ssh, aws,

SSH into an AWS ECS Fargate-managed container

Jun 22, 2021 · 2 mins read · Post a comment

Managing servers from the developers’ side causes difficulties. To avoid such situations AWS offers Fargate, the new compute engine which will manage your ECS cluster depending on your application needs and let you focus on your work without self-managing. But sometimes if there are deeper issues you might need to SSH into the instance.

AWS announced the new Fargate feature where you can SSH into an AWS ECS Fargate-managed container. So in this tutorial, I will show you how.

Prerequisites

  • AWS account
  • AWS CLI

Establish SSH connection into fargate container

Step 1. Before we can connect to the Fargate container, please make sure that you have installed and configured aws cli properly.

If not you can find it at: AWS CLI

Step 2. To be able to connect to the Fargate container you will have to check your AWS CLI version.

aws --version

You need to make sure that you have at least version 2.0.0 otherwise you will not be able to connect.

Step 3. If you have a version that is less than 2.0.0 you need to update it with the following command:

curl -Lo ~/.local/aws.zip https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip; unzip ~/.local/aws.zip -d ~/.local/; ~/.local/aws/./install -u -i ~/.local/aws-cli -b ~/.local/bin; rm -rf ~/.local/aws/ ~/.local/aws.zip

Step 4. For the ECS task role we need to attach a policy that allows the container to open the secure channel session via SSM.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ssmmessages:CreateControlChannel",
                "ssmmessages:CreateDataChannel",
                "ssmmessages:OpenControlChannel",
                "ssmmessages:OpenDataChannel"
            ],
            "Resource": "*"
        }
}

Step 5. For the ECS task execution role attach the existing standard AWS managed policy AmazonECSTaskExecutionRolePolicy.

Step 6. Now you can SSH into the container using the following command:

aws ecs execute-command --region {name-of-the-region} --cluster {name-of-the-cluster} --task {task number} --container {container-name} --command "/bin/bash" --interactive

After executing the command you will be connected inside the container, and you can make the needed changes.

Conclusion

This tutorial shows you how can you connect your AWS ECS or EKS Fargate container through SSH. For more info visit the AWS documentation. Feel free to leave a comment below and if you find this tutorial useful, follow our official channel on Telegram.