Abstract


SSH into Container from your own laptops. Great for debugging containers under ECS.

Setup Checklist:

Enable ECS Exec


For Existing ECS Cluster

Caution

Only new ECS Task under the ECS Service will have the ECS Exec enabled!

aws ecs update-service \
    --cluster <CLUSTER_NAME> \
    --service <SERVICE_NAME> \
    --enable-execute-command

New ECS Cluster

aws ecs create-service \
--cluster <CLUSTER_NAME> \
--task-definition <TASK-DEFINITION-NAME> \
--enable-execute-command \
--service-name <SERVICE_NAME> \
--desired-count 1
  • Based on what I know, there isn’t a way to enable ECS EXEC from the GUI console

Get into ECS Container


Install Session Manager Plugin for AWS Cli

brew install --cask session-manager-plugin

Add SSM permission via IAM Policy to the ECS Role

NOT the execution role!!!

{
   "Version": "2012-10-17",
   "Statement": [
       {
       "Effect": "Allow",
       "Action": [
            "ssmmessages:CreateControlChannel",
            "ssmmessages:CreateDataChannel",
            "ssmmessages:OpenControlChannel",
            "ssmmessages:OpenDataChannel"
       ],
      "Resource": "*"
      }
   ]
}

Check if ECS Exec is configured properly

export AWS_PROFILE=<PROFILE_NAME>
export AWS_REGION=<AWS_REGION>
 
bash <( curl -Ls https://raw.githubusercontent.com/aws-containers/amazon-ecs-exec-checker/main/check-ecs-exec.sh ) <CLUSTER_NAME> <TASK_ID>

SSH into ECS Container

aws ecs execute-command \
	--cluster <CLUSTER_NAME> \
	--task <TASK_ID> \
	--container <CONTAINER_NAME> \
	--interactive  \
	--command "/bin/sh" 

Don't want to type the command all the time?

You can make use of AWS Explorer which can be integrated into your code editor. Then you just need to click a few buttons to have a shell into the ECS Container. No more manual copy-paste and modifying the command!

Error Connecting?

Try create a new Task deployment