Bach Huynh V. VN.Danang
Posted on August 16, 2024
ECS Exec Usage Guide
To begin using ECS Exec, follow these steps to verify and enable the necessary configurations.
Prerequisites: AWS CLI and Session Manager Plugin Installation
Before using ECS Exec, ensure that you have the following installed on your local machine:
-
AWS CLI:
- To install the AWS CLI, follow the official instructions for your operating system: AWS CLI Installation Guide
After installation, verify it by running:
aws --version
- Session Manager Plugin: The ECS Exec feature requires the Session Manager Plugin for the AWS CLI. To install it, follow the steps for your operating system:
-
Windows:
msiexec.exe /i https://s3.amazonaws.com/session-manager-downloads/plugin/latest/windows/SessionManagerPluginSetup.exe
-
macOS:
curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/mac/sessionmanager-bundle.zip" -o "sessionmanager-bundle.zip" unzip sessionmanager-bundle.zip sudo ./sessionmanager-bundle/install
-
Linux:
curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/linux_amd64/session-manager-plugin.rpm" -o "session-manager-plugin.rpm" sudo yum install -y session-manager-plugin.rpm
After installation, verify it by running:
session-manager-plugin --version
1. Verify Your Task Configuration:
First, ensure that the task you want to connect to has the enableExecuteCommand
option enabled. Use the following command to describe the task:
aws ecs describe-tasks \
--cluster <cluster-name> \
--region <region-id> \
--tasks <task-id>
Check the output to ensure the enableExecuteCommand
flag is set to true
:
"enableExecuteCommand": true
2. Verify Service Configuration (If Applicable):
If your task is part of a service, verify that the service also has the enableExecuteCommand
option enabled by running the following command:
aws ecs describe-services \
--cluster <cluster-name> \
--services <service-name>
Check for the enableExecuteCommand
flag in the output:
"enableExecuteCommand": true
3. Enabling enableExecuteCommand
:
If the enableExecuteCommand
flag is false
, follow these steps to enable it.
For One-Time Run Tasks:
You can enable ECS Exec when you run the task by adding the --enable-execute-command
flag in the run-task
command:
aws ecs run-task \
--cluster <cluster-name> \
--task-definition <taskdef-name> \
--network-configuration awsvpcConfiguration="{subnets=[$PUBLIC_SUBNET1, $PUBLIC_SUBNET2],securityGroups=[$ECS_EXEC_DEMO_SG_ID],assignPublicIp=DISABLED}" \
--enable-execute-command \
--launch-type FARGATE \
--tags key=environment,value=production \
--region $AWS_REGION
For Services:
Currently, you cannot enable ECS Exec for services through the AWS Management Console (GUI). Instead, you need to update the service using the following CLI command:
aws ecs update-service \
--cluster <cluster-name> \
--service <service-name> \
--enable-execute-command
4. ECS Fargate and SSM Agent:
ECS Fargate uses the SSM Agent to allow direct access to containers via Session Manager. Therefore, ensure that your task definition includes a task role, and that the task role has the appropriate IAM policy. To facilitate testing, you can temporarily attach the AdministratorAccess
policy (though this is only recommended for testing purposes).
5. Executing Commands in Containers:
Once everything is configured, you can execute commands within your containers. Use the following commands based on the operating system of your container.
For Windows Containers:
aws ecs execute-command \
--region $AWS_REGION \
--cluster <cluster-name> \
--task <task-id> \
--container <container-name> \
--command "powershell.exe" \
--interactive
For Linux Containers:
aws ecs execute-command \
--region $AWS_REGION \
--cluster <cluster-name> \
--task <task-id> \
--container <container-name> \
--command "/bin/bash" \
--interactive
With the addition of these prerequisites, your documentation will help users set up everything they need to use ECS Exec smoothly. Let me know if you need any further adjustments!
Posted on August 16, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.