I'm trying to set up a couple of services with ECS Fargate, provisioned via Terraform. They use the same module, only image, ALB target group, environment variables and port mappings differ.
2 out 3 services start their tasks successfully only one (unfortunately the main service), doesn't want to start and shows Network bindings - not configured for the container. The port I'm using is 80.
The task definition has the correct port mappings.
I've tried changing the port (to 8080), use multiple port mappings and recreating the service multiple times to no effect.
Of course the task gets killed by the load balancer for failing health checks.
Any pointers what could be wrong? I found some Github issues regarding this from 2017, but on EC2-backed ECS instances, which has been claimed to be fixed.
For reference, here's the task definition JSON:
{
"ipcMode": null,
"executionRoleArn": "ROLE_ARN",
"containerDefinitions": [
{
"dnsSearchDomains": null,
"logConfiguration": {
"logDriver": "awslogs",
"secretOptions": null,
"options": {
"awslogs-group": "/drone",
"awslogs-region": "eu-central-1",
"awslogs-stream-prefix": "drone-server/"
}
},
"entryPoint": null,
"portMappings": [
{
"hostPort": 80,
"protocol": "tcp",
"containerPort": 80
}
],
"command": null,
"linuxParameters": null,
"cpu": 256,
"environment": [...],
"resourceRequirements": null,
"ulimits": null,
"dnsServers": null,
"mountPoints": [],
"workingDirectory": null,
"secrets": [...],
"dockerSecurityOptions": null,
"memory": 512,
"memoryReservation": 512,
"volumesFrom": [],
"stopTimeout": 30,
"image": "drone/drone:1",
"startTimeout": null,
"dependsOn": null,
"disableNetworking": null,
"interactive": null,
"healthCheck": null,
"essential": true,
"links": null,
"hostname": null,
"extraHosts": null,
"pseudoTerminal": null,
"user": null,
"readonlyRootFilesystem": false,
"dockerLabels": null,
"systemControls": null,
"privileged": null,
"name": "drone-server"
}
],
"placementConstraints": [],
"memory": "512",
"taskRoleArn": "ROLE_ARN",
"compatibilities": [
"EC2",
"FARGATE"
],
"taskDefinitionArn": "TASK_DEFINITION_ARN",
"family": "drone-server",
"requiresAttributes": [
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.execution-role-awslogs"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.21"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.task-iam-role"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.container-ordering"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.secrets.ssm.environment-variables"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.task-eni"
}
],
"pidMode": null,
"requiresCompatibilities": [
"FARGATE"
],
"networkMode": "awsvpc",
"cpu": "256",
"revision": 14,
"status": "ACTIVE",
"proxyConfiguration": null,
"volumes": []
}```
With ECS on EC2, your container port (like 80) is mapped to a dynamic port on the host (like 35467) and then registers this port with the TargetGroup with type 'instance'. (Technically, this happens if you send a zero as the host port mapped to port 80 on the container. AWS takes this as 'dynamically assign a port on the host')
The big difference in Fargate is it uses ENIs attached to task for networking and each task gets its own private IP address (can be public if you want as well).
Then, with that unique IP address (as opposed to instance-unique port) it
registers the unique IP address with port 80 to the TargetGroup with type 'ip'.
So two things could be going wrong... first of all, on Fargate, your task must have the same host port and container port (e.g. 80:80), and you must be sure it's registering to the TargetGroup with type 'ip'.
I am not a terraform user, so not sure how much of that is in your control, but I suspect one of those two things is not right and causing your web service/task to not launch correctly.
