Unlike AWS ECS EC2 launch type, Fargate does not allow backend access. To enable backend access, you have to update your task definition and the task role. This post will help you enable docker container access of a fargate task. The only requirement before enabling ecs exec on fargate is that the platform version need to be 1.4.
Step 1 : Update the task role
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ssmmessages:CreateControlChannel",
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenControlChannel",
"ssmmessages:OpenDataChannel"
],
"Resource": "*"
}
]
}
Step 2: Force update an existing service to enable execute command.
aws ecs update-service –service test-service –cluster test –region eu-west-1 –enable-execute-command –force-new-deployment –profile=<aws profile name>
After updating the service, if you check the task definition, you will be able to see that following line has been added.
"enableExecuteCommand": true,
Step 3: Check if the exec agent is running and enabled.
aws ecs execute-command –region eu-west-1 –profile=<aws profile name> –cluster test –task <task id> –container <container name> –interactive –command sh
