ECS
Exec into the ECS Containers
Official News https://aws.amazon.com/blogs/containers/new-using-amazon-ecs-exec-access-your-containers-fargate-ec2/
Reference https://www.ernestchiang.com/en/posts/2021/using-amazon-ecs-exec/
Install the Session Manager Plugin locally.
Attach the following policy to the task's role, so the task can use SSM to create a secure channel to run "exec".
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ssmmessages:CreateControlChannel", "ssmmessages:CreateDataChannel", "ssmmessages:OpenControlChannel", "ssmmessages:OpenDataChannel" ], "Resource": "*" } ] }
Update the task definition to set
containerDefinitions[].linuxParameters.initProcessEnabled
totrue
.{ "containerDefinitions": [ { "linuxParameters": { "initProcessEnabled": true } } ] }
Update the service to...
use the latest task definition; and
enable "execute command".
aws ecs update-service \ --cluster <ECS_CLUSTER_NAME> \ --service <ECS_SERVICE_NAME> \ --task-definition <TASK_DEFINITION_NAME> \ --enable-execute-command \ --force-new-deployment
Ensure "execute command" is ready.
aws ecs describe-tasks \ --cluster <ECS_CLUSTER_NAME> \ --tasks <ECS_TASK_ID> # 1. Search for "enableExecuteCommand", the value should be `true`. # 2. Search for "ExecuteCommandAgent", the "lastStatus" should be `RUNNING`.
Exec into the container.
aws ecs execute-command \ --cluster <ECS_CLUSTER_NAME> \ --task <ECS_TASK_ID> \ --container <ECS_CONTAINER_NAME> \ --interactive \ --command "/bin/sh"
Last updated