> ## Documentation Index
> Fetch the complete documentation index at: https://docs.maia.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# AWS Fargate Streaming runner setup

export const s_runner = "Streaming runner";

export const RunnerMetadata = ({runnerType, platforms = []}) => {
  return <div style={{
    background: 'var(--colors-background-light, #f9fafb)',
    border: '1px solid var(--colors-border-default, #e5e7eb)',
    borderRadius: '12px',
    padding: '20px 28px',
    marginBottom: '28px',
    boxShadow: '0 1px 4px rgba(0,0,0,0.10)'
  }}>
      <table style={{
    width: '100%',
    borderCollapse: 'collapse'
  }}>
        <tbody>
          <tr>
            <td style={{
    fontWeight: '600',
    paddingRight: '32px',
    paddingBottom: '14px',
    whiteSpace: 'nowrap',
    verticalAlign: 'middle',
    width: '180px'
  }}>Runner type</td>
            <td style={{
    paddingBottom: '14px',
    verticalAlign: 'middle'
  }}>{runnerType}</td>
          </tr>
          <tr>
            <td style={{
    fontWeight: '600',
    paddingRight: '32px',
    whiteSpace: 'nowrap',
    verticalAlign: 'middle'
  }}>Runner platform</td>
            <td style={{
    verticalAlign: 'middle'
  }}>
              <div style={{
    display: 'flex',
    flexWrap: 'wrap',
    gap: '8px'
  }}>
                {platforms.map((platform, i) => <span key={i} style={{
    background: '#dcfce7',
    color: '#15803d',
    border: '1px solid #bbf7d0',
    borderRadius: '9999px',
    padding: '3px 12px',
    fontSize: '0.85rem',
    fontWeight: '500',
    whiteSpace: 'nowrap'
  }}>
                    {platform} ✅
                  </span>)}
              </div>
            </td>
          </tr>
        </tbody>
      </table>
    </div>;
};

<RunnerMetadata runnerType="Streaming" platforms={["AWS"]} />

This page is a guide to manually installing a {s_runner} into AWS Fargate.

<Note>
  This documentation refers to the **New ECS Experience** for Elastic Container Service.

  Each time you click **Create** in AWS, a colored banner will appear at the top of the AWS UI.

  * Blue indicates the creation of a resource is in-progress.
  * Green indicates the creation of a resource has completed.
  * Red indicates the creation of a resource has failed.
</Note>

***

## Prerequisites

* First you must create a {s_runner}, as described in [Create a runner](/docs/streaming/create-streaming-agent). This will provide you with the parameters and values needed to manually complete the agent setup in AWS Fargate.
* Before deploying an agent in AWS, confirm the existence of a service-linked role for Amazon ECS in your AWS account. Typically, Amazon ECS generates this role automatically. If not, follow the [manual creation documentation](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using-service-linked-roles.html#create-slr) for setup instructions.

***

## Security groups

1. Log in to the [AWS Console](https://aws.amazon.com/console/).

2. Once logged in, type `security groups` in the search bar.

3. In the **Features** list, select **Security Groups|EC2 feature**.

4. Choose **Create security group**.

5. Complete the following fields:

   * **Security group name:** Enter `matillion-agent-<agentID>`, where `<agentID>` is the AGENT\_ID found on the **Runner details** screen.
   * **Description:** Add the following description: `agent security group for agent ID <agentID>`, where `<agentID>` is the AGENT\_ID found on the **Runner details** screen. Alternatively, add a description of your choice.
   * **VPC:** Select your VPC.
   * **Inbound rules:** Add any inbound rules. None are required by default.
   * **Outbound rules:** Add `0.0.0.0/0`.
   * **Tags:** You may want to add a tag where **Key** = `matillion-agent-id` and **Value** = `<agentID>`.

6. Click **Create security group** to confirm creation. On successful creation of the security group, you will be redirected to the new security group's dashboard.

7. Make a note of your **Security group ID**.

***

## Log groups (optional)

This part may be omitted if you want to use the default that can be created as part of the **Task definition**.

1. In the AWS console, type `CloudWatch` in the search bar and navigate to **AWS CloudWatch**.

2. In the left-hand menu, choose **Logs** → **Log groups**.

3. Click **Create log group**.

4. Complete the following fields:

   * **Log group name:** Add the following: `/ecs/matillion-agent/<agentID>`, where `<agentID>` is the AGENT\_ID found on the **Runner details** screen.
   * **Retention setting:** Select a retention setting from the drop-down. **1 month (30 days)** is recommended.
   * **KMS key ARN - optional:** Not required.
   * **Tags:** You may want to add a tag where **Key** = `matillion-agent-id` and **Value** = `<agentID>`.

5. Click **Create** to confirm creation of the log group. On successful creation of the log group, you will be redirected to **Log groups**.

***

## Cluster

1. In the AWS console, type `Elastic Container Service` in the search bar and choose that service.

2. If this is your first time using this service, click **Get started** or **Clusters**.

3. Click **Create Cluster**.

4. Complete the following fields:

   * **Cluster name:** Add the following: `matillion-agent-<agentID>`, where `<agentID>` is the AGENT\_ID found on the **Runner details** screen.
   * **Monitoring:** Optional, but recommended that you choose **Container Insights with enhanced observability**.
   * **Tags:** Optional, but you may want to add a tag where **Key** = `matillion-agent-id` and **Value** = `<agentID>`, where `<agentID>` is the AGENT\_ID found on the **Runner details** screen.

