Fargate Windows container with pseudoTerminal - amazon-web-services

I am trying to create a fargate container to house a long running .net framework console app. The docker image I created works fine locally when i use the -t option. Trying to replicate this in fargate i set the psuedoTerminal option to true. Doing this causes the task not to start with the error
CannotStartContainerError: ResourceInitializationError: failed to create new container runtime task: failed to create shim: if using terminal, stderr must be empty: failed precondition
Here is the dockerfile i was using
FROM mcr.microsoft.com/windows/servercore:ltsc2019
RUN powershell.exe Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
RUN powershell.exe Install-Module -Name AWS.Tools.Installer -RequiredVersion 1.0.2.4 -Force
RUN powershell.exe Install-AWSToolsModule AWS.Tools.SQS,AWS.Tools.S3 -CleanUp -Force
COPY script.ps1 /app/script.ps1
ENTRYPOINT ["powershell.exe", "C:\\app\\script.ps1"]

Related

How to properly use AWS Secrets Manager in a Elastic Beanstalk Deployment on Windows Server

Im trying to pass my applications connectionstring from Secrets Manager into Elastic Beanstalk during deployment. If i remote desktop onto the server i am deploying to, i can run the following command -
aws secretsmanager get-secret-value --secret-id XXX-MY-SECRET-ID --version-stage AWSCURRENT --query=SecretString --output text
And it outputs correctly. All good.
However when i try and automate this through the .ebextensions folder, it always returns an empty string.
So ive tried lots of things, firstly using a container command to point to a Powershell file that i placed in the .ebextensions folder, like so -
container_commands:
00-myscript:
command : powershell.exe -ExecutionPolicy Bypass -Command ".\\.ebextensions\\BuildConnectionStrings.ps1"
Then the Powershell command would be
$response = aws secretsmanager get-secret-value --secret-id XXX-MY-SECRET-ID --version-stage AWSCURRENT --query=SecretString --output text
$FileName = "ConnectionStrings.config"
New-Item $FileName -ItemType File
Set-Content $FileName $response
If i run this directly in powershell, it all works as expected. But when i deploy the site, it just creates an empty file.
Ive tried various combinations of putting the Powershell commands directly in the .ebextensions config files, always with the same result.
I just cant figure out why the same commands work when i run them directly on the server, but not when deployed through EB.
Ive been stuck for days on this, can anyone help?
So for anyone else that has this problem...
Simply installing the aws cli on the server is not enough. The error i was getting was caused by PowerShell not recognising the aws command (even tho it had been installed).
The solution was to run the following code at the beginning of my script -
$command = "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12"
Invoke-Expression $command
Invoke-WebRequest -Uri "https://awscli.amazonaws.com/AWSCLIV2.msi" -Outfile C:\AWSCLIV2.msi
$arguments = "/i `"C:\AWSCLIV2.msi`" /quiet"
Start-Process msiexec.exe -ArgumentList $arguments -Wait
$env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine")
aws --version
This ensured that the aws cli would be installed (again).
I dont know why this is necessary, but its the only solution ive found

Accessing S3 object using docker run command through Boto3, throws ProfileNotFound exceptions but works well when run through python

I am working on a project, where I need to read Text File from S3 bucket using Boto3. Then need to dockerize my application. I Implemented my code using Boto3, its running Perfectly fine(Note: Taking two arguments through argparser with switches -p and -n). But when I try the same using Docker run
PS **my Working Directory** > docker run --rm Image_name -p Argument1 -n Argument2
<class 'botocore.exceptions.ProfileNotFound'> Code.py 92
I searched lot of things on it, my understanding is AWS container directory is unable to locate my Credential File and config file stored in my home directory/.aws folder.
What I Tried:
1. Path mounting as below:
PS **my Working Directory** > docker run --rm -it -v %userprofile%\.aws:/root/.aws
amazon/aws-cli
docker: Error response from daemon: %!u(string=is not a valid Windows path)serprofile%!\
(MISSING).aws.
See 'docker run --help'.
I completely don't understand what's wrong with the syntax. I tried manually inputting my user profile directory in the %userprofile% as C:/Users/Deepak
Then Strangely WSL2(backend) popup comes saying using passing containers on windows may poorly work.
I am not sure what it means. Does it have any effect on Docker containers build on windows environment?
2. I moved my Credential and Config file in my working directory as well and tried below code:
PS my Working Directory > docker run --rm -it -v ${PWD}:/root/.aws amazon/aws-cli Image_name -p
Argument1 -n Argument2

