout`` , and ``use_put_object`` as options. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``
             :param secret_options: The secrets to pass to the log configuration. For more information, see `Specifying sensitive data <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-logconfiguration.html
@@ -9693,6 +9714,87 @@ class CfnService(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]]:
             '''The configuration options to send to the log driver.
 
+            The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following:
+
+            - **awslogs-create-group** - Required: No
+
+            Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to ``false`` .
+            .. epigraph::
+
+               Your IAM policy must include the ``logs:CreateLogGroup`` permission before you attempt to use ``awslogs-create-group`` .
+
+            - **awslogs-region** - Required: Yes
+
+            Specify the AWS Region that the ``awslogs`` log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option.
+
+            - **awslogs-group** - Required: Yes
+
+            Make sure to specify a log group that the ``awslogs`` log driver sends its log streams to.
+
+            - **awslogs-stream-prefix** - Required: Yes, when using the Fargate launch type.Optional for the EC2 launch type, required for the Fargate launch type.
+
+            Use the ``awslogs-stream-prefix`` option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format ``prefix-name/container-name/ecs-task-id`` .
+
+            If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option.
+
+            For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to.
+
+            You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console.
+
+            - **awslogs-datetime-format** - Required: No
+
+            This option defines a multiline start pattern in Python ``strftime`` format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages.
+
+            One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry.
+
+            For more information, see `awslogs-datetime-format <https://docs.aws.amazon.com/https://docs.docker.com/config/containers/logging/awslogs/#awslogs-datetime-format>`_ .
+
+            You cannot configure both the ``awslogs-datetime-format`` and ``awslogs-multiline-pattern`` options.
+            .. epigraph::
+
+               Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance.
+
+            - **awslogs-multiline-pattern** - Required: No
+
+            This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages.
+
+            For more information, see `awslogs-multiline-pattern <https://docs.aws.amazon.com/https://docs.docker.com/config/containers/logging/awslogs/#awslogs-multiline-pattern>`_ .
+
+            This option is ignored if ``awslogs-datetime-format`` is also configured.
+
+            You cannot configure both the ``awslogs-datetime-format`` and ``awslogs-multiline-pattern`` options.
+            .. epigraph::
+
+               Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance.
+
+            - **mode** - Required: No
+
+            Valid values: ``non-blocking`` | ``blocking``
+
+            This option defines the delivery mode of log messages from the container to CloudWatch Logs. The delivery mode you choose affects application availability when the flow of logs from container to CloudWatch is interrupted.
+
+            If you use the ``blocking`` mode and the flow of logs to CloudWatch is interrupted, calls from container code to write to the ``stdout`` and ``stderr`` streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure.
+
+            If you use the ``non-blocking`` mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the ``max-buffer-size`` option. This prevents the application from becoming unresponsive when logs cannot be sent to CloudWatch. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see `Preventing log loss with non-blocking mode in the ``awslogs`` container log driver <https://docs.aws.amazon.com/containers/preventing-log-loss-with-non-blocking-mode-in-the-awslogs-container-log-driver/>`_ .
+
+            - **max-buffer-size** - Required: No
+
+            Default value: ``1m``
+
+            When ``non-blocking`` mode is used, the ``max-buffer-size`` log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost.
+
+            To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url`` .
+
+            When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker.
+
+            Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream`` .
+
+            When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream`` .
+
+            When you export logs to Amazon OpenSearch Service, you can specify options like ``Name`` , ``Host`` (OpenSearch Service endpoint without protocol), ``Port`` , ``Index`` , ``Type`` , ``Aws_auth`` , ``Aws_region`` , ``Suppress_Type_Name`` , and ``tls`` .
+
+            When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region`` , ``total_file_size`` , ``upload_timeout`` , and ``use_put_object`` as options.
+
             This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-logconfiguration.html#cfn-ecs-service-logconfiguration-options
@@ -15258,7 +15360,7 @@ class CfnTaskDefinition(
             '''The ``LogConfiguration`` property specifies log configuration options to send to a custom log driver for the container.
 
             :param log_driver: The log driver to use for the container. For tasks on AWS Fargate , the supported log drivers are ``awslogs`` , ``splunk`` , and ``awsfirelens`` . For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs`` , ``fluentd`` , ``gelf`` , ``json-file`` , ``journald`` , ``syslog`` , ``splunk`` , and ``awsfirelens`` . For more information about using the ``awslogs`` log driver, see `Send Amazon ECS logs to CloudWatch <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html>`_ in the *Amazon Elastic Container Service Developer Guide* . For more information about using the ``awsfirelens`` log driver, see `Send Amazon ECS logs to an AWS service or AWS Partner <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html>`_ . .. epigraph:: If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's `available on GitHub <https://docs.aws.amazon.com/https://github.com/aws/amazon-ecs-agent>`_ and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software.
-            :param options: The configuration options to send to the log driver. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``
+            :param options: The configuration options to send to the log driver. The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following: - **awslogs-create-group** - Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to ``false`` . .. epigraph:: Your IAM policy must include the ``logs:CreateLogGroup`` permission before you attempt to use ``awslogs-create-group`` . - **awslogs-region** - Required: Yes Specify the AWS Region that the ``awslogs`` log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. - **awslogs-group** - Required: Yes Make sure to specify a log group that the ``awslogs`` log driver sends its log streams to. - **awslogs-stream-prefix** - Required: Yes, when using the Fargate launch type.Optional for the EC2 launch type, required for the Fargate launch type. Use the ``awslogs-stream-prefix`` option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format ``prefix-name/container-name/ecs-task-id`` . If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. - **awslogs-datetime-format** - Required: No This option defines a multiline start pattern in Python ``strftime`` format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see `awslogs-datetime-format <https://docs.aws.amazon.com/https://docs.docker.com/config/containers/logging/awslogs/#awslogs-datetime-format>`_ . You cannot configure both the ``awslogs-datetime-format`` and ``awslogs-multiline-pattern`` options. .. epigraph:: Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. - **awslogs-multiline-pattern** - Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see `awslogs-multiline-pattern <https://docs.aws.amazon.com/https://docs.docker.com/config/containers/logging/awslogs/#awslogs-multiline-pattern>`_ . This option is ignored if ``awslogs-datetime-format`` is also configured. You cannot configure both the ``awslogs-datetime-format`` and ``awslogs-multiline-pattern`` options. .. epigraph:: Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. - **mode** - Required: No Valid values: ``non-blocking`` | ``blocking`` This option defines the delivery mode of log messages from the container to CloudWatch Logs. The delivery mode you choose affects application availability when the flow of logs from container to CloudWatch is interrupted. If you use the ``blocking`` mode and the flow of logs to CloudWatch is interrupted, calls from container code to write to the ``stdout`` and ``stderr`` streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the ``non-blocking`` mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the ``max-buffer-size`` option. This prevents the application from becoming unresponsive when logs cannot be sent to CloudWatch. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see `Preventing log loss with non-blocking mode in the ``awslogs`` container log driver <https://docs.aws.amazon.com/containers/preventing-log-loss-with-non-blocking-mode-in-the-awslogs-container-log-driver/>`_ . - **max-buffer-size** - Required: No Default value: ``1m`` When ``non-blocking`` mode is used, the ``max-buffer-size`` log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url`` . When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker. Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream`` . When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream`` . When you export logs to Amazon OpenSearch Service, you can specify options like ``Name`` , ``Host`` (OpenSearch Service endpoint without protocol), ``Port`` , ``Index`` , ``Type`` , ``Aws_auth`` , ``Aws_region`` , ``Suppress_Type_Name`` , and ``tls`` . When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region`` , ``total_file_size`` , ``upload_timeout`` , and ``use_put_object`` as options. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``
             :param secret_options: The secrets to pass to the log configuration. For more information, see `Specifying sensitive data <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-logconfiguration.html
@@ -15323,6 +15425,87 @@ class CfnTaskDefinition(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]]:
             '''The configuration options to send to the log driver.
 
+            The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following:
+
+            - **awslogs-create-group** - Required: No
+
+            Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to ``false`` .
+            .. epigraph::
+
+               Your IAM policy must include the ``logs:CreateLogGroup`` permission before you attempt to use ``awslogs-create-group`` .
+
+            - **awslogs-region** - Required: Yes
+
+            Specify the AWS Region that the ``awslogs`` log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option.
+
+            - **awslogs-group** - Required: Yes
+
+            Make sure to specify a log group that the ``awslogs`` log driver sends its log streams to.
+
+            - **awslogs-stream-prefix** - Required: Yes, when using the Fargate launch type.Optional for the EC2 launch type, required for the Fargate launch type.
+
+            Use the ``awslogs-stream-prefix`` option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format ``prefix-name/container-name/ecs-task-id`` .
+
+            If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option.
+
+            For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to.
+
+            You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console.
+
+            - **awslogs-datetime-format** - Required: No
+
+            This option defines a multiline start pattern in Python ``strftime`` format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages.
+
+            One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry.
+
+            For more information, see `awslogs-datetime-format <https://docs.aws.amazon.com/https://docs.docker.com/config/containers/logging/awslogs/#awslogs-datetime-format>`_ .
+
+            You cannot configure both the ``awslogs-datetime-format`` and ``awslogs-multiline-pattern`` options.
+            .. epigraph::
+
+               Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance.
+
+            - **awslogs-multiline-pattern** - Required: No
+
+            This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages.
+
+            For more information, see `awslogs-multiline-pattern <https://docs.aws.amazon.com/https://docs.docker.com/config/containers/logging/awslogs/#awslogs-multiline-pattern>`_ .
+
+            This option is ignored if ``awslogs-datetime-format`` is also configured.
+
+            You cannot configure both the ``awslogs-datetime-format`` and ``awslogs-multiline-pattern`` options.
+            .. epigraph::
+
+               Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance.
+
+            - **mode** - Required: No
+
+            Valid values: ``non-blocking`` | ``blocking``
+
+            This option defines the delivery mode of log messages from the container to CloudWatch Logs. The delivery mode you choose affects application availability when the flow of logs from container to CloudWatch is interrupted.
+
+            If you use the ``blocking`` mode and the flow of logs to CloudWatch is interrupted, calls from container code to write to the ``stdout`` and ``stderr`` streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure.
+
+            If you use the ``non-blocking`` mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the ``max-buffer-size`` option. This prevents the application from becoming unresponsive when logs cannot be sent to CloudWatch. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see `Preventing log loss with non-blocking mode in the ``awslogs`` container log driver <https://docs.aws.amazon.com/containers/preventing-log-loss-with-non-blocking-mode-in-the-awslogs-container-log-driver/>`_ .
+
+            - **max-buffer-size** - Required: No
+
+            Default value: ``1m``
+
+            When ``non-blocking`` mode is used, the ``max-buffer-size`` log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost.
