Quick Guide: Logging into Your Fargate Containers on AWS ECS
AWS ECS (Elastic Container Service) is a powerful container management service that simplifies the process of running, managing, and scaling Docker containers on AWS. Connecting to ECS containers is a crucial step in the deployment process, allowing users to interact with their applications and services seamlessly. In this guide, we will explore how to connect to AWS ECS containers in a few straightforward steps.
STEP 1: Attach SSM Policy to the existing ECS Task IAM role
Create the below SSM policy and attach it to the ECS Task IAM role, this policy will allow connection to ECS task using Session Manager Service (SSM).
{
"Version": "2012-10-17",
"Statement":[
{
"Effect": "Allow",
"Action": [
"ssmmessages:CreateControlChannel",
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenControlChannel",
"ssmmessages:OpenDataChannel"
],
"Resource": "*"
}
]
}
Now create a new ECS Task IAM role with the above SSM policy and attach the role to the ECS task definition from dropdown as
STEP 2: Now on a remote machine from where we want to connect to the ECS container:
Install Session Manager Plugin
Now add the below IAM role policy for a User/AWS resource to execute ECS commands
{
"Version": "2012-10-17",
"Statement":[
{
"Effect": "Allow",
"Action": [
"ecs:ExecuteCommand",
"ecs:DescribeTasks",
"ecs:UpdateService",
"iam:PassRole"
],
"Resource": "*"
}
]
}
aws ecs update-service --cluster <cluster-name> --task-definition <task-definition-name> --enable-execute-command --service <service-name>
Below is the sample output, scroll down to find "enableExecuteCommand": true
aws ecs describe-tasks --cluster <cluster-name> --tasks <task-id>
Command to connect to ECS Fargate Container
aws ecs execute-command –cluster <cluster-name> --task <task-id> --container <container-name> --interactive --command "/bin/sh"
