-
Notifications
You must be signed in to change notification settings - Fork 0
ECS Elastic Container Service
Prayag edited this page Dec 10, 2022
·
3 revisions
- https://github.com/aws-containers/amazon-ecs-exec-checker
- https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html#install-plugin-macos
CLUSTER_NAME=platform-cluster
TASK_ID=???
CONTAINER_NAME=???
export AWS_PROFILE=???
export AWS_REGION=us-east-1
## https://github.com/aws-containers/amazon-ecs-exec-checker
bash <( curl -Ls https://raw.githubusercontent.com/aws-containers/amazon-ecs-exec-checker/main/check-ecs-exec.sh ) $CLUSTER_NAME $TASK_ID
-------------------------------------------------------------
Prerequisites for check-ecs-exec.sh v0.7
-------------------------------------------------------------
jq | OK (/usr/local/bin/jq)
AWS CLI | OK (/usr/local/bin/aws)
-------------------------------------------------------------
Prerequisites for the AWS CLI to use ECS Exec
-------------------------------------------------------------
AWS CLI Version | OK (aws-cli/2.9.5 Python/3.11.0 Darwin/21.6.0 source/x86_64 prompt/off)
Session Manager Plugin | OK (1.2.398.0)
-------------------------------------------------------------
Checks on ECS task and other resources
-------------------------------------------------------------
Region : us-east-1
Cluster: ???
Task : ???
-------------------------------------------------------------
Cluster Configuration |
KMS Key : Not Configured
Audit Logging : OVERRIDE
S3 Bucket Name: Not Configured
CW Log Group : /ecs/???, Encryption Enabled: false
Can I ExecuteCommand? | arn:aws:iam::???:role/aws-reserved/sso.amazonaws.com/???
ecs:ExecuteCommand: implicitDeny
ssm:StartSession denied?: implicitDeny
Task Status | RUNNING
Launch Type | Fargate
Platform Version | 1.4.0
Exec Enabled for Task | OK
Container-Level Checks |
----------
Managed Agent Status
----------
1. RUNNING for "???"
----------
Init Process Enabled (???TaskDefinition:1)
----------
1. Disabled - "???"
----------
Read-Only Root Filesystem (???TaskDefinition:1)
----------
1. Disabled - "???"
Task Role Permissions | arn:aws:iam::???:role/???-TaskRole
ssmmessages:CreateControlChannel: implicitDeny
ssmmessages:CreateDataChannel: implicitDeny
ssmmessages:OpenControlChannel: implicitDeny
ssmmessages:OpenDataChannel: implicitDeny
-----
logs:DescribeLogGroups: implicitDeny
logs:CreateLogStream: implicitDeny
logs:DescribeLogStreams: implicitDeny
logs:PutLogEvents: implicitDeny
VPC Endpoints |
Found existing endpoints for vpc-???:
- com.amazonaws.us-east-1.s3
- com.amazonaws.us-east-1.dynamodb
SSM PrivateLink "com.amazonaws.us-east-1.ssmmessages" not found. You must ensure your task has proper outbound internet connectivity. Environment Variables | (???TaskDefinition:1)
1. container "???"
- AWS_ACCESS_KEY: not defined
- AWS_ACCESS_KEY_ID: not defined
- AWS_SECRET_ACCESS_KEY: not definedcurl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/mac/sessionmanager-bundle.zip" -o "sessionmanager-bundle.zip"
unzip sessionmanager-bundle.zip
sudo ./sessionmanager-bundle/install -i /usr/local/sessionmanagerplugin -b /usr/local/bin/session-manager-pluginaws ecs execute-command \
--region us-east-1 \
--cluster $CLUSTER_NAME \
--task $TASK_ID \
--container $CONTAINER_NAME \
--command "/bin/bash" \
--interactive \
--profile $AWS_PROFILE
aws ecs describe-tasks \
--cluster $CLUSTER_NAME \
--tasks $TASK_ID \
--region us-east-1
--profile $AWS_PROFILE \
| jq '.'