+
+            To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url`` .
+
+            When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker.
+
+            Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream`` .
+
+            When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream`` .
+
+            When you export logs to Amazon OpenSearch Service, you can specify options like ``Name`` , ``Host`` (OpenSearch Service endpoint without protocol), ``Port`` , ``Index`` , ``Type`` , ``Aws_auth`` , ``Aws_region`` , ``Suppress_Type_Name`` , and ``tls`` .
+
+            When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region`` , ``total_file_size`` , ``upload_timeout`` , and ``use_put_object`` as options.
+
             This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-logconfiguration.html#cfn-ecs-taskdefinition-logconfiguration-options
@@ -19557,6 +19740,7 @@ class ContainerDefinition(
         dns_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
         docker_labels: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
         docker_security_options: typing.Optional[typing.Sequence[builtins.str]] = None,
+        enable_restart_policy: typing.Optional[builtins.bool] = None,
         entry_point: typing.Optional[typing.Sequence[builtins.str]] = None,
         environment: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
         environment_files: typing.Optional[typing.Sequence["EnvironmentFile"]] = None,
@@ -19575,6 +19759,8 @@ class ContainerDefinition(
         privileged: typing.Optional[builtins.bool] = None,
         pseudo_terminal: typing.Optional[builtins.bool] = None,
         readonly_root_filesystem: typing.Optional[builtins.bool] = None,
+        restart_attempt_period: typing.Optional[_Duration_4839e8c3] = None,
+        restart_ignored_exit_codes: typing.Optional[typing.Sequence[jsii.Number]] = None,
         secrets: typing.Optional[typing.Mapping[builtins.str, "Secret"]] = None,
         start_timeout: typing.Optional[_Duration_4839e8c3] = None,
         stop_timeout: typing.Optional[_Duration_4839e8c3] = None,
@@ -19598,6 +19784,7 @@ class ContainerDefinition(
         :param dns_servers: A list of DNS servers that are presented to the container. Default: - Default DNS servers.
         :param docker_labels: A key/value map of labels to add to the container. Default: - No labels.
         :param docker_security_options: A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems. Default: - No security labels.
+        :param enable_restart_policy: Enable a restart policy for a container. When you set up a restart policy, Amazon ECS can restart the container without needing to replace the task. Default: - false unless ``restartIgnoredExitCodes`` or ``restartAttemptPeriod`` is set.
         :param entry_point: The ENTRYPOINT value to pass to the container. Default: - Entry point configured in container.
         :param environment: The environment variables to pass to the container. Default: - No environment variables.
         :param environment_files: The environment files to pass to the container. Default: - No environment files.
@@ -19616,6 +19803,8 @@ class ContainerDefinition(
         :param privileged: Specifies whether the container is marked as privileged. When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user). Default: false
         :param pseudo_terminal: When this parameter is true, a TTY is allocated. This parameter maps to Tty in the "Create a container section" of the Docker Remote API and the --tty option to ``docker run``. Default: - false
         :param readonly_root_filesystem: When this parameter is true, the container is given read-only access to its root file system. Default: false
+        :param restart_attempt_period: A period of time that the container must run for before a restart can be attempted. A container can be restarted only once every ``restartAttemptPeriod`` seconds. If a container isn't able to run for this time period and exits early, it will not be restarted. This property can't be used if ``enableRestartPolicy`` is set to false. You can set a minimum ``restartAttemptPeriod`` of 60 seconds and a maximum ``restartAttemptPeriod`` of 1800 seconds. Default: - Duration.seconds(300) if ``enableRestartPolicy`` is true, otherwise no period.
+        :param restart_ignored_exit_codes: A list of exit codes that Amazon ECS will ignore and not attempt a restart on. This property can't be used if ``enableRestartPolicy`` is set to false. You can specify a maximum of 50 container exit codes. Default: - No exit codes are ignored.
         :param secrets: The secret environment variables to pass to the container. Default: - No secret environment variables.
         :param start_timeout: Time duration (in seconds) to wait before giving up on resolving dependencies for a container. Default: - none
         :param stop_timeout: Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own. Default: - none
@@ -19640,6 +19829,7 @@ class ContainerDefinition(
             dns_servers=dns_servers,
             docker_labels=docker_labels,
             docker_security_options=docker_security_options,
+            enable_restart_policy=enable_restart_policy,
             entry_point=entry_point,
             environment=environment,
             environment_files=environment_files,
@@ -19658,6 +19848,8 @@ class ContainerDefinition(
             privileged=privileged,
             pseudo_terminal=pseudo_terminal,
             readonly_root_filesystem=readonly_root_filesystem,
+            restart_attempt_period=restart_attempt_period,
+            restart_ignored_exit_codes=restart_ignored_exit_codes,
             secrets=secrets,
             start_timeout=start_timeout,
             stop_timeout=stop_timeout,
@@ -20034,6 +20226,7 @@ class ContainerDefinition(
         "dns_servers": "dnsServers",
         "docker_labels": "dockerLabels",
         "docker_security_options": "dockerSecurityOptions",
+        "enable_restart_policy": "enableRestartPolicy",
         "entry_point": "entryPoint",
         "environment": "environment",
         "environment_files": "environmentFiles",
@@ -20052,6 +20245,8 @@ class ContainerDefinition(
         "privileged": "privileged",
         "pseudo_terminal": "pseudoTerminal",
         "readonly_root_filesystem": "readonlyRootFilesystem",
+        "restart_attempt_period": "restartAttemptPeriod",
+        "restart_ignored_exit_codes": "restartIgnoredExitCodes",
         "secrets": "secrets",
         "start_timeout": "startTimeout",
         "stop_timeout": "stopTimeout",
@@ -20075,6 +20270,7 @@ class ContainerDefinitionOptions:
         dns_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
         docker_labels: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
         docker_security_options: typing.Optional[typing.Sequence[builtins.str]] = None,
+        enable_restart_policy: typing.Optional[builtins.bool] = None,
         entry_point: typing.Optional[typing.Sequence[builtins.str]] = None,
         environment: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
         environment_files: typing.Optional[typing.Sequence["EnvironmentFile"]] = None,
@@ -20093,6 +20289,8 @@ class ContainerDefinitionOptions:
         privileged: typing.Optional[builtins.bool] = None,
         pseudo_terminal: typing.Optional[builtins.bool] = None,
         readonly_root_filesystem: typing.Optional[builtins.bool] = None,
+        restart_attempt_period: typing.Optional[_Duration_4839e8c3] = None,
+        restart_ignored_exit_codes: typing.Optional[typing.Sequence[jsii.Number]] = None,
         secrets: typing.Optional[typing.Mapping[builtins.str, "Secret"]] = None,
         start_timeout: typing.Optional[_Duration_4839e8c3] = None,
         stop_timeout: typing.Optional[_Duration_4839e8c3] = None,
@@ -20112,6 +20310,7 @@ class ContainerDefinitionOptions:
         :param dns_servers: A list of DNS servers that are presented to the container. Default: - Default DNS servers.
         :param docker_labels: A key/value map of labels to add to the container. Default: - No labels.
         :param docker_security_options: A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems. Default: - No security labels.
+        :param enable_restart_policy: Enable a restart policy for a container. When you set up a restart policy, Amazon ECS can restart the container without needing to replace the task. Default: - false unless ``restartIgnoredExitCodes`` or ``restartAttemptPeriod`` is set.
         :param entry_point: The ENTRYPOINT value to pass to the container. Default: - Entry point configured in container.
         :param environment: The environment variables to pass to the container. Default: - No environment variables.
         :param environment_files: The environment files to pass to the container. Default: - No environment files.
@@ -20130,6 +20329,8 @@ class ContainerDefinitionOptions:
         :param privileged: Specifies whether the container is marked as privileged. When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user). Default: false
         :param pseudo_terminal: When this parameter is true, a TTY is allocated. This parameter maps to Tty in the "Create a container section" of the Docker Remote API and the --tty option to ``docker run``. Default: - false
         :param readonly_root_filesystem: When this parameter is true, the container is given read-only access to its root file system. Default: false
+        :param restart_attempt_period: A period of time that the container must run for before a restart can be attempted. A container can be restarted only once every ``restartAttemptPeriod`` seconds. If a container isn't able to run for this time period and exits early, it will not be restarted. This property can't be used if ``enableRestartPolicy`` is set to false. You can set a minimum ``restartAttemptPeriod`` of 60 seconds and a maximum ``restartAttemptPeriod`` of 1800 seconds. Default: - Duration.seconds(300) if ``enableRestartPolicy`` is true, otherwise no period.
+        :param restart_ignored_exit_codes: A list of exit codes that Amazon ECS will ignore and not attempt a restart on. This property can't be used if ``enableRestartPolicy`` is set to false. You can specify a maximum of 50 container exit codes. Default: - No exit codes are ignored.
         :param secrets: The secret environment variables to pass to the container. Default: - No secret environment variables.
         :param start_timeout: Time duration (in seconds) to wait before giving up on resolving dependencies for a container. Default: - none
         :param stop_timeout: Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own. Default: - none
@@ -20184,6 +20385,7 @@ class ContainerDefinitionOptions:
             check_type(argname="argument dns_servers", value=dns_servers, expected_type=type_hints["dns_servers"])
             check_type(argname="argument docker_labels", value=docker_labels, expected_type=type_hints["docker_labels"])
             check_type(argname="argument docker_security_options", value=docker_security_options, expected_type=type_hints["docker_security_options"])
+            check_type(argname="argument enable_restart_policy", value=enable_restart_policy, expected_type=type_hints["enable_restart_policy"])
             check_type(argname="argument entry_point", value=entry_point, expected_type=type_hints["entry_point"])
             check_type(argname="argument environment", value=environment, expected_type=type_hints["environment"])
             check_type(argname="argument environment_files", value=environment_files, expected_type=type_hints["environment_files"])
@@ -20202,6 +20404,8 @@ class ContainerDefinitionOptions:
             check_type(argname="argument privileged", value=privileged, expected_type=type_hints["privileged"])
             check_type(argname="argument pseudo_terminal", value=pseudo_terminal, expected_type=type_hints["pseudo_terminal"])
             check_type(argname="argument readonly_root_filesystem", value=readonly_root_filesystem, expected_type=type_hints["readonly_root_filesystem"])
+            check_type(argname="argument restart_attempt_period", value=restart_attempt_period, expected_type=type_hints["restart_attempt_period"])
+            check_type(argname="argument restart_ignored_exit_codes", value=restart_ignored_exit_codes, expected_type=type_hints["restart_ignored_exit_codes"])
             check_type(argname="argument secrets", value=secrets, expected_type=type_hints["secrets"])
             check_type(argname="argument start_timeout", value=start_timeout, expected_type=type_hints["start_timeout"])
             check_type(argname="argument stop_timeout", value=stop_timeout, expected_type=type_hints["stop_timeout"])
@@ -20230,6 +20434,8 @@ class ContainerDefinitionOptions:
             self._values["docker_labels"] = docker_labels
         if docker_security_options is not None:
             self._values["docker_security_options"] = docker_security_options
+        if enable_restart_policy is not None:
+            self._values["enable_restart_policy"] = enable_restart_policy
         if entry_point is not None:
             self._values["entry_point"] = entry_point
         if environment is not None:
@@ -20266,6 +20472,10 @@ class ContainerDefinitionOptions:
             self._values["pseudo_terminal"] = pseudo_terminal
         if readonly_root_filesystem is not None:
             self._values["readonly_root_filesystem"] = readonly_root_filesystem
+        if restart_attempt_period is not None:
+            self._values["restart_attempt_period"] = restart_attempt_period
+        if restart_ignored_exit_codes is not None:
+            self._values["restart_ignored_exit_codes"] = restart_ignored_exit_codes
         if secrets is not None:
             self._values["secrets"] = secrets
         if start_timeout is not None:
@@ -20385,6 +20595,19 @@ class ContainerDefinitionOptions:
         result = self._values.get("docker_security_options")
         return typing.cast(typing.Optional[typing.List[builtins.str]], result)
 
+    @builtins.property
+    def enable_restart_policy(self) -> typing.Optional[builtins.bool]:
+        '''Enable a restart policy for a container.
