Abstract
SSH into Container from your own laptops. Great for debugging containers under ECS.
Setup Checklist:
- Enable ECS Exec
- Install Session Manager Plugin for AWS Cli
- Add SSM permission via IAM Policy to the ECS Role
- Check if ECS Exec is configured properly
- SSH into ECS Container
Enable ECS Exec
For Existing ECS Cluster
Caution
Only new ECS Task under the ECS Service will have the ECS Exec enabled!
aws ecs update-service \
--cluster <CLUSTER_NAME> \
--service <SERVICE_NAME> \
--enable-execute-commandNew ECS Cluster
- Option 1: Using Terraform
- Option 2: Using Cli
aws ecs create-service \
--cluster <CLUSTER_NAME> \
--task-definition <TASK-DEFINITION-NAME> \
--enable-execute-command \
--service-name <SERVICE_NAME> \
--desired-count 1- Based on what I know, there isn’t a way to enable ECS EXEC from the GUI console
Get into ECS Container
Install Session Manager Plugin for AWS Cli
brew install --cask session-manager-pluginAdd SSM permission via IAM Policy to the ECS Role
NOT the execution role!!!
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ssmmessages:CreateControlChannel",
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenControlChannel",
"ssmmessages:OpenDataChannel"
],
"Resource": "*"
}
]
}Check if ECS Exec is configured properly
export AWS_PROFILE=<PROFILE_NAME>
export AWS_REGION=<AWS_REGION>
bash <( curl -Ls https://raw.githubusercontent.com/aws-containers/amazon-ecs-exec-checker/main/check-ecs-exec.sh ) <CLUSTER_NAME> <TASK_ID>- Script is open-sourced
SSH into ECS Container
aws ecs execute-command \
--cluster <CLUSTER_NAME> \
--task <TASK_ID> \
--container <CONTAINER_NAME> \
--interactive \
--command "/bin/sh" Don't want to type the command all the time?
You can make use of AWS Explorer which can be integrated into your code editor. Then you just need to click a few buttons to have a shell into the ECS Container. No more manual copy-paste and modifying the command!
Error Connecting?
Try create a new Task deployment