How to enter into AWS Fargate Container

This blog is for those who are tired of trying to exec into AWS Fargate containers. Even after referring to ChatGPT and various online blogs, you still couldn't find a solution to get inside a Fargate container. Here is the short and on-point solution you've been looking for.

Pre-requisites

AWS CLI Installed and Configured:
- Install AWS CLI v2 or later if you haven’t already.
- Ensure your CLI is configured with the correct region and credentials (aws configure).

IAM Permissions:

Add SSM permissions to the Task IAM role:
You should add the following policy to your existing ECS task IAM role. This grants permission for the ECS task to connect with the SSM Session Manager service.

Click ecsTaskExecutionRole > Add Permission > Create inline policy > Switch to JSON > Paste the below policy then save. Do this for both the policies.

  {
     "Version": "2012-10-17",
     "Statement": [
         {
         "Effect": "Allow",
         "Action": [
              "ssmmessages:CreateControlChannel",
              "ssmmessages:CreateDataChannel",
              "ssmmessages:OpenControlChannel",
              "ssmmessages:OpenDataChannel"
         ],
        "Resource": "*"
        }
     ]
  }

Add ECS Execute Command permission to your Task IAM role:

Make sure your IAM role contains a policy that allows the action ecs:ExecuteCommand. Otherwise, you’re not able to run aws ecs execute-command in the AWS CLI in order to access the running container.

✍️ Alter “Resource” value with ECS cluster arn in the below policy⬇️.

  {
    "Version": "2012-10-17",
    "Statement": [
      {
        "Effect": "Allow",
        "Action": "ecs:ExecuteCommand",
        "Resource": "arn:aws:ecs:example-region:example-arn:cluster/example-cluster/*"
      }
    ]
  }

AWS Session Manager Plugin Installed:
- Install the Session Manager Plugin for AWS CLI.

Steps to Execute into a Container

1. Identify Your Cluster and Task

Find the ECS cluster name and the task running your container:

  aws ecs list-clusters

  aws ecs list-tasks --cluster <your-cluster-name>

2. Describe the Task

Get details about the task, including the container name:

  aws ecs describe-tasks --cluster <your-cluster-name> --tasks <task-id>

3. Enable Execute Command on the Task

Now you need to enable the ECS Exec feature on existing ECS service and deploy the new task by using the below command.

  aws ecs update-service \
      --cluster <cluster-name> \
      --task-definition <task-definition-name> \
      --service <service-name> \
      --enable-execute-command \
      --force-new-deployment

After executing the above command, wait for the new task to deploy successfully.

4. Execute the Command

To open an interactive shell inside the container, replace /bin/bash with /bin/sh if bash is not available in your container.

  aws ecs execute-command --cluster <cluster-name> \
      --task <task-id> \
      --container <container-name> \
      --interactive \
      --command "/bin/sh"

This is the output you’ll see when you’re executing aws ecs execute-command on an actual running container.

  aws ecs execute-command --cluster <cluster-name> \
      --task <task-id> \
      --container <container-name> \
      --interactive \
      --command "/bin/sh"

  The Session Manager plugin was installed successfully. Use the AWS CLI to start a session.

  Starting session with SessionId: ecs-execute-command-5tap5jrfpg8g5p2o5z8opsfqxe
  #

By following these steps, you can 🤩 successfully enable and use the ECS Exec feature to open an interactive shell inside a running container.

If you have any suggestions, ideas, or thoughts to add, feel free to drop them in the comments. 👇📩

Your feedback means a lot! Don’t forget to hit that like❤️ button to show your support and stay tuned for more content. 🔔

⭐Thanks again!

#ecs #aws #ecs_fargate #getintokube #getintokube_blogs #aws #ecs #ecs_fargate #How_to_Enter_into_ AWS_Fargate_Container #How_to_exec_into_AWS_Fargate_Container

How to Enter into AWS Fargate Container 💡