+
+        When you set up a restart policy, Amazon ECS can restart the container without needing to replace the task.
+
+        :default: - false unless ``restartIgnoredExitCodes`` or ``restartAttemptPeriod`` is set.
+
+        :see: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/container-restart-policy.html
+        '''
+        result = self._values.get("enable_restart_policy")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
     @builtins.property
     def entry_point(self) -> typing.Optional[typing.List[builtins.str]]:
         '''The ENTRYPOINT value to pass to the container.
@@ -20588,6 +20811,36 @@ class ContainerDefinitionOptions:
         result = self._values.get("readonly_root_filesystem")
         return typing.cast(typing.Optional[builtins.bool], result)
 
+    @builtins.property
+    def restart_attempt_period(self) -> typing.Optional[_Duration_4839e8c3]:
+        '''A period of time that the container must run for before a restart can be attempted.
+
+        A container can be restarted only once every ``restartAttemptPeriod`` seconds.
+        If a container isn't able to run for this time period and exits early, it will not be restarted.
+
+        This property can't be used if ``enableRestartPolicy`` is set to false.
+
+        You can set a minimum ``restartAttemptPeriod`` of 60 seconds and a maximum ``restartAttemptPeriod``
+        of 1800 seconds.
+
+        :default: - Duration.seconds(300) if ``enableRestartPolicy`` is true, otherwise no period.
+        '''
+        result = self._values.get("restart_attempt_period")
+        return typing.cast(typing.Optional[_Duration_4839e8c3], result)
+
+    @builtins.property
+    def restart_ignored_exit_codes(self) -> typing.Optional[typing.List[jsii.Number]]:
+        '''A list of exit codes that Amazon ECS will ignore and not attempt a restart on.
+
+        This property can't be used if ``enableRestartPolicy`` is set to false.
+
+        You can specify a maximum of 50 container exit codes.
+
+        :default: - No exit codes are ignored.
+        '''
+        result = self._values.get("restart_ignored_exit_codes")
+        return typing.cast(typing.Optional[typing.List[jsii.Number]], result)
+
     @builtins.property
     def secrets(self) -> typing.Optional[typing.Mapping[builtins.str, "Secret"]]:
         '''The secret environment variables to pass to the container.
@@ -20680,6 +20933,7 @@ class ContainerDefinitionOptions:
         "dns_servers": "dnsServers",
         "docker_labels": "dockerLabels",
         "docker_security_options": "dockerSecurityOptions",
+        "enable_restart_policy": "enableRestartPolicy",
         "entry_point": "entryPoint",
         "environment": "environment",
         "environment_files": "environmentFiles",
@@ -20698,6 +20952,8 @@ class ContainerDefinitionOptions:
         "privileged": "privileged",
         "pseudo_terminal": "pseudoTerminal",
         "readonly_root_filesystem": "readonlyRootFilesystem",
+        "restart_attempt_period": "restartAttemptPeriod",
+        "restart_ignored_exit_codes": "restartIgnoredExitCodes",
         "secrets": "secrets",
         "start_timeout": "startTimeout",
         "stop_timeout": "stopTimeout",
@@ -20722,6 +20978,7 @@ class ContainerDefinitionProps(ContainerDefinitionOptions):
         dns_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
         docker_labels: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
         docker_security_options: typing.Optional[typing.Sequence[builtins.str]] = None,
+        enable_restart_policy: typing.Optional[builtins.bool] = None,
         entry_point: typing.Optional[typing.Sequence[builtins.str]] = None,
         environment: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
         environment_files: typing.Optional[typing.Sequence["EnvironmentFile"]] = None,
@@ -20740,6 +20997,8 @@ class ContainerDefinitionProps(ContainerDefinitionOptions):
         privileged: typing.Optional[builtins.bool] = None,
         pseudo_terminal: typing.Optional[builtins.bool] = None,
         readonly_root_filesystem: typing.Optional[builtins.bool] = None,
+        restart_attempt_period: typing.Optional[_Duration_4839e8c3] = None,
+        restart_ignored_exit_codes: typing.Optional[typing.Sequence[jsii.Number]] = None,
         secrets: typing.Optional[typing.Mapping[builtins.str, "Secret"]] = None,
         start_timeout: typing.Optional[_Duration_4839e8c3] = None,
         stop_timeout: typing.Optional[_Duration_4839e8c3] = None,
@@ -20761,6 +21020,7 @@ class ContainerDefinitionProps(ContainerDefinitionOptions):
         :param dns_servers: A list of DNS servers that are presented to the container. Default: - Default DNS servers.
         :param docker_labels: A key/value map of labels to add to the container. Default: - No labels.
         :param docker_security_options: A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems. Default: - No security labels.
+        :param enable_restart_policy: Enable a restart policy for a container. When you set up a restart policy, Amazon ECS can restart the container without needing to replace the task. Default: - false unless ``restartIgnoredExitCodes`` or ``restartAttemptPeriod`` is set.
         :param entry_point: The ENTRYPOINT value to pass to the container. Default: - Entry point configured in container.
         :param environment: The environment variables to pass to the container. Default: - No environment variables.
         :param environment_files: The environment files to pass to the container. Default: - No environment files.
@@ -20779,6 +21039,8 @@ class ContainerDefinitionProps(ContainerDefinitionOptions):
         :param privileged: Specifies whether the container is marked as privileged. When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user). Default: false
         :param pseudo_terminal: When this parameter is true, a TTY is allocated. This parameter maps to Tty in the "Create a container section" of the Docker Remote API and the --tty option to ``docker run``. Default: - false
         :param readonly_root_filesystem: When this parameter is true, the container is given read-only access to its root file system. Default: false
+        :param restart_attempt_period: A period of time that the container must run for before a restart can be attempted. A container can be restarted only once every ``restartAttemptPeriod`` seconds. If a container isn't able to run for this time period and exits early, it will not be restarted. This property can't be used if ``enableRestartPolicy`` is set to false. You can set a minimum ``restartAttemptPeriod`` of 60 seconds and a maximum ``restartAttemptPeriod`` of 1800 seconds. Default: - Duration.seconds(300) if ``enableRestartPolicy`` is true, otherwise no period.
+        :param restart_ignored_exit_codes: A list of exit codes that Amazon ECS will ignore and not attempt a restart on. This property can't be used if ``enableRestartPolicy`` is set to false. You can specify a maximum of 50 container exit codes. Default: - No exit codes are ignored.
         :param secrets: The secret environment variables to pass to the container. Default: - No secret environment variables.
         :param start_timeout: Time duration (in seconds) to wait before giving up on resolving dependencies for a container. Default: - none
         :param stop_timeout: Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own. Default: - none
@@ -20822,6 +21084,7 @@ class ContainerDefinitionProps(ContainerDefinitionOptions):
                     "docker_labels_key": "dockerLabels"
                 },
                 docker_security_options=["dockerSecurityOptions"],
+                enable_restart_policy=False,
                 entry_point=["entryPoint"],
                 environment={
                     "environment_key": "environment"
@@ -20861,6 +21124,8 @@ class ContainerDefinitionProps(ContainerDefinitionOptions):
                 privileged=False,
                 pseudo_terminal=False,
                 readonly_root_filesystem=False,
+                restart_attempt_period=cdk.Duration.minutes(30),
+                restart_ignored_exit_codes=[123],
                 secrets={
                     "secrets_key": secret
                 },
@@ -20893,6 +21158,7 @@ class ContainerDefinitionProps(ContainerDefinitionOptions):
             check_type(argname="argument dns_servers", value=dns_servers, expected_type=type_hints["dns_servers"])
             check_type(argname="argument docker_labels", value=docker_labels, expected_type=type_hints["docker_labels"])
             check_type(argname="argument docker_security_options", value=docker_security_options, expected_type=type_hints["docker_security_options"])
+            check_type(argname="argument enable_restart_policy", value=enable_restart_policy, expected_type=type_hints["enable_restart_policy"])
             check_type(argname="argument entry_point", value=entry_point, expected_type=type_hints["entry_point"])
             check_type(argname="argument environment", value=environment, expected_type=type_hints["environment"])
             check_type(argname="argument environment_files", value=environment_files, expected_type=type_hints["environment_files"])
@@ -20911,6 +21177,8 @@ class ContainerDefinitionProps(ContainerDefinitionOptions):
             check_type(argname="argument privileged", value=privileged, expected_type=type_hints["privileged"])
             check_type(argname="argument pseudo_terminal", value=pseudo_terminal, expected_type=type_hints["pseudo_terminal"])
             check_type(argname="argument readonly_root_filesystem", value=readonly_root_filesystem, expected_type=type_hints["readonly_root_filesystem"])
+            check_type(argname="argument restart_attempt_period", value=restart_attempt_period, expected_type=type_hints["restart_attempt_period"])
+            check_type(argname="argument restart_ignored_exit_codes", value=restart_ignored_exit_codes, expected_type=type_hints["restart_ignored_exit_codes"])
             check_type(argname="argument secrets", value=secrets, expected_type=type_hints["secrets"])
             check_type(argname="argument start_timeout", value=start_timeout, expected_type=type_hints["start_timeout"])
             check_type(argname="argument stop_timeout", value=stop_timeout, expected_type=type_hints["stop_timeout"])
@@ -20941,6 +21209,8 @@ class ContainerDefinitionProps(ContainerDefinitionOptions):
             self._values["docker_labels"] = docker_labels
         if docker_security_options is not None:
             self._values["docker_security_options"] = docker_security_options
+        if enable_restart_policy is not None:
+            self._values["enable_restart_policy"] = enable_restart_policy
         if entry_point is not None:
             self._values["entry_point"] = entry_point
         if environment is not None:
@@ -20977,6 +21247,10 @@ class ContainerDefinitionProps(ContainerDefinitionOptions):
             self._values["pseudo_terminal"] = pseudo_terminal
         if readonly_root_filesystem is not None:
             self._values["readonly_root_filesystem"] = readonly_root_filesystem
+        if restart_attempt_period is not None:
+            self._values["restart_attempt_period"] = restart_attempt_period
+        if restart_ignored_exit_codes is not None:
+            self._values["restart_ignored_exit_codes"] = restart_ignored_exit_codes
         if secrets is not None:
             self._values["secrets"] = secrets
         if start_timeout is not None:
@@ -21096,6 +21370,19 @@ class ContainerDefinitionProps(ContainerDefinitionOptions):
         result = self._values.get("docker_security_options")
         return typing.cast(typing.Optional[typing.List[builtins.str]], result)
 
+    @builtins.property
+    def enable_restart_policy(self) -> typing.Optional[builtins.bool]:
+        '''Enable a restart policy for a container.
