DEV Community

Cover image for How To SSH Into An ECS Fargate Container
On-cloud7
On-cloud7

Posted on

How To SSH Into An ECS Fargate Container

#aws #containers #fargate #ssh

1) To install the Session Manager plugin using the EXE installer
Download the installer using the following URL.
https://s3.amazonaws.com/session-mana...


   command :  session-manager-plugin --version
Enter fullscreen mode Exit fullscreen mode

2) Install or update the AWS CLI
Download and run the AWS CLI MSI installer for Windows (64-bit):
https://awscli.amazonaws.com/AWSCLIV2...

 command : aws --version
Enter fullscreen mode Exit fullscreen mode

3) Add SSM permissions to the ecsTaskExecutionRole role
You should add the following policy to your existing ecsTaskExecutionRole IAM role. This grants permission for the ECS task to connect with the SSM Session Manager service.

{
   "Version": "2012-10-17",
   "Statement": [
       {
       "Effect": "Allow",
       "Action": [
            "ssmmessages:CreateControlChannel",
            "ssmmessages:CreateDataChannel",
            "ssmmessages:OpenControlChannel",
            "ssmmessages:OpenDataChannel"
       ],
      "Resource": "*"
      }
   ]
}
Enter fullscreen mode Exit fullscreen mode

**4) Add ECS ExecuteCommand permission to your IAM USER

Make sure your IAM USER contains a policy that allows the action ecs:ExecuteCommand. Otherwise, you’re not able to run the aws ecs execute-command in the AWS CLI to access the running container.**

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "User access to ECS ExecuteCommand",
            "Effect": "Allow",
            "Action": "ecs:ExecuteCommand",
            "Resource": "*"
        }
    ]
}
Enter fullscreen mode Exit fullscreen mode

**5) Enable ECS Exec for your ECS task and services

To enable ECS Exec on an existing ECS service run:**

aws ecs update-service  --cluster cluster-name   --task-definition  task-definition-name    --service  service-name    --enable-execute-command --desired-count 1
Enter fullscreen mode Exit fullscreen mode

To verify if a task has ExecuteCommand enabled you can run the aws ecs describe-tasks command to check its configuration.


aws ecs describe-tasks --cluster cluster-name  -–tasks taskid
Enter fullscreen mode Exit fullscreen mode 
Example : aws ecs describe-tasks --cluster example-cluster  -–tasks 5210107e30a9470b9b093d1fb72e8d6a
Enter fullscreen mode Exit fullscreen mode

If everything went well, you’ll receive the following output with enableExecuteCommand set to true.

6) Run the aws ecs execute command with the task id and container name to log in.

aws ecs execute-command --cluster cluster-name  --task task-id  --container                    container-name  --interactive     --command "/bin/bash"
Enter fullscreen mode Exit fullscreen mode

Top comments (0)