   Leave all other settings on this screen as default values.

5. Click **Create** to confirm creation of the cluster. On successful creation of the cluster, you will be redirected to the **Clusters** list. Your cluster should now be listed, and show **No tasks running**. The next step is to add [task definitions](#task-definitions).

***

## Task definitions

1. In the AWS console, type `Elastic Container Service` in the search bar and choose that service.

2. In the left-hand menu, click **Task definitions**.

3. Click **Create new task definition** and select **Create new task definition** (*not* **Create new task definition with JSON**) from the drop-down.

4. For **Task definition family**, enter `matillion-agent-<agentID>`, where `<agentID>` is the AGENT\_ID found on the **Runner details** screen. This must be unique—two task definitions can't share a name.

5. Under **Infrastructure requirements**, configure the following:

   * **Launch type:** Choose **AWS Fargate**.

   * **CPU:** Choose **1 vCPU**.

   * **Memory:** Choose **4 GB**.

   * **Task role:** Select an IAM role that has similar permissions to your role. If you're using the same IAM role, you might need to add `ecs-tasks.amazonaws.com` to the **Service** section in the **Trust Relationship** section of your IAM role to allow the role to work with the ECS service. An example trusted entity is as follows:

     ```json theme={null}
     {
         "Version": "2012-10-17",
         "Statement": [
             {
                 "Effect": "Allow",
                 "Principal": {
                     "Service": [
                         "ecs-tasks.amazonaws.com",
                         "ec2.amazonaws.com"
                     ]
                 },
                 "Action": "sts:AssumeRole"
             }
         ]
     }
     ```

     To learn more, read [AWS IAM roles for {s_runner}s](/docs/streaming/streaming-agent-aws-iam-roles).

   * **Task execution role:** Choose `escTaskExecutionRole`.

6. Under the **Container-1** heading, complete the following:

   * **Name:** Enter `matillion-agent`.
   * **Image URI:** Copy and paste your **Agent Image URI** from **Runner details**.
   * **Port mappings:** Remove any existing entries.

7. Under **Environment variables - optional**, click **Add environment variable** and add the following key-value pairs, using the values from the **Runner details** page:

   | Key                   | Value type | Value                                                                                                                                    |
   | --------------------- | ---------- | ---------------------------------------------------------------------------------------------------------------------------------------- |
   | ACCOUNT\_ID           | Value      | Copy and paste the **ACCOUNT\_ID** value from the **Runner details** page.                                                               |
   | AGENT\_ID             | Value      | Copy and paste the **AGENT\_ID** value from the **Runner details** page.                                                                 |
   | MATILLION\_REGION     | Value      | Copy and paste the **MATILLION\_REGION** value from the **Runner details** page.                                                         |
   | OAUTH\_CLIENT\_ID     | Value      | Copy and paste the **client\_id** value from the **Runner details** page. Click **Reveal** to make the value visible before copying.     |
   | OAUTH\_CLIENT\_SECRET | Value      | Copy and paste the **client\_secret** value from the **Runner details** page. Click **Reveal** to make the value visible before copying. |

8. Under **Logging - optional**, the **awslogs-group** value should have been automatically populated. If you don't wish to use another log group, leave the **aws-create-group** entry and a log group will be created with the **awslogs-group** value.

9. If the naming of components has been consistent so far, the **awslogs-group** value should equal the log group that was [previously created](#log-groups-optional) (note the use of the `/` preceding the ID in the original **Log group** name). Otherwise, select the log group created earlier, and delete the **aws-create-group** entry by clicking **Remove**.

10. Under **Tags - optional**, you may want to add a tag where **Key** = `matillion-agent-id` and **Value** = `<agentID>`, where `<agentID>` is the AGENT\_ID found on the **Runner details** screen.

11. Click **Create** to confirm creation of the task definition.

***

## Service

1. On the **Task definitions** screen, choose your newly-created task definition.

2. Click **Deploy** then **Create service** from the drop-down.

3. In the **existing cluster** drop-down, choose the cluster you [created earlier](#cluster).

4. Complete the following fields:

   * **Service name:** Add the following: `matillion-agent-<agentID>`, where `<agentID>` is the AGENT\_ID found on the **Runner details** screen, or another suitable descriptor.
   * **Desired tasks:** Set this to `1`.

5. Under **Networking**, complete the following:

   * **Security group name:** Use the drop-down to select the security group you created earlier.
   * **Public IP:** Ensure that this is toggled to **Turned on**, unless you are using Network Address Translation.

6. Under **Tags - optional**, you may want to add a tag where **Key** = `matillion-agent-id` and **Value** = `<agentID>`, where `<agentID>` is the AGENT\_ID found on the **Runner details** screen.

7. Click **Create**.

The agent will then start. You can return to the agent dashboard and view the agents list. Your new agent should be on the list and have a **Running** status.