For reference, here's the task definition JSON:
{
"ipcMode": null,
"executionRoleArn": "ROLE_ARN",
"containerDefinitions": [
{
"dnsSearchDomains": null,
"logConfiguration": {
"logDriver": "awslogs",
"secretOptions": null,
"options": {
"awslogs-group": "/drone",
"awslogs-region": "eu-central-1",
"awslogs-stream-prefix": "drone-server/"
}
},
"entryPoint": null,
"portMappings": [
{
"hostPort": 80,
"protocol": "tcp",
"containerPort": 80
}
],
"command": null,
"linuxParameters": null,
"cpu": 256,
"environment": [...],
"resourceRequirements": null,
"ulimits": null,
"dnsServers": null,
"mountPoints": [],
"workingDirectory": null,
"secrets": [...],
"dockerSecurityOptions": null,
"memory": 512,
"memoryReservation": 512,
"volumesFrom": [],
"stopTimeout": 30,
"image": "drone/drone:1",
"startTimeout": null,
"dependsOn": null,
"disableNetworking": null,
"interactive": null,
"healthCheck": null,
"essential": true,
"links": null,
"hostname": null,
"extraHosts": null,
"pseudoTerminal": null,
"user": null,
"readonlyRootFilesystem": false,
"dockerLabels": null,
"systemControls": null,
"privileged": null,
"name": "drone-server"
}
],
"placementConstraints": [],
"memory": "512",
"taskRoleArn": "ROLE_ARN",
"compatibilities": [
"EC2",
"FARGATE"
],
"taskDefinitionArn": "TASK_DEFINITION_ARN",
"family": "drone-server",
"requiresAttributes": [
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.execution-role-awslogs"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.21"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.task-iam-role"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.container-ordering"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.secrets.ssm.environment-variables"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.task-eni"
}
],
"pidMode": null,
"requiresCompatibilities": [
"FARGATE"
],
"networkMode": "awsvpc",
"cpu": "256",
"revision": 14,
"status": "ACTIVE",
"proxyConfiguration": null,
"volumes": []
}```
Apparently Fargate is not very good at reporting errors or displaying state. It doesn't show all the environment variables or the correct status in the AWS console, but somehow works anyways.
Morale of the story is, if something doesn't show up in the console, make sure to test if it does actually not work.
I honestly can't tell a solution to my issues, since when I turned on trace logging on the Drone CI server via an environment variable, it went away.
Related
I want to ask about any feature that allows normal files uploads.
I tried to use the AWS EFS, but it keeps showing errors.
this is the error I'm getting:
ResourceInitializationError: failed to invoke EFS utils commands to set up EFS volumes: stderr: Failed to resolve "fs-0d3a6954788af5d3c.efs.us-east-1.amazonaws.com" - check that your file system ID is correct, and ensure that the VPC has an EFS mount target for this file system ID. See https://docs.aws.amazon.com/console/efs/mount-dns-name for more detail. Attempting to lookup mount target ip address using botocore. Failed to import necessary dependency botocore, please install botocore first. : unsuccessful EFS utils command execution; code: 1
And this is the task definition in JSON
{
"ipcMode": null,
"executionRoleArn": "arn:aws:iam::ACCOUNTID:role/ecsTaskExecutionRole",
"containerDefinitions": [
{
"dnsSearchDomains": null,
"environmentFiles": null,
"logConfiguration": {
"logDriver": "awslogs",
"secretOptions": null,
"options": {
"awslogs-group": "/ecs/laravel-test",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "ecs"
}
},
"entryPoint": null,
"portMappings": [
{
"hostPort": 80,
"protocol": "tcp",
"containerPort": 80
}
],
"command": null,
"linuxParameters": null,
"cpu": 0,
"environment": [],
"resourceRequirements": null,
"ulimits": null,
"dnsServers": null,
"mountPoints": [
{
"readOnly": null,
"containerPath": "/var/www/storage/app/public",
"sourceVolume": "storage"
}
],
"workingDirectory": null,
"secrets": null,
"dockerSecurityOptions": null,
"memory": null,
"memoryReservation": null,
"volumesFrom": [],
"stopTimeout": null,
"image": "ACCOUNTID.dkr.ecr.us-east-1.amazonaws.com/laravel-s3",
"startTimeout": null,
"firelensConfiguration": null,
"dependsOn": null,
"disableNetworking": null,
"interactive": null,
"healthCheck": null,
"essential": true,
"links": null,
"hostname": null,
"extraHosts": null,
"pseudoTerminal": null,
"user": null,
"readonlyRootFilesystem": null,
"dockerLabels": null,
"systemControls": null,
"privileged": null,
"name": "laravel-test"
}
],
"placementConstraints": [],
"memory": "1024",
"taskRoleArn": null,
"compatibilities": [
"EC2",
"FARGATE"
],
"taskDefinitionArn": "arn:aws:ecs:us-east-1:ACCOUNTID:task-definition/laravel-test:1",
"family": "laravel-test",
"requiresAttributes": [
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.execution-