DEV Community

Cover image for ECS Exec (AWS Fargate)

ECS Exec (AWS Fargate)

Use of ECS Exec feature

Hi,

When using ECS, sometimes you will want to debug your app by trying to connect to it.

ECS Exec is an Amazon Elastic Container Service (ECS) feature that allows you to execute commands in or get a shell to a container running on an Amazon EC2 instance or AWS Fargate. This makes it easier to collect diagnostic information and quickly troubleshoot errors.

Prerequisites

  1. An ECS cluster
  2. A task running in the cluster
  3. An IAM role with permissions to execute commands in containers

Example Use Cases

ECS Exec can be used for a variety of purposes, including:

  • Debugging container applications
  • Collecting diagnostic information
  • Installing packages
  • Running scripts
  • Additional Considerations

When using ECS Exec, it is important to be aware of the following:

The IAM role used to execute the command must have the necessary permissions to execute commands in the container.

The container must be running in a state that allows execution. For example, the container must not be stopped or terminated.

The container must be running on a compatible infrastructure. For example, the container must run on an Amazon EC2 instance or AWS Fargate.

ECS Exec is not currently supported using the AWS Management Console.

There is a beneficial tool where you can check prerequisites — https://github.com/aws-containers/amazon-ecs-exec-checker

Additional info you can find here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-exec.html

Once you have all IAM permissions, and you install the session manager plugin, we can try to connect to the ECS task.

  • Use AWS CLI and try this command:


aws ecs create-service \
    --cluster YOUR_CLUSTER_NAME \
    --task-definition TASK_DEFINITION_NAME \
    --enable-execute-command \
    --launch-type FARGATE \
    --service-name SERVICE_NAME\
    --desired-count 1 \
    --region eu-west-1 \
    --network-configuration "awsvpcConfiguration={subnets=[SUBNET_NAME],securityGroups=[SG_NAME],assignPublicIp=ENABLED}"


Enter fullscreen mode Exit fullscreen mode
  • Let’s check the ECS console now:

ecs console

As you can see, our task is running, so now we can connect to a container.

  • Now we run the execute statement:


aws ecs execute-command --cluster YOUR_CLUSTER_NAME \
    --task 69e2ecb626944671b9ad9c5199d911ef \
    --container CONTAINER_NAME \
    --interactive \
    --command "/bin/sh"


Enter fullscreen mode Exit fullscreen mode
  • You will see this output, so now you can communicate with a container:

cli output

- If you’ve already created an ECS Service, but want to enable the ECS exec command you can do this also, using this command:



aws ecs update-service SERVICE_NAME --cluster YOUR_CLUSTER_NAME \
  --enable-execute-command \
  --force-new-deployment


Enter fullscreen mode Exit fullscreen mode

That’s all.

Now you can debug your apps by using the ECS exec feature.

Thank you for your time.

Top comments (0)