+
+        When you set up a restart policy, Amazon ECS can restart the container without needing to replace the task.
+
+        :default: - false unless ``restartIgnoredExitCodes`` or ``restartAttemptPeriod`` is set.
+
+        :see: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/container-restart-policy.html
+        '''
+        result = self._values.get("enable_restart_policy")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
     @builtins.property
     def entry_point(self) -> typing.Optional[typing.List[builtins.str]]:
         '''The ENTRYPOINT value to pass to the container.
@@ -21299,6 +21586,36 @@ class ContainerDefinitionProps(ContainerDefinitionOptions):
         result = self._values.get("readonly_root_filesystem")
         return typing.cast(typing.Optional[builtins.bool], result)
 
+    @builtins.property
+    def restart_attempt_period(self) -> typing.Optional[_Duration_4839e8c3]:
+        '''A period of time that the container must run for before a restart can be attempted.
+
+        A container can be restarted only once every ``restartAttemptPeriod`` seconds.
+        If a container isn't able to run for this time period and exits early, it will not be restarted.
+
+        This property can't be used if ``enableRestartPolicy`` is set to false.
+
+        You can set a minimum ``restartAttemptPeriod`` of 60 seconds and a maximum ``restartAttemptPeriod``
+        of 1800 seconds.
+
+        :default: - Duration.seconds(300) if ``enableRestartPolicy`` is true, otherwise no period.
+        '''
+        result = self._values.get("restart_attempt_period")
+        return typing.cast(typing.Optional[_Duration_4839e8c3], result)
+
+    @builtins.property
+    def restart_ignored_exit_codes(self) -> typing.Optional[typing.List[jsii.Number]]:
+        '''A list of exit codes that Amazon ECS will ignore and not attempt a restart on.
+
+        This property can't be used if ``enableRestartPolicy`` is set to false.
+
+        You can specify a maximum of 50 container exit codes.
+
+        :default: - No exit codes are ignored.
+        '''
+        result = self._values.get("restart_ignored_exit_codes")
+        return typing.cast(typing.Optional[typing.List[jsii.Number]], result)
+
     @builtins.property
     def secrets(self) -> typing.Optional[typing.Mapping[builtins.str, "Secret"]]:
         '''The secret environment variables to pass to the container.
@@ -26929,6 +27246,7 @@ class FirelensLogRouter(
                 "docker_labels_key": "dockerLabels"
             },
             docker_security_options=["dockerSecurityOptions"],
+            enable_restart_policy=False,
             entry_point=["entryPoint"],
             environment={
                 "environment_key": "environment"
@@ -26968,6 +27286,8 @@ class FirelensLogRouter(
             privileged=False,
             pseudo_terminal=False,
             readonly_root_filesystem=False,
+            restart_attempt_period=cdk.Duration.minutes(30),
+            restart_ignored_exit_codes=[123],
             secrets={
                 "secrets_key": secret
             },
@@ -27004,6 +27324,7 @@ class FirelensLogRouter(
         dns_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
         docker_labels: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
         docker_security_options: typing.Optional[typing.Sequence[builtins.str]] = None,
+        enable_restart_policy: typing.Optional[builtins.bool] = None,
         entry_point: typing.Optional[typing.Sequence[builtins.str]] = None,
         environment: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
         environment_files: typing.Optional[typing.Sequence[EnvironmentFile]] = None,
@@ -27022,6 +27343,8 @@ class FirelensLogRouter(
         privileged: typing.Optional[builtins.bool] = None,
         pseudo_terminal: typing.Optional[builtins.bool] = None,
         readonly_root_filesystem: typing.Optional[builtins.bool] = None,
+        restart_attempt_period: typing.Optional[_Duration_4839e8c3] = None,
+        restart_ignored_exit_codes: typing.Optional[typing.Sequence[jsii.Number]] = None,
         secrets: typing.Optional[typing.Mapping[builtins.str, "Secret"]] = None,
         start_timeout: typing.Optional[_Duration_4839e8c3] = None,
         stop_timeout: typing.Optional[_Duration_4839e8c3] = None,
@@ -27046,6 +27369,7 @@ class FirelensLogRouter(
         :param dns_servers: A list of DNS servers that are presented to the container. Default: - Default DNS servers.
         :param docker_labels: A key/value map of labels to add to the container. Default: - No labels.
         :param docker_security_options: A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems. Default: - No security labels.
+        :param enable_restart_policy: Enable a restart policy for a container. When you set up a restart policy, Amazon ECS can restart the container without needing to replace the task. Default: - false unless ``restartIgnoredExitCodes`` or ``restartAttemptPeriod`` is set.
         :param entry_point: The ENTRYPOINT value to pass to the container. Default: - Entry point configured in container.
         :param environment: The environment variables to pass to the container. Default: - No environment variables.
         :param environment_files: The environment files to pass to the container. Default: - No environment files.
@@ -27064,6 +27388,8 @@ class FirelensLogRouter(
         :param privileged: Specifies whether the container is marked as privileged. When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user). Default: false
         :param pseudo_terminal: When this parameter is true, a TTY is allocated. This parameter maps to Tty in the "Create a container section" of the Docker Remote API and the --tty option to ``docker run``. Default: - false
         :param readonly_root_filesystem: When this parameter is true, the container is given read-only access to its root file system. Default: false
+        :param restart_attempt_period: A period of time that the container must run for before a restart can be attempted. A container can be restarted only once every ``restartAttemptPeriod`` seconds. If a container isn't able to run for this time period and exits early, it will not be restarted. This property can't be used if ``enableRestartPolicy`` is set to false. You can set a minimum ``restartAttemptPeriod`` of 60 seconds and a maximum ``restartAttemptPeriod`` of 1800 seconds. Default: - Duration.seconds(300) if ``enableRestartPolicy`` is true, otherwise no period.
+        :param restart_ignored_exit_codes: A list of exit codes that Amazon ECS will ignore and not attempt a restart on. This property can't be used if ``enableRestartPolicy`` is set to false. You can specify a maximum of 50 container exit codes. Default: - No exit codes are ignored.
         :param secrets: The secret environment variables to pass to the container. Default: - No secret environment variables.
         :param start_timeout: Time duration (in seconds) to wait before giving up on resolving dependencies for a container. Default: - none
         :param stop_timeout: Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own. Default: - none
@@ -27089,6 +27415,7 @@ class FirelensLogRouter(
             dns_servers=dns_servers,
             docker_labels=docker_labels,
             docker_security_options=docker_security_options,
+            enable_restart_policy=enable_restart_policy,
             entry_point=entry_point,
             environment=environment,
             environment_files=environment_files,
@@ -27107,6 +27434,8 @@ class FirelensLogRouter(
             privileged=privileged,
             pseudo_terminal=pseudo_terminal,
             readonly_root_filesystem=readonly_root_filesystem,
+            restart_attempt_period=restart_attempt_period,
+            restart_ignored_exit_codes=restart_ignored_exit_codes,
             secrets=secrets,
             start_timeout=start_timeout,
             stop_timeout=stop_timeout,
@@ -27153,6 +27482,7 @@ class FirelensLogRouter(
         "dns_servers": "dnsServers",
         "docker_labels": "dockerLabels",
         "docker_security_options": "dockerSecurityOptions",
+        "enable_restart_policy": "enableRestartPolicy",
         "entry_point": "entryPoint",
         "environment": "environment",
         "environment_files": "environmentFiles",
@@ -27171,6 +27501,8 @@ class FirelensLogRouter(
         "privileged": "privileged",
         "pseudo_terminal": "pseudoTerminal",
         "readonly_root_filesystem": "readonlyRootFilesystem",
+        "restart_attempt_period": "restartAttemptPeriod",
+        "restart_ignored_exit_codes": "restartIgnoredExitCodes",
         "secrets": "secrets",
         "start_timeout": "startTimeout",
         "stop_timeout": "stopTimeout",
@@ -27195,6 +27527,7 @@ class FirelensLogRouterDefinitionOptions(ContainerDefinitionOptions):
         dns_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
         docker_labels: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
         docker_security_options: typing.Optional[typing.Sequence[builtins.str]] = None,
+        enable_restart_policy: typing.Optional[builtins.bool] = None,
         entry_point: typing.Optional[typing.Sequence[builtins.str]] = None,
         environment: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
         environment_files: typing.Optional[typing.Sequence[EnvironmentFile]] = None,
@@ -27213,6 +27546,8 @@ class FirelensLogRouterDefinitionOptions(ContainerDefinitionOptions):
         privileged: typing.Optional[builtins.bool] = None,
         pseudo_terminal: typing.Optional[builtins.bool] = None,
         readonly_root_filesystem: typing.Optional[builtins.bool] = None,
+        restart_attempt_period: typing.Optional[_Duration_4839e8c3] = None,
+        restart_ignored_exit_codes: typing.Optional[typing.Sequence[jsii.Number]] = None,
         secrets: typing.Optional[typing.Mapping[builtins.str, "Secret"]] = None,
         start_timeout: typing.Optional[_Duration_4839e8c3] = None,
         stop_timeout: typing.Optional[_Duration_4839e8c3] = None,
@@ -27234,6 +27569,7 @@ class FirelensLogRouterDefinitionOptions(ContainerDefinitionOptions):
         :param dns_servers: A list of DNS servers that are presented to the container. Default: - Default DNS servers.
         :param docker_labels: A key/value map of labels to add to the container. Default: - No labels.
         :param docker_security_options: A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems. Default: - No security labels.
+        :param enable_restart_policy: Enable a restart policy for a container. When you set up a restart policy, Amazon ECS can restart the container without needing to replace the task. Default: - false unless ``restartIgnoredExitCodes`` or ``restartAttemptPeriod`` is set.
