Commands
  • About
  • Software Development
    • Glossary
    • System Design
      • CAP Theorem
      • Data Migration
      • EAV Model
      • ETL Process
      • Event Sourcing
      • Outbox Pattern
      • SOLID Principles
    • Standards
      • Character Encoding
      • Twirp
    • Elixir
      • IEx
      • Mix
      • Libraries
      • Code Snippets
    • Node.js
      • TypeScript
  • Commands
    • Bookmarks
    • AWS
      • Athena
      • ECS
    • Docker
      • Manage Images
      • Manage Containers
    • File System
      • Grep
      • Search Files
      • Miscellaneous
    • Git
      • Setup New Project
      • Manage Remotes
      • Release Project
    • GPG
    • Kafka
      • Quick Start
    • Kubernetes
    • OpenShift
      • Manage Roles and Bindings
    • PostgreSQL
    • SSL / TLS
      • Common OpenSSL Commands
      • Create Self-signed Certificate
      • Java Truststore and Keystore
    • SSH
      • Key Management
      • Port Forwarding
    • YUM
      • List Repositories
      • List Packages
    • Miscellaneous
      • Network
Powered by GitBook
On this page
  1. Commands
  2. AWS

ECS

PreviousAthenaNextDocker

Last updated 3 years ago

Exec into the ECS Containers

Official News https://aws.amazon.com/blogs/containers/new-using-amazon-ecs-exec-access-your-containers-fargate-ec2/

Reference https://www.ernestchiang.com/en/posts/2021/using-amazon-ecs-exec/

  1. Install the locally.

  2. Attach the following policy to the task's role, so the task can use SSM to create a secure channel to run "exec".

    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Action": [
            "ssmmessages:CreateControlChannel",
            "ssmmessages:CreateDataChannel",
            "ssmmessages:OpenControlChannel",
            "ssmmessages:OpenDataChannel"
          ],
          "Resource": "*"
        }
      ]
    }
  3. Update the task definition to set containerDefinitions[].linuxParameters.initProcessEnabled to true.

    {
      "containerDefinitions": [
        {
          "linuxParameters": {
            "initProcessEnabled": true
          }
        }
      ]
    }
  4. Update the service to...

    1. use the latest task definition; and

    2. enable "execute command".

    aws ecs update-service \
      --cluster <ECS_CLUSTER_NAME> \
      --service <ECS_SERVICE_NAME> \
      --task-definition <TASK_DEFINITION_NAME> \
      --enable-execute-command \
      --force-new-deployment
  5. Ensure "execute command" is ready.

     aws ecs describe-tasks \
       --cluster <ECS_CLUSTER_NAME> \
       --tasks <ECS_TASK_ID>
    
     # 1. Search for "enableExecuteCommand", the value should be `true`.
     # 2. Search for "ExecuteCommandAgent", the "lastStatus" should be `RUNNING`.
  6. Exec into the container.

    aws ecs execute-command \
      --cluster <ECS_CLUSTER_NAME> \
      --task <ECS_TASK_ID> \
      --container <ECS_CONTAINER_NAME> \
      --interactive \
      --command "/bin/sh"
Session Manager Plugin