8

How is it possible to run a CLI command within a container that's using ECS/Fargate?

Ste
  • 591
  • 1
  • 9
  • 20
  • 1
    Possible duplicate of [Is it possible to SSH into FARGATE manged container instances?](https://stackoverflow.com/questions/52310447/is-it-possible-to-ssh-into-fargate-manged-container-instances) – Geoffrey Wiseman Dec 20 '18 at 15:53
  • It is possible to run SSHD based on those answers, although that's generally not something you want to have to do with Fargate. – Geoffrey Wiseman Dec 20 '18 at 15:54
  • What have you tried? What minimal context can you provide for running a CLI command in Fargate? – bluescores Jan 07 '19 at 19:31
  • If it is a one time command at container start you can try using environment variables with an entrypoint, put the environment variables in a secure location like secerts manager or ssm parameters of aws – Pixel May 04 '20 at 15:17
  • 2021: it IS possible to connect to a container running on ECS Fargate. Read this: https://aws.amazon.com/about-aws/whats-new/2021/03/amazon-ecs-now-allows-you-to-execute-commands-in-a-container-running-on-amazon-ec2-or-aws-fargate/ – Pierre Nov 17 '21 at 19:12

5 Answers5

3

DEPRECATED: As mentioned on this answer (How can I run commands in a running container in AWS ECS using Fargate) you cannot do it due to the fact AWS doesn't give you access to the underlying infrastructure.

UPDATE: Pierre below mentions an announcement from AWS allowing to do just that.

tekneee
  • 612
  • 1
  • 6
  • 10
  • 1
    2021: it IS possible now: https://aws.amazon.com/about-aws/whats-new/2021/03/amazon-ecs-now-allows-you-to-execute-commands-in-a-container-running-on-amazon-ec2-or-aws-fargate/ – Pierre Nov 17 '21 at 19:26
3

AWS have now launched Amazon ECS Exec, which allows you to directly interact with containers: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-exec.html.

Tim Mortimer
  • 31
  • 1
  • A few requirements to this though: If using AWS CLI, only v1 is supported not v2. Only work on new tasks, not existing tasks. – Steven Yong May 10 '21 at 00:11
1

As i know and having experience on ECS you are not allowed to do it. aws does not give you access to the underlying resources.

if you are using fargate + EC2 Configuration then also it is not to access EC2.

Harsh Manvar
  • 27,020
  • 6
  • 48
  • 102
0

I don't know if this is what you are trying to achieve, but if you want you can run a command on a new container that you instantiate for the occasion through a CloudWatch Rule

It will be enough to create a new task definition and indicate the command to execute (in the example executing a Laravel command)

ECSReputationSchedulerTask:
  Type: AWS::ECS::TaskDefinition
  Properties:
    Cpu: 256
    ExecutionRoleArn: !ImportValue ECSTaskExecutionRole
    Family: TaskDefinitionFamily
    Memory: 512
    NetworkMode: awsvpc
    RequiresCompatibilities:
      - FARGATE
    ContainerDefinitions:
      -
        Command:
          - "php"
          - "/home/application/artisan"
          - "execute:operation"
        Name: 'MySchedulerContainer'
        ...

and then reference it into a CloudWatch rule (unfortunately this can't be done via CloudFormation yet)

Ing. Luca Stucchi
  • 3,070
  • 6
  • 36
  • 58
0

You may be able to script your container to execute a cli command, but you cannot ssh into the container though. If you can invoke a .sh file from the CMD command in the Dockerfile, the cli command will get executed as long as you have aws-cli installed on the docker image.
In the Dockerfile make sure to run pip3 install awscli --upgrade --user before you invoke your script that contains cli commands.

As an alternative, you can use boto3 for Python or the AWS SDK for JavaScript, which both have comprehensive documentation and enable you to run all the commands you could have run via cli

tanvi
  • 568
  • 2
  • 11
  • 32