         :param entry_point: The ENTRYPOINT value to pass to the container. Default: - Entry point configured in container.
         :param environment: The environment variables to pass to the container. Default: - No environment variables.
         :param environment_files: The environment files to pass to the container. Default: - No environment files.
@@ -27252,6 +27588,8 @@ class FirelensLogRouterDefinitionOptions(ContainerDefinitionOptions):
         :param privileged: Specifies whether the container is marked as privileged. When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user). Default: false
         :param pseudo_terminal: When this parameter is true, a TTY is allocated. This parameter maps to Tty in the "Create a container section" of the Docker Remote API and the --tty option to ``docker run``. Default: - false
         :param readonly_root_filesystem: When this parameter is true, the container is given read-only access to its root file system. Default: false
+        :param restart_attempt_period: A period of time that the container must run for before a restart can be attempted. A container can be restarted only once every ``restartAttemptPeriod`` seconds. If a container isn't able to run for this time period and exits early, it will not be restarted. This property can't be used if ``enableRestartPolicy`` is set to false. You can set a minimum ``restartAttemptPeriod`` of 60 seconds and a maximum ``restartAttemptPeriod`` of 1800 seconds. Default: - Duration.seconds(300) if ``enableRestartPolicy`` is true, otherwise no period.
+        :param restart_ignored_exit_codes: A list of exit codes that Amazon ECS will ignore and not attempt a restart on. This property can't be used if ``enableRestartPolicy`` is set to false. You can specify a maximum of 50 container exit codes. Default: - No exit codes are ignored.
         :param secrets: The secret environment variables to pass to the container. Default: - No secret environment variables.
         :param start_timeout: Time duration (in seconds) to wait before giving up on resolving dependencies for a container. Default: - none
         :param stop_timeout: Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own. Default: - none
@@ -27303,6 +27641,7 @@ class FirelensLogRouterDefinitionOptions(ContainerDefinitionOptions):
                     "docker_labels_key": "dockerLabels"
                 },
                 docker_security_options=["dockerSecurityOptions"],
+                enable_restart_policy=False,
                 entry_point=["entryPoint"],
                 environment={
                     "environment_key": "environment"
@@ -27342,6 +27681,8 @@ class FirelensLogRouterDefinitionOptions(ContainerDefinitionOptions):
                 privileged=False,
                 pseudo_terminal=False,
                 readonly_root_filesystem=False,
+                restart_attempt_period=cdk.Duration.minutes(30),
+                restart_ignored_exit_codes=[123],
                 secrets={
                     "secrets_key": secret
                 },
@@ -27376,6 +27717,7 @@ class FirelensLogRouterDefinitionOptions(ContainerDefinitionOptions):
             check_type(argname="argument dns_servers", value=dns_servers, expected_type=type_hints["dns_servers"])
             check_type(argname="argument docker_labels", value=docker_labels, expected_type=type_hints["docker_labels"])
             check_type(argname="argument docker_security_options", value=docker_security_options, expected_type=type_hints["docker_security_options"])
+            check_type(argname="argument enable_restart_policy", value=enable_restart_policy, expected_type=type_hints["enable_restart_policy"])
             check_type(argname="argument entry_point", value=entry_point, expected_type=type_hints["entry_point"])
             check_type(argname="argument environment", value=environment, expected_type=type_hints["environment"])
             check_type(argname="argument environment_files", value=environment_files, expected_type=type_hints["environment_files"])
@@ -27394,6 +27736,8 @@ class FirelensLogRouterDefinitionOptions(ContainerDefinitionOptions):
             check_type(argname="argument privileged", value=privileged, expected_type=type_hints["privileged"])
             check_type(argname="argument pseudo_terminal", value=pseudo_terminal, expected_type=type_hints["pseudo_terminal"])
             check_type(argname="argument readonly_root_filesystem", value=readonly_root_filesystem, expected_type=type_hints["readonly_root_filesystem"])
+            check_type(argname="argument restart_attempt_period", value=restart_attempt_period, expected_type=type_hints["restart_attempt_period"])
+            check_type(argname="argument restart_ignored_exit_codes", value=restart_ignored_exit_codes, expected_type=type_hints["restart_ignored_exit_codes"])
             check_type(argname="argument secrets", value=secrets, expected_type=type_hints["secrets"])
             check_type(argname="argument start_timeout", value=start_timeout, expected_type=type_hints["start_timeout"])
             check_type(argname="argument stop_timeout", value=stop_timeout, expected_type=type_hints["stop_timeout"])
@@ -27424,6 +27768,8 @@ class FirelensLogRouterDefinitionOptions(ContainerDefinitionOptions):
             self._values["docker_labels"] = docker_labels
         if docker_security_options is not None:
             self._values["docker_security_options"] = docker_security_options
+        if enable_restart_policy is not None:
+            self._values["enable_restart_policy"] = enable_restart_policy
         if entry_point is not None:
             self._values["entry_point"] = entry_point
         if environment is not None:
@@ -27460,6 +27806,10 @@ class FirelensLogRouterDefinitionOptions(ContainerDefinitionOptions):
             self._values["pseudo_terminal"] = pseudo_terminal
         if readonly_root_filesystem is not None:
             self._values["readonly_root_filesystem"] = readonly_root_filesystem
+        if restart_attempt_period is not None:
+            self._values["restart_attempt_period"] = restart_attempt_period
+        if restart_ignored_exit_codes is not None:
+            self._values["restart_ignored_exit_codes"] = restart_ignored_exit_codes
         if secrets is not None:
             self._values["secrets"] = secrets
         if start_timeout is not None:
@@ -27579,6 +27929,19 @@ class FirelensLogRouterDefinitionOptions(ContainerDefinitionOptions):
         result = self._values.get("docker_security_options")
         return typing.cast(typing.Optional[typing.List[builtins.str]], result)
 
+    @builtins.property
+    def enable_restart_policy(self) -> typing.Optional[builtins.bool]:
+        '''Enable a restart policy for a container.
+
+        When you set up a restart policy, Amazon ECS can restart the container without needing to replace the task.
+
+        :default: - false unless ``restartIgnoredExitCodes`` or ``restartAttemptPeriod`` is set.
+
+        :see: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/container-restart-policy.html
+        '''
+        result = self._values.get("enable_restart_policy")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
     @builtins.property
     def entry_point(self) -> typing.Optional[typing.List[builtins.str]]:
         '''The ENTRYPOINT value to pass to the container.
@@ -27782,6 +28145,36 @@ class FirelensLogRouterDefinitionOptions(ContainerDefinitionOptions):
         result = self._values.get("readonly_root_filesystem")
         return typing.cast(typing.Optional[builtins.bool], result)
 
+    @builtins.property
+    def restart_attempt_period(self) -> typing.Optional[_Duration_4839e8c3]:
+        '''A period of time that the container must run for before a restart can be attempted.
+
+        A container can be restarted only once every ``restartAttemptPeriod`` seconds.
+        If a container isn't able to run for this time period and exits early, it will not be restarted.
+
+        This property can't be used if ``enableRestartPolicy`` is set to false.
+
+        You can set a minimum ``restartAttemptPeriod`` of 60 seconds and a maximum ``restartAttemptPeriod``
+        of 1800 seconds.
+
+        :default: - Duration.seconds(300) if ``enableRestartPolicy`` is true, otherwise no period.
+        '''
+        result = self._values.get("restart_attempt_period")
+        return typing.cast(typing.Optional[_Duration_4839e8c3], result)
+
+    @builtins.property
+    def restart_ignored_exit_codes(self) -> typing.Optional[typing.List[jsii.Number]]:
+        '''A list of exit codes that Amazon ECS will ignore and not attempt a restart on.
+
+        This property can't be used if ``enableRestartPolicy`` is set to false.
+
+        You can specify a maximum of 50 container exit codes.
+
+        :default: - No exit codes are ignored.
+        '''
+        result = self._values.get("restart_ignored_exit_codes")
+        return typing.cast(typing.Optional[typing.List[jsii.Number]], result)
+
     @builtins.property
     def secrets(self) -> typing.Optional[typing.Mapping[builtins.str, "Secret"]]:
         '''The secret environment variables to pass to the container.
@@ -27881,6 +28274,7 @@ class FirelensLogRouterDefinitionOptions(ContainerDefinitionOptions):
         "dns_servers": "dnsServers",
         "docker_labels": "dockerLabels",
         "docker_security_options": "dockerSecurityOptions",
+        "enable_restart_policy": "enableRestartPolicy",
         "entry_point": "entryPoint",
         "environment": "environment",
         "environment_files": "environmentFiles",
@@ -27899,6 +28293,8 @@ class FirelensLogRouterDefinitionOptions(ContainerDefinitionOptions):
         "privileged": "privileged",
         "pseudo_terminal": "pseudoTerminal",
         "readonly_root_filesystem": "readonlyRootFilesystem",
+        "restart_attempt_period": "restartAttemptPeriod",
+        "restart_ignored_exit_codes": "restartIgnoredExitCodes",
         "secrets": "secrets",
         "start_timeout": "startTimeout",
         "stop_timeout": "stopTimeout",
@@ -27924,6 +28320,7 @@ class FirelensLogRouterProps(ContainerDefinitionProps):
         dns_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
         docker_labels: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
         docker_security_options: typing.Optional[typing.Sequence[builtins.str]] = None,
+        enable_restart_policy: typing.Optional[builtins.bool] = None,
         entry_point: typing.Optional[typing.Sequence[builtins.str]] = None,
         environment: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
         environment_files: typing.Optional[typing.Sequence[EnvironmentFile]] = None,
@@ -27942,6 +28339,8 @@ class FirelensLogRouterProps(ContainerDefinitionProps):
         privileged: typing.Optional[builtins.bool] = None,
         pseudo_terminal: typing.Optional[builtins.bool] = None,
         readonly_root_filesystem: typing.Optional[builtins.bool] = None,
+        restart_attempt_period: typing.Optional[_Duration_4839e8c3] = None,
+        restart_ignored_exit_codes: typing.Optional[typing.Sequence[jsii.Number]] = None,
         secrets: typing.Optional[typing.Mapping[builtins.str, "Secret"]] = None,
         start_timeout: typing.Optional[_Duration_4839e8c3] = None,
         stop_timeout: typing.Optional[_Duration_4839e8c3] = None,
@@ -27964,6 +28363,7 @@ class FirelensLogRouterProps(ContainerDefinitionProps):
         :param dns_servers: A list of DNS servers that are presented to the container. Default: - Default DNS servers.
         :param docker_labels: A key/value map of labels to add to the container. Default: - No labels.
         :param docker_security_options: A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems. Default: - No security labels.
