1. Introduction
Hello! We are a writer team from Definer Inc.
In this issue, you are wondering how to execute commands inside an ECS Fargate container.
Let's take a look at the actual screens and resources to explain in detail.
In this issue, you are wondering how to execute commands inside an ECS Fargate container.
Let's take a look at the actual screens and resources to explain in detail.
2. Purpose/Use Cases
This article summarizes information and practices that can be helpful when you want to execute commands inside an ECS Fargate container.
3. What is ECS exec?
ECS exec allows you to execute commands directly within the ECS container.
Previously, when using Fargate, it was not possible to execute commands inside the container.
Also, when using EC2, two steps were required: logging in to EC2 and executing the docker exec command.
With ECS exec, this can now be done in one step, making it even easier to use.
ECS exec uses the "Session Manager" mechanism of AWS Systems Manager to access containers from the client.
Therefore, there is no need to log in to the EC2 instance or allow SSH ports by SG.
Previously, when using Fargate, it was not possible to execute commands inside the container.
Also, when using EC2, two steps were required: logging in to EC2 and executing the docker exec command.
With ECS exec, this can now be done in one step, making it even easier to use.
ECS exec uses the "Session Manager" mechanism of AWS Systems Manager to access containers from the client.
Therefore, there is no need to log in to the EC2 instance or allow SSH ports by SG.
4. Try ECS exec
We will actually try ECS exec to Fargate.
ECS will use the service and task definitions created in "Creating Microservices with Amazon ECS".
As prerequisites, SSM agent must support ECS exec and AWS CLI v2 2.1.31 (released 2021/03/20) or later must be used.
・To run the container on an EC2 instance:
→A version released after "2021/01/20" of ECS-optimized AMI is acceptable.
・To run the container on Fargate:
→Fargate platform version "1.4.0" or later is OK.
The actual procedure is described below.
(1) Enable "enableExecuteCommand" for ECS service
Enable it with the following command.
(2) Add SSM authority to the ECS task role
Add the following SSM privileges to the ECS task role specified in the task definition.
(3) Update ECS service
Update the ECS service so that the new task is started.
(4) Execute the ECS Exec command
You have successfully logged into the Fargate container!
You can use the "ls" and "pwd" commands to explore inside the container.
IAM privileges to be added to the ECS task role
ECS will use the service and task definitions created in "Creating Microservices with Amazon ECS".
As prerequisites, SSM agent must support ECS exec and AWS CLI v2 2.1.31 (released 2021/03/20) or later must be used.
・To run the container on an EC2 instance:
→A version released after "2021/01/20" of ECS-optimized AMI is acceptable.
・To run the container on Fargate:
→Fargate platform version "1.4.0" or later is OK.
The actual procedure is described below.
(1) Enable "enableExecuteCommand" for ECS service
Enable it with the following command.
(2) Add SSM authority to the ECS task role
Add the following SSM privileges to the ECS task role specified in the task definition.
(3) Update ECS service
Update the ECS service so that the new task is started.
(4) Execute the ECS Exec command
You have successfully logged into the Fargate container!
You can use the "ls" and "pwd" commands to explore inside the container.
IAM privileges to be added to the ECS task role
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ssmmessages:CreateControlChannel",
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenControlChannel",
"ssmmessages:OpenDataChannel"
],
"Resource": "*"
}
]
} ## Enable ECS Exec
aws ecs update-service \
--cluster default \
--service test-nginx \
--enable-execute-command
## ECS Exec command
aws ecs execute-command \
--cluster default \
--task ${ECS Task ID} \
--container test-nginx \
--interactive \
--command /bin/sh 5. Cited/Referenced Articles
6. About the proprietary solution "PrismScaler"
・PrismScaler is a web service that enables the construction of multi-cloud infrastructures such as AWS, Azure, and GCP in just three steps, without requiring development and operation.
・PrismScaler is a web service that enables multi-cloud infrastructure construction such as AWS, Azure, GCP, etc. in just 3 steps without development and operation.
・The solution is designed for a wide range of usage scenarios such as cloud infrastructure construction/cloud migration, cloud maintenance and operation, and cost optimization, and can easily realize more than several hundred high-quality general-purpose cloud infrastructures by appropriately combining IaaS and PaaS.
・PrismScaler is a web service that enables multi-cloud infrastructure construction such as AWS, Azure, GCP, etc. in just 3 steps without development and operation.
・The solution is designed for a wide range of usage scenarios such as cloud infrastructure construction/cloud migration, cloud maintenance and operation, and cost optimization, and can easily realize more than several hundred high-quality general-purpose cloud infrastructures by appropriately combining IaaS and PaaS.
7. Contact us
This article provides useful introductory information free of charge. For consultation and inquiries, please contact "Definer Inc".
8. Regarding Definer
・Definer Inc. provides one-stop solutions from upstream to downstream of IT.
・We are committed to providing integrated support for advanced IT technologies such as AI and cloud IT infrastructure, from consulting to requirement definition/design development/implementation, and maintenance and operation.
・We are committed to providing integrated support for advanced IT technologies such as AI and cloud IT infrastructure, from consulting to requirement definition, design development, implementation, maintenance, and operation.
・PrismScaler is a high-quality, rapid, "auto-configuration," "auto-monitoring," "problem detection," and "configuration visualization" for multi-cloud/IT infrastructure such as AWS, Azure, and GCP.
・We are committed to providing integrated support for advanced IT technologies such as AI and cloud IT infrastructure, from consulting to requirement definition/design development/implementation, and maintenance and operation.
・We are committed to providing integrated support for advanced IT technologies such as AI and cloud IT infrastructure, from consulting to requirement definition, design development, implementation, maintenance, and operation.
・PrismScaler is a high-quality, rapid, "auto-configuration," "auto-monitoring," "problem detection," and "configuration visualization" for multi-cloud/IT infrastructure such as AWS, Azure, and GCP.