This works for Fargate or Farget_spot to get terminal access, using SSM. This is not really using SSH. Your ECS instance doesn't have to have SSH port open for this to work.
1. Enable ExecuteCommand on your ECS service.
aws ecs update-service --service myservice-v2 --enable-execute-command --cluster mycluster --region us-east-1
2. Update the Task Role of the myservice-v2 with: FullSSMPermission
To find out the name of the task role, use AWS console and find it listed under your ECS service)
3. Start a new task in that service, and remember its task id.
Usually this can be done by stopping a task and let autoscaling policy to bring up a new node. The newly started task will have the ExecuteCommand setting that you setup earlier. This makes it possible to get to its terminal.
The task id looks like something in this format: 01b46facf93d44b2ba3e3cf296dcaa30
4. "SSH" into the new node by its task id.
aws ecs execute-command --region us-east-1 --cluster mycluster --task 01b46facf93d44b2ba3e3cf296dcaa30 --container myContainer --command /bin/bash --interactive
This should give you a terminal to the Fargate node.
5. If you cannot ssh in, find out what's missing in your setting from this checker:
https://github.com/aws-containers/amazon-ecs-exec-checker
Install the missing libraries until your machine passes the checker.
No comments:
Post a Comment