+        :param enable_restart_policy: Enable a restart policy for a container. When you set up a restart policy, Amazon ECS can restart the container without needing to replace the task. Default: - false unless ``restartIgnoredExitCodes`` or ``restartAttemptPeriod`` is set.
         :param entry_point: The ENTRYPOINT value to pass to the container. Default: - Entry point configured in container.
         :param environment: The environment variables to pass to the container. Default: - No environment variables.
         :param environment_files: The environment files to pass to the container. Default: - No environment files.
@@ -27982,6 +28382,8 @@ class FirelensLogRouterProps(ContainerDefinitionProps):
         :param privileged: Specifies whether the container is marked as privileged. When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user). Default: false
         :param pseudo_terminal: When this parameter is true, a TTY is allocated. This parameter maps to Tty in the "Create a container section" of the Docker Remote API and the --tty option to ``docker run``. Default: - false
         :param readonly_root_filesystem: When this parameter is true, the container is given read-only access to its root file system. Default: false
+        :param restart_attempt_period: A period of time that the container must run for before a restart can be attempted. A container can be restarted only once every ``restartAttemptPeriod`` seconds. If a container isn't able to run for this time period and exits early, it will not be restarted. This property can't be used if ``enableRestartPolicy`` is set to false. You can set a minimum ``restartAttemptPeriod`` of 60 seconds and a maximum ``restartAttemptPeriod`` of 1800 seconds. Default: - Duration.seconds(300) if ``enableRestartPolicy`` is true, otherwise no period.
+        :param restart_ignored_exit_codes: A list of exit codes that Amazon ECS will ignore and not attempt a restart on. This property can't be used if ``enableRestartPolicy`` is set to false. You can specify a maximum of 50 container exit codes. Default: - No exit codes are ignored.
         :param secrets: The secret environment variables to pass to the container. Default: - No secret environment variables.
         :param start_timeout: Time duration (in seconds) to wait before giving up on resolving dependencies for a container. Default: - none
         :param stop_timeout: Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own. Default: - none
@@ -28036,6 +28438,7 @@ class FirelensLogRouterProps(ContainerDefinitionProps):
                     "docker_labels_key": "dockerLabels"
                 },
                 docker_security_options=["dockerSecurityOptions"],
+                enable_restart_policy=False,
                 entry_point=["entryPoint"],
                 environment={
                     "environment_key": "environment"
@@ -28075,6 +28478,8 @@ class FirelensLogRouterProps(ContainerDefinitionProps):
                 privileged=False,
                 pseudo_terminal=False,
                 readonly_root_filesystem=False,
+                restart_attempt_period=cdk.Duration.minutes(30),
+                restart_ignored_exit_codes=[123],
                 secrets={
                     "secrets_key": secret
                 },
@@ -28109,6 +28514,7 @@ class FirelensLogRouterProps(ContainerDefinitionProps):
             check_type(argname="argument dns_servers", value=dns_servers, expected_type=type_hints["dns_servers"])
             check_type(argname="argument docker_labels", value=docker_labels, expected_type=type_hints["docker_labels"])
             check_type(argname="argument docker_security_options", value=docker_security_options, expected_type=type_hints["docker_security_options"])
+            check_type(argname="argument enable_restart_policy", value=enable_restart_policy, expected_type=type_hints["enable_restart_policy"])
             check_type(argname="argument entry_point", value=entry_point, expected_type=type_hints["entry_point"])
             check_type(argname="argument environment", value=environment, expected_type=type_hints["environment"])
             check_type(argname="argument environment_files", value=environment_files, expected_type=type_hints["environment_files"])
@@ -28127,6 +28533,8 @@ class FirelensLogRouterProps(ContainerDefinitionProps):
             check_type(argname="argument privileged", value=privileged, expected_type=type_hints["privileged"])
             check_type(argname="argument pseudo_terminal", value=pseudo_terminal, expected_type=type_hints["pseudo_terminal"])
             check_type(argname="argument readonly_root_filesystem", value=readonly_root_filesystem, expected_type=type_hints["readonly_root_filesystem"])
+            check_type(argname="argument restart_attempt_period", value=restart_attempt_period, expected_type=type_hints["restart_attempt_period"])
+            check_type(argname="argument restart_ignored_exit_codes", value=restart_ignored_exit_codes, expected_type=type_hints["restart_ignored_exit_codes"])
             check_type(argname="argument secrets", value=secrets, expected_type=type_hints["secrets"])
             check_type(argname="argument start_timeout", value=start_timeout, expected_type=type_hints["start_timeout"])
             check_type(argname="argument stop_timeout", value=stop_timeout, expected_type=type_hints["stop_timeout"])
@@ -28159,6 +28567,8 @@ class FirelensLogRouterProps(ContainerDefinitionProps):
             self._values["docker_labels"] = docker_labels
         if docker_security_options is not None:
             self._values["docker_security_options"] = docker_security_options
+        if enable_restart_policy is not None:
+            self._values["enable_restart_policy"] = enable_restart_policy
         if entry_point is not None:
             self._values["entry_point"] = entry_point
         if environment is not None:
@@ -28195,6 +28605,10 @@ class FirelensLogRouterProps(ContainerDefinitionProps):
             self._values["pseudo_terminal"] = pseudo_terminal
         if readonly_root_filesystem is not None:
             self._values["readonly_root_filesystem"] = readonly_root_filesystem
+        if restart_attempt_period is not None:
+            self._values["restart_attempt_period"] = restart_attempt_period
+        if restart_ignored_exit_codes is not None:
+            self._values["restart_ignored_exit_codes"] = restart_ignored_exit_codes
         if secrets is not None:
             self._values["secrets"] = secrets
         if start_timeout is not None:
@@ -28314,6 +28728,19 @@ class FirelensLogRouterProps(ContainerDefinitionProps):
         result = self._values.get("docker_security_options")
         return typing.cast(typing.Optional[typing.List[builtins.str]], result)
 
+    @builtins.property
+    def enable_restart_policy(self) -> typing.Optional[builtins.bool]:
+        '''Enable a restart policy for a container.
+
+        When you set up a restart policy, Amazon ECS can restart the container without needing to replace the task.
+
+        :default: - false unless ``restartIgnoredExitCodes`` or ``restartAttemptPeriod`` is set.
+
+        :see: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/container-restart-policy.html
+        '''
+        result = self._values.get("enable_restart_policy")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
     @builtins.property
     def entry_point(self) -> typing.Optional[typing.List[builtins.str]]:
         '''The ENTRYPOINT value to pass to the container.
@@ -28517,6 +28944,36 @@ class FirelensLogRouterProps(ContainerDefinitionProps):
         result = self._values.get("readonly_root_filesystem")
         return typing.cast(typing.Optional[builtins.bool], result)
 
+    @builtins.property
+    def restart_attempt_period(self) -> typing.Optional[_Duration_4839e8c3]:
+        '''A period of time that the container must run for before a restart can be attempted.
+
+        A container can be restarted only once every ``restartAttemptPeriod`` seconds.
+        If a container isn't able to run for this time period and exits early, it will not be restarted.
+
+        This property can't be used if ``enableRestartPolicy`` is set to false.
+
+        You can set a minimum ``restartAttemptPeriod`` of 60 seconds and a maximum ``restartAttemptPeriod``
+        of 1800 seconds.
+
+        :default: - Duration.seconds(300) if ``enableRestartPolicy`` is true, otherwise no period.
+        '''
+        result = self._values.get("restart_attempt_period")
+        return typing.cast(typing.Optional[_Duration_4839e8c3], result)
+
+    @builtins.property
+    def restart_ignored_exit_codes(self) -> typing.Optional[typing.List[jsii.Number]]:
+        '''A list of exit codes that Amazon ECS will ignore and not attempt a restart on.
+
+        This property can't be used if ``enableRestartPolicy`` is set to false.
+
+        You can specify a maximum of 50 container exit codes.
+
+        :default: - No exit codes are ignored.
+        '''
+        result = self._values.get("restart_ignored_exit_codes")
+        return typing.cast(typing.Optional[typing.List[jsii.Number]], result)
+
     @builtins.property
     def secrets(self) -> typing.Optional[typing.Mapping[builtins.str, "Secret"]]:
         '''The secret environment variables to pass to the container.
@@ -35618,6 +36075,7 @@ class TaskDefinition(
         dns_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
         docker_labels: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
         docker_security_options: typing.Optional[typing.Sequence[builtins.str]] = None,
+        enable_restart_policy: typing.Optional[builtins.bool] = None,
         entry_point: typing.Optional[typing.Sequence[builtins.str]] = None,
         environment: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
         environment_files: typing.Optional[typing.Sequence[EnvironmentFile]] = None,
@@ -35636,6 +36094,8 @@ class TaskDefinition(
         privileged: typing.Optional[builtins.bool] = None,
         pseudo_terminal: typing.Optional[builtins.bool] = None,
         readonly_root_filesystem: typing.Optional[builtins.bool] = None,
+        restart_attempt_period: typing.Optional[_Duration_4839e8c3] = None,
+        restart_ignored_exit_codes: typing.Optional[typing.Sequence[jsii.Number]] = None,
         secrets: typing.Optional[typing.Mapping[builtins.str, Secret]] = None,
         start_timeout: typing.Optional[_Duration_4839e8c3] = None,
         stop_timeout: typing.Optional[_Duration_4839e8c3] = None,
@@ -35657,6 +36117,7 @@ class TaskDefinition(
         :param dns_servers: A list of DNS servers that are presented to the container. Default: - Default DNS servers.
         :param docker_labels: A key/value map of labels to add to the container. Default: - No labels.
         :param docker_security_options: A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems. Default: - No security labels.
+        :param enable_restart_policy: Enable a restart policy for a container. When you set up a restart policy, Amazon ECS can restart the container without needing to replace the task. Default: - false unless ``restartIgnoredExitCodes`` or ``restartAttemptPeriod`` is set.
         :param entry_point: The ENTRYPOINT value to pass to the container. Default: - Entry point configured in container.
         :param environment: The environment variables to pass to the container. Default: - No environment variables.
         :param environment_files: The environment files to pass to the container. Default: - No environment files.
@@ -35675,6 +36136,8 @@ class TaskDefinition(
         :param privileged: Specifies whether the container is marked as privileged. When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user). Default: false
         :param pseudo_terminal: When this parameter is true, a TTY is allocated. This parameter maps to Tty in the "Create a container section" of the Docker Remote API and the --tty option to ``docker run``. Default: - false
         :param readonly_root_filesystem: When this parameter is true, the container is given read-only access to its root file system. Default: false
+        :param restart_attempt_period: A period of time that the container must run for before a restart can be attempted. A container can be restarted only once every ``restartAttemptPeriod`` seconds. If a container isn't able to run for this time period and exits early, it will not be restarted. This property can't be used if ``enableRestartPolicy`` is set to false. You can set a minimum ``restartAttemptPeriod`` of 60 seconds and a maximum ``restartAttemptPeriod`` of 1800 seconds. Default: - Duration.seconds(300) if ``enableRestartPolicy`` is true, otherwise no period.