Getting Init Failed error when building container for AWS Lambda

Building an AWS Lambda function from a Docker Container using this tutorial as a base for my project:
However, when I build the container and attempt to run it using SAM, this is the set of errors I get everytime:
time="2021-02-19T21:43:03.87" level=error msg="Init failed" InvokeID= error="fork/exec /entry.sh: exec format error"
time="2021-02-19T21:43:03.87" level=error msg="INIT DONE failed: Runtime.InvalidEntrypoint"
FROM python-alpine
# Copy in the built dependencies
COPY --from=build-image . .
# (Optional) Add Lambda Runtime Interface Emulator and use a script in the ENTRYPOINT for simpler local runs
ADD aws-lambda-rie /usr/bin/aws-lambda-rie
COPY . .
COPY entry.sh /
COPY aws-lambda-rie /usr/bin/
RUN chmod 755 /usr/bin/aws-lambda-rie /entry.sh
ENTRYPOINT [ "/entry.sh" ]
CMD ["app.handler"]
Above is the last part of the Dockerfile to package everything created in the build-image container earlier in the script.
The entry.sh file contents are below. The purpose of the file is to tell the container to run the aws lambda handler function stated in the last line of the Dockerfile.
if [ -z "${AWS_LAMBDA_RUNTIME_API}" ]; then
exec /usr/bin/aws-lambda-rie /usr/local/bin/python3 -m awslambdaric $1
else
exec /usr/local/bin/python3 -m awslambdaric $1
fi
If anyone know or has any ideas as to what it could be, it is very much appreciated.

How to make windows EC2 user data script run again on startup?

A user data script will run the first time an EC2 is started.
How can I restore/reactivate this ability on a windows EC2?
Note
I have tried the script suggested here but it fails immediately as there is no file C:\Program Files\Amazon\Ec2ConfigService\Settings\Config.xml and nothing similarly named (not that I found; not even an Ec2ConfigService directory)
Also note, my question is identical to this question but for windows ec2, not linux
I understand that the point is about just running user-data, and not all the other stuff ...
To run (only) user-data script, you can run it by:
Import-Module (Join-Path (Join-Path $env:ProgramData -ChildPath "Amazon\EC2-Windows\Launch") -ChildPath "Module\Ec2Launch.psd1")
Invoke-Userdata -OnlyExecute
let's say you save this as 'C:\ProgramData\Amazon\EC2-Windows\Launch\Config\run-user-data.ps1', then you can use PowerShell to schedule a new task to run at startup:
$Action = New-ScheduledTaskAction -Execute 'Powershell.exe' -Argument '-ExecutionPolicy Bypass C:\ProgramData\Amazon\EC2-Windows\Launch\Config\run-user-data.ps1'
$Trigger = New-ScheduledTaskTrigger -AtStartup
$Settings = New-ScheduledTaskSettingsSet
$Task = New-ScheduledTask -Action $Action -Trigger $Trigger -Settings $Settings
Register-ScheduledTask -TaskName 'Execute user-data' -InputObject $Task -User 'NT AUTHORITY\SYSTEM' -Force
I use this sort of solution by creating the mentioned file and command on 'AWS::CloudFormation::Init' sections.
Hope it helps!

URL Rewrite 2.0 installation fails on Docker

I'm trying to get URL Rewrite 2.0 installed using this Dockerfile:
FROM microsoft/aspnet:4.6.2
WORKDIR /inetpub/wwwroot
COPY obj/Docker/publish .
ADD https://download.microsoft.com/download/C/9/E/C9E8180D-4E51-40A6-A9BF-776990D8BCA9/rewrite_amd64.msi /install/rewrite_amd64.msi
RUN net start MSIServer
RUN msiexec.exe /i c:\install\rewrite_amd64.msi /quiet /passive /qn /L*v "C:\package.log"
When I build the container image, I see this error message:
The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.
Looking at package.log after running the container, I see this:
SI (c) (30:A4) [08:32:10:438]: Failed to connect to server. Error: 0x80040150
SI (c) (30:A4) [08:32:10:438]: Note: 1: 2774 2: 0x80040150: 2774 2: 0x80040150
Executing net start msiserver on the running container returns a message that the service is already started, and Google says 0x80040150 could be a problem reading the registry.
Is it expected that installing URL Rewrite this way should work, or do I need to elevate permissions somehow?
Update: Running the same msiexec command on the running container successfully installs URL Rewrite.
I finally figured it out thanks to this article. Using PowerShell to run msiexec with the appropriate switches works. Oddly, it threw "Unable to connect to the remote server" when trying to also download the MSI using PowerShell, so I resorted to using ADD.
Here's the relevant portion of my Dockerfile:
WORKDIR /install
ADD https://download.microsoft.com/download/C/9/E/C9E8180D-4E51-40A6-A9BF-776990D8BCA9/rewrite_amd64.msi rewrite_amd64.msi
RUN Write-Host 'Installing URL Rewrite' ; \
Start-Process msiexec.exe -ArgumentList '/i', 'rewrite_amd64.msi', '/quiet', '/norestart' -NoNewWindow -Wait