SSH into Container from your own laptops. Great for debugging containers under ECS.

Setup Checklist:

Enable ECS Exec

For Existing ECS Cluster


Only new ECS Task under the ECS Service will have the ECS Exec enabled!

aws ecs update-service \
    --cluster <CLUSTER_NAME> \
    --service <SERVICE_NAME> \

New ECS Cluster

aws ecs create-service \
--cluster <CLUSTER_NAME> \
--task-definition <TASK-DEFINITION-NAME> \
--enable-execute-command \
--service-name <SERVICE_NAME> \
--desired-count 1
  • Based on what I know, there isn’t a way to enable ECS EXEC from the GUI console

Get into ECS Container

Install Session Manager Plugin for AWS Cli

brew install --cask session-manager-plugin

Add SSM permission via IAM Policy to the ECS Role

NOT the execution role!!!

   "Version": "2012-10-17",
   "Statement": [
       "Effect": "Allow",
       "Action": [
      "Resource": "*"

Check if ECS Exec is configured properly

bash <( curl -Ls https://raw.githubusercontent.com/aws-containers/amazon-ecs-exec-checker/main/check-ecs-exec.sh ) <CLUSTER_NAME> <TASK_ID>

SSH into ECS Container

aws ecs execute-command \
	--cluster <CLUSTER_NAME> \
	--task <TASK_ID> \
	--container <CONTAINER_NAME> \
	--interactive  \
	--command "/bin/sh" 

Don't want to type the command all the time?

You can make use of AWS Explorer which can be integrated into your code editor. Then you just need to click a few buttons to have a shell into the ECS Container. No more manual copy-paste and modifying the command!

Error Connecting?

Try create a new Task deployment