+        :param restart_ignored_exit_codes: A list of exit codes that Amazon ECS will ignore and not attempt a restart on. This property can't be used if ``enableRestartPolicy`` is set to false. You can specify a maximum of 50 container exit codes. Default: - No exit codes are ignored.
         :param secrets: The secret environment variables to pass to the container. Default: - No secret environment variables.
         :param start_timeout: Time duration (in seconds) to wait before giving up on resolving dependencies for a container. Default: - none
         :param stop_timeout: Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own. Default: - none
@@ -35697,6 +36160,7 @@ class TaskDefinition(
             dns_servers=dns_servers,
             docker_labels=docker_labels,
             docker_security_options=docker_security_options,
+            enable_restart_policy=enable_restart_policy,
             entry_point=entry_point,
             environment=environment,
             environment_files=environment_files,
@@ -35715,6 +36179,8 @@ class TaskDefinition(
             privileged=privileged,
             pseudo_terminal=pseudo_terminal,
             readonly_root_filesystem=readonly_root_filesystem,
+            restart_attempt_period=restart_attempt_period,
+            restart_ignored_exit_codes=restart_ignored_exit_codes,
             secrets=secrets,
             start_timeout=start_timeout,
             stop_timeout=stop_timeout,
@@ -35756,6 +36222,7 @@ class TaskDefinition(
         dns_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
         docker_labels: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
         docker_security_options: typing.Optional[typing.Sequence[builtins.str]] = None,
+        enable_restart_policy: typing.Optional[builtins.bool] = None,
         entry_point: typing.Optional[typing.Sequence[builtins.str]] = None,
         environment: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
         environment_files: typing.Optional[typing.Sequence[EnvironmentFile]] = None,
@@ -35774,6 +36241,8 @@ class TaskDefinition(
         privileged: typing.Optional[builtins.bool] = None,
         pseudo_terminal: typing.Optional[builtins.bool] = None,
         readonly_root_filesystem: typing.Optional[builtins.bool] = None,
+        restart_attempt_period: typing.Optional[_Duration_4839e8c3] = None,
+        restart_ignored_exit_codes: typing.Optional[typing.Sequence[jsii.Number]] = None,
         secrets: typing.Optional[typing.Mapping[builtins.str, Secret]] = None,
         start_timeout: typing.Optional[_Duration_4839e8c3] = None,
         stop_timeout: typing.Optional[_Duration_4839e8c3] = None,
@@ -35796,6 +36265,7 @@ class TaskDefinition(
         :param dns_servers: A list of DNS servers that are presented to the container. Default: - Default DNS servers.
         :param docker_labels: A key/value map of labels to add to the container. Default: - No labels.
         :param docker_security_options: A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems. Default: - No security labels.
+        :param enable_restart_policy: Enable a restart policy for a container. When you set up a restart policy, Amazon ECS can restart the container without needing to replace the task. Default: - false unless ``restartIgnoredExitCodes`` or ``restartAttemptPeriod`` is set.
         :param entry_point: The ENTRYPOINT value to pass to the container. Default: - Entry point configured in container.
         :param environment: The environment variables to pass to the container. Default: - No environment variables.
         :param environment_files: The environment files to pass to the container. Default: - No environment files.
@@ -35814,6 +36284,8 @@ class TaskDefinition(
         :param privileged: Specifies whether the container is marked as privileged. When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user). Default: false
         :param pseudo_terminal: When this parameter is true, a TTY is allocated. This parameter maps to Tty in the "Create a container section" of the Docker Remote API and the --tty option to ``docker run``. Default: - false
         :param readonly_root_filesystem: When this parameter is true, the container is given read-only access to its root file system. Default: false
+        :param restart_attempt_period: A period of time that the container must run for before a restart can be attempted. A container can be restarted only once every ``restartAttemptPeriod`` seconds. If a container isn't able to run for this time period and exits early, it will not be restarted. This property can't be used if ``enableRestartPolicy`` is set to false. You can set a minimum ``restartAttemptPeriod`` of 60 seconds and a maximum ``restartAttemptPeriod`` of 1800 seconds. Default: - Duration.seconds(300) if ``enableRestartPolicy`` is true, otherwise no period.
+        :param restart_ignored_exit_codes: A list of exit codes that Amazon ECS will ignore and not attempt a restart on. This property can't be used if ``enableRestartPolicy`` is set to false. You can specify a maximum of 50 container exit codes. Default: - No exit codes are ignored.
         :param secrets: The secret environment variables to pass to the container. Default: - No secret environment variables.
         :param start_timeout: Time duration (in seconds) to wait before giving up on resolving dependencies for a container. Default: - none
         :param stop_timeout: Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own. Default: - none
@@ -35837,6 +36309,7 @@ class TaskDefinition(
             dns_servers=dns_servers,
             docker_labels=docker_labels,
             docker_security_options=docker_security_options,
+            enable_restart_policy=enable_restart_policy,
             entry_point=entry_point,
             environment=environment,
             environment_files=environment_files,
@@ -35855,6 +36328,8 @@ class TaskDefinition(
             privileged=privileged,
             pseudo_terminal=pseudo_terminal,
             readonly_root_filesystem=readonly_root_filesystem,
+            restart_attempt_period=restart_attempt_period,
+            restart_ignored_exit_codes=restart_ignored_exit_codes,
             secrets=secrets,
             start_timeout=start_timeout,
             stop_timeout=stop_timeout,
@@ -40056,6 +40531,7 @@ class Ec2TaskDefinition(
         dns_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
         docker_labels: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
         docker_security_options: typing.Optional[typing.Sequence[builtins.str]] = None,
+        enable_restart_policy: typing.Optional[builtins.bool] = None,
         entry_point: typing.Optional[typing.Sequence[builtins.str]] = None,
         environment: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
         environment_files: typing.Optional[typing.Sequence[EnvironmentFile]] = None,
@@ -40074,6 +40550,8 @@ class Ec2TaskDefinition(
         privileged: typing.Optional[builtins.bool] = None,
         pseudo_terminal: typing.Optional[builtins.bool] = None,
         readonly_root_filesystem: typing.Optional[builtins.bool] = None,
+        restart_attempt_period: typing.Optional[_Duration_4839e8c3] = None,
+        restart_ignored_exit_codes: typing.Optional[typing.Sequence[jsii.Number]] = None,
         secrets: typing.Optional[typing.Mapping[builtins.str, Secret]] = None,
         start_timeout: typing.Optional[_Duration_4839e8c3] = None,
         stop_timeout: typing.Optional[_Duration_4839e8c3] = None,
@@ -40097,6 +40575,7 @@ class Ec2TaskDefinition(
         :param dns_servers: A list of DNS servers that are presented to the container. Default: - Default DNS servers.
         :param docker_labels: A key/value map of labels to add to the container. Default: - No labels.
         :param docker_security_options: A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems. Default: - No security labels.
+        :param enable_restart_policy: Enable a restart policy for a container. When you set up a restart policy, Amazon ECS can restart the container without needing to replace the task. Default: - false unless ``restartIgnoredExitCodes`` or ``restartAttemptPeriod`` is set.
         :param entry_point: The ENTRYPOINT value to pass to the container. Default: - Entry point configured in container.
         :param environment: The environment variables to pass to the container. Default: - No environment variables.
         :param environment_files: The environment files to pass to the container. Default: - No environment files.
@@ -40115,6 +40594,8 @@ class Ec2TaskDefinition(
         :param privileged: Specifies whether the container is marked as privileged. When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user). Default: false
         :param pseudo_terminal: When this parameter is true, a TTY is allocated. This parameter maps to Tty in the "Create a container section" of the Docker Remote API and the --tty option to ``docker run``. Default: - false
         :param readonly_root_filesystem: When this parameter is true, the container is given read-only access to its root file system. Default: false
+        :param restart_attempt_period: A period of time that the container must run for before a restart can be attempted. A container can be restarted only once every ``restartAttemptPeriod`` seconds. If a container isn't able to run for this time period and exits early, it will not be restarted. This property can't be used if ``enableRestartPolicy`` is set to false. You can set a minimum ``restartAttemptPeriod`` of 60 seconds and a maximum ``restartAttemptPeriod`` of 1800 seconds. Default: - Duration.seconds(300) if ``enableRestartPolicy`` is true, otherwise no period.
+        :param restart_ignored_exit_codes: A list of exit codes that Amazon ECS will ignore and not attempt a restart on. This property can't be used if ``enableRestartPolicy`` is set to false. You can specify a maximum of 50 container exit codes. Default: - No exit codes are ignored.
         :param secrets: The secret environment variables to pass to the container. Default: - No secret environment variables.
