Use of ECS Exec feature
Hi,
When using ECS, sometimes you will want to debug your app by trying to connect to it.
ECS Exec is an Amazon Elastic Container Service (ECS) feature that allows you to execute commands in or get a shell to a container running on an Amazon EC2 instance or AWS Fargate. This makes it easier to collect diagnostic information and quickly troubleshoot errors.
Prerequisites
- An ECS cluster
- A task running in the cluster
- An IAM role with permissions to execute commands in containers
Example Use Cases
ECS Exec can be used for a variety of purposes, including:
- Debugging container applications
- Collecting diagnostic information
- Installing packages
- Running scripts
- Additional Considerations
When using ECS Exec, it is important to be aware of the following:
The IAM role used to execute the command must have the necessary permissions to execute commands in the container.
The container must be running in a state that allows execution. For example, the container must not be stopped or terminated.
The container must be running on a compatible infrastructure. For example, the container must run on an Amazon EC2 instance or AWS Fargate.
ECS Exec is not currently supported using the AWS Management Console.
There is a beneficial tool where you can check prerequisites — https://github.com/aws-containers/amazon-ecs-exec-checker
Additional info you can find here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-exec.html
Once you have all IAM permissions, and you install the session manager plugin, we can try to connect to the ECS task.
- Use AWS CLI and try this command:
aws ecs create-service \
--cluster YOUR_CLUSTER_NAME \
--task-definition TASK_DEFINITION_NAME \
--enable-execute-command \
--launch-type FARGATE \
--service-name SERVICE_NAME\
--desired-count 1 \
--region eu-west-1 \
--network-configuration "awsvpcConfiguration={subnets=[SUBNET_NAME],securityGroups=[SG_NAME],assignPublicIp=ENABLED}"
- Let’s check the ECS console now:
As you can see, our task is running, so now we can connect to a container.
- Now we run the execute statement:
aws ecs execute-command --cluster YOUR_CLUSTER_NAME \
--task 69e2ecb626944671b9ad9c5199d911ef \
--container CONTAINER_NAME \
--interactive \
--command "/bin/sh"
- You will see this output, so now you can communicate with a container:
- If you’ve already created an ECS Service, but want to enable the ECS exec command you can do this also, using this command:
aws ecs update-service SERVICE_NAME --cluster YOUR_CLUSTER_NAME \
--enable-execute-command \
--force-new-deployment
That’s all.
Now you can debug your apps by using the ECS exec feature.
Thank you for your time.
Top comments (0)