fix(batch): Windows does not support readonlyRootFilesystem

packages/aws-cdk-lib/aws-batch/lib/ecs-container-definition.ts

@@ -1057,6 +1057,11 @@ export class EcsFargateContainerDefinition extends EcsContainerDefinitionBase im
     this.fargateCpuArchitecture = props.fargateCpuArchitecture;
     this.fargateOperatingSystemFamily = props.fargateOperatingSystemFamily;
 
+    if (this.fargateOperatingSystemFamily?._operatingSystemFamily.toLowerCase().includes('windows') && this.readonlyRootFilesystem) {
+      // see https://kubernetes.io/docs/concepts/windows/intro/
+      throw new Error('Readonly root filesystem is not possible on Windows; write access is required for registry & system processes to run inside the container');
+    }
+
     // validates ephemeralStorageSize is within limits
     if (props.ephemeralStorageSize) {
       if (props.ephemeralStorageSize.toGibibytes() > 200) {

packages/aws-cdk-lib/aws-batch/test/ecs-container-definition.test.ts

@@ -1067,4 +1067,14 @@ describe('Fargate containers', () => {
       }),
     })).toThrow("ECS Fargate container 'EcsFargateContainer2' specifies 'ephemeralStorageSize' at 201 > 200 GB");
   });
+
+  test('readonlyRootFilesystem can\'t be true with Windows family', () => {
+    expect(() => new EcsJobDefinition(stack, 'ECSJobDefn', {
+      container: new EcsFargateContainerDefinition(stack, 'EcsFargateContainer', {
+        ...defaultContainerProps,
+        readonlyRootFilesystem: true,
+        fargateOperatingSystemFamily: ecs.OperatingSystemFamily.WINDOWS_SERVER_2004_CORE,
+      }),
+    })).toThrow('Readonly root filesystem is not possible on Windows; write access is required for registry & system processes to run inside the container');
+  });
 });