         :param start_timeout: Time duration (in seconds) to wait before giving up on resolving dependencies for a container. Default: - none
         :param stop_timeout: Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own. Default: - none
@@ -40137,6 +40618,7 @@ class Ec2TaskDefinition(
             dns_servers=dns_servers,
             docker_labels=docker_labels,
             docker_security_options=docker_security_options,
+            enable_restart_policy=enable_restart_policy,
             entry_point=entry_point,
             environment=environment,
             environment_files=environment_files,
@@ -40155,6 +40637,8 @@ class Ec2TaskDefinition(
             privileged=privileged,
             pseudo_terminal=pseudo_terminal,
             readonly_root_filesystem=readonly_root_filesystem,
+            restart_attempt_period=restart_attempt_period,
+            restart_ignored_exit_codes=restart_ignored_exit_codes,
             secrets=secrets,
             start_timeout=start_timeout,
             stop_timeout=stop_timeout,
@@ -42889,6 +43373,7 @@ def _typecheckingstub__d8756b492e023ad8d33a399196b15b610f709400ce213e179f17dd1f6
     dns_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
     docker_labels: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
     docker_security_options: typing.Optional[typing.Sequence[builtins.str]] = None,
+    enable_restart_policy: typing.Optional[builtins.bool] = None,
     entry_point: typing.Optional[typing.Sequence[builtins.str]] = None,
     environment: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
     environment_files: typing.Optional[typing.Sequence[EnvironmentFile]] = None,
@@ -42907,6 +43392,8 @@ def _typecheckingstub__d8756b492e023ad8d33a399196b15b610f709400ce213e179f17dd1f6
     privileged: typing.Optional[builtins.bool] = None,
     pseudo_terminal: typing.Optional[builtins.bool] = None,
     readonly_root_filesystem: typing.Optional[builtins.bool] = None,
+    restart_attempt_period: typing.Optional[_Duration_4839e8c3] = None,
+    restart_ignored_exit_codes: typing.Optional[typing.Sequence[jsii.Number]] = None,
     secrets: typing.Optional[typing.Mapping[builtins.str, Secret]] = None,
     start_timeout: typing.Optional[_Duration_4839e8c3] = None,
     stop_timeout: typing.Optional[_Duration_4839e8c3] = None,
@@ -43019,6 +43506,7 @@ def _typecheckingstub__f2e5f24c1574825a81dd77783d48886a430a675a0e04f03559eca98b5
     dns_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
     docker_labels: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
     docker_security_options: typing.Optional[typing.Sequence[builtins.str]] = None,
+    enable_restart_policy: typing.Optional[builtins.bool] = None,
     entry_point: typing.Optional[typing.Sequence[builtins.str]] = None,
     environment: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
     environment_files: typing.Optional[typing.Sequence[EnvironmentFile]] = None,
@@ -43037,6 +43525,8 @@ def _typecheckingstub__f2e5f24c1574825a81dd77783d48886a430a675a0e04f03559eca98b5
     privileged: typing.Optional[builtins.bool] = None,
     pseudo_terminal: typing.Optional[builtins.bool] = None,
     readonly_root_filesystem: typing.Optional[builtins.bool] = None,
+    restart_attempt_period: typing.Optional[_Duration_4839e8c3] = None,
+    restart_ignored_exit_codes: typing.Optional[typing.Sequence[jsii.Number]] = None,
     secrets: typing.Optional[typing.Mapping[builtins.str, Secret]] = None,
     start_timeout: typing.Optional[_Duration_4839e8c3] = None,
     stop_timeout: typing.Optional[_Duration_4839e8c3] = None,
@@ -43060,6 +43550,7 @@ def _typecheckingstub__20c974a49c79829fac0811dffaf78c449f92ae136414b96232160d37c
     dns_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
     docker_labels: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
     docker_security_options: typing.Optional[typing.Sequence[builtins.str]] = None,
+    enable_restart_policy: typing.Optional[builtins.bool] = None,
     entry_point: typing.Optional[typing.Sequence[builtins.str]] = None,
     environment: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
     environment_files: typing.Optional[typing.Sequence[EnvironmentFile]] = None,
@@ -43078,6 +43569,8 @@ def _typecheckingstub__20c974a49c79829fac0811dffaf78c449f92ae136414b96232160d37c
     privileged: typing.Optional[builtins.bool] = None,
     pseudo_terminal: typing.Optional[builtins.bool] = None,
     readonly_root_filesystem: typing.Optional[builtins.bool] = None,
+    restart_attempt_period: typing.Optional[_Duration_4839e8c3] = None,
+    restart_ignored_exit_codes: typing.Optional[typing.Sequence[jsii.Number]] = None,
     secrets: typing.Optional[typing.Mapping[builtins.str, Secret]] = None,
     start_timeout: typing.Optional[_Duration_4839e8c3] = None,
     stop_timeout: typing.Optional[_Duration_4839e8c3] = None,
@@ -43655,6 +44148,7 @@ def _typecheckingstub__aa1e4969dd0e00a5737510c273aa9546ad4ce7bc5a8a146f2a37666b0
     dns_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
     docker_labels: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
     docker_security_options: typing.Optional[typing.Sequence[builtins.str]] = None,
+    enable_restart_policy: typing.Optional[builtins.bool] = None,
     entry_point: typing.Optional[typing.Sequence[builtins.str]] = None,
     environment: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
     environment_files: typing.Optional[typing.Sequence[EnvironmentFile]] = None,
@@ -43673,6 +44167,8 @@ def _typecheckingstub__aa1e4969dd0e00a5737510c273aa9546ad4ce7bc5a8a146f2a37666b0
     privileged: typing.Optional[builtins.bool] = None,
     pseudo_terminal: typing.Optional[builtins.bool] = None,
     readonly_root_filesystem: typing.Optional[builtins.bool] = None,
+    restart_attempt_period: typing.Optional[_Duration_4839e8c3] = None,
+    restart_ignored_exit_codes: typing.Optional[typing.Sequence[jsii.Number]] = None,
     secrets: typing.Optional[typing.Mapping[builtins.str, Secret]] = None,
     start_timeout: typing.Optional[_Duration_4839e8c3] = None,
     stop_timeout: typing.Optional[_Duration_4839e8c3] = None,
@@ -43702,6 +44198,7 @@ def _typecheckingstub__2bb9382e9a7b1b34a020902905c4bf83e2d4970135e7592e5b5a1da62
     dns_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
     docker_labels: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
     docker_security_options: typing.Optional[typing.Sequence[builtins.str]] = None,
+    enable_restart_policy: typing.Optional[builtins.bool] = None,
     entry_point: typing.Optional[typing.Sequence[builtins.str]] = None,
     environment: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
     environment_files: typing.Optional[typing.Sequence[EnvironmentFile]] = None,
@@ -43720,6 +44217,8 @@ def _typecheckingstub__2bb9382e9a7b1b34a020902905c4bf83e2d4970135e7592e5b5a1da62
     privileged: typing.Optional[builtins.bool] = None,
     pseudo_terminal: typing.Optional[builtins.bool] = None,
     readonly_root_filesystem: typing.Optional[builtins.bool] = None,
+    restart_attempt_period: typing.Optional[_Duration_4839e8c3] = None,
+    restart_ignored_exit_codes: typing.Optional[typing.Sequence[jsii.Number]] = None,
     secrets: typing.Optional[typing.Mapping[builtins.str, Secret]] = None,
     start_timeout: typing.Optional[_Duration_4839e8c3] = None,
     stop_timeout: typing.Optional[_Duration_4839e8c3] = None,
@@ -43744,6 +44243,7 @@ def _typecheckingstub__498b2375cb2035a958edbdd10ad5f4352caa5773be14b63a07c337871
     dns_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
     docker_labels: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
     docker_security_options: typing.Optional[typing.Sequence[builtins.str]] = None,
+    enable_restart_policy: typing.Optional[builtins.bool] = None,
     entry_point: typing.Optional[typing.Sequence[builtins.str]] = None,
     environment: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
     environment_files: typing.Optional[typing.Sequence[EnvironmentFile]] = None,
@@ -43762,6 +44262,8 @@ def _typecheckingstub__498b2375cb2035a958edbdd10ad5f4352caa5773be14b63a07c337871
     privileged: typing.Optional[builtins.bool] = None,
     pseudo_terminal: typing.Optional[builtins.bool] = None,
     readonly_root_filesystem: typing.Optional[builtins.bool] = None,
+    restart_attempt_period: typing.Optional[_Duration_4839e8c3] = None,
+    restart_ignored_exit_codes: typing.Optional[typing.Sequence[jsii.Number]] = None,
     secrets: typing.Optional[typing.Mapping[builtins.str, Secret]] = None,
     start_timeout: typing.Optional[_Duration_4839e8c3] = None,
     stop_timeout: typing.Optional[_Duration_4839e8c3] = None,
@@ -44484,6 +44986,7 @@ def _typecheckingstub__8fe416001b357a118b80b0f9e3432c5bffbeffe29c2f7e67a02e5589c
     dns_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
     docker_labels: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
     docker_security_options: typing.Optional[typing.Sequence[builtins.str]] = None,
+    enable_restart_policy: typing.Optional[builtins.bool] = None,
     entry_point: typing.Optional[typing.Sequence[builtins.str]] = None,
     environment: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
     environment_files: typing.Optional[typing.Sequence[EnvironmentFile]] = None,
@@ -44502,6 +45005,8 @@ def _typecheckingstub__8fe416001b357a118b80b0f9e3432c5bffbeffe29c2f7e67a02e5589c
     privileged: typing.Optional[builtins.bool] = None,
     pseudo_terminal: typing.Optional[builtins.bool] = None,
     readonly_root_filesystem: typing.Optional[builtins.bool] = None,
+    restart_attempt_period: typing.Optional[_Duration_4839e8c3] = None,
+    restart_ignored_exit_codes: typing.Optional[typing.Sequence[jsii.Number]] = None,
     secrets: typing.Optional[typing.Mapping[builtins.str, Secret]] = None,
     start_timeout: typing.Optional[_Duration_4839e8c3] = None,
     stop_timeout: typing.Optional[_Duration_4839e8c3] = None,
@@ -44533,6 +45038,7 @@ def _typecheckingstub__a448c235107c9543bb055362134e3500d0a20b6f51e433675f952a773
     dns_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
     docker_labels: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
     docker_security_options: typing.Optional[typing.Sequence[builtins.str]] = None,
+    enable_restart_policy: typing.Optional[builtins.bool] = None,
     entry_point: typing.Optional[typing.Sequence[builtins.str]] = None,
     environment: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
     environment_files: typing.Optional[typing.Sequence[EnvironmentFile]] = None,
@@ -44551,6 +45057,8 @@ def _typecheckingstub__a448c235107c9543bb055362134e3500d0a20b6f51e433675f952a773
     privileged: typing.Optional[builtins.bool] = None,
     pseudo_terminal: typing.Optional[builtins.bool] = None,
     readonly_root_filesystem: typing.Optional[builtins.bool] = None,
+    restart_attempt_period: typing.Optional[_Duration_4839e8c3] = None,
+    restart_ignored_exit_codes: typing.Optional[typing.Sequence[jsii.Number]] = None,
     secrets: typing.Optional[typing.Mapping[builtins.str, Secret]] = None,
     start_timeout: typing.Optional[_Duration_4839e8c3] = None,
     stop_timeout: typing.Optional[_Duration_4839e8c3] = None,
@@ -45165,6 +45673,7 @@ def _typecheckingstub__e16f7a8ab558d24dc81cd83e043fb5a8b37369f32cee89bd310588535
     dns_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
     docker_labels: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
     docker_security_options: typing.Optional[typing.Sequence[builtins.str]] = None,
+    enable_restart_policy: typing.Optional[builtins.bool] = None,
     entry_point: typing.Optional[typing.Sequence[builtins.str]] = None,
     environment: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
     environment_files: typing.Optional[typing.Sequence[EnvironmentFile]] = None,
@@ -45183,6 +45692,8 @@ def _typecheckingstub__e16f7a8ab558d24dc81cd83e043fb5a8b37369f32cee89bd310588535
     privileged: typing.Optional[builtins.bool] = None,
     pseudo_terminal: typing.Optional[builtins.bool] = None,
     readonly_root_filesystem: typing.Optional[builtins.bool] = None,
+    restart_attempt_period: typing.Optional[_Duration_4839e8c3] = None,
+    restart_ignored_exit_codes: typing.Optional[typing.Sequence[jsii.Number]] = None,
     secrets: typing.Optional[typing.Mapping[builtins.str, Secret]] = None,
     start_timeout: typing.Optional[_Duration_4839e8c3] = None,
     stop_timeout: typing.Optional[_Duration_4839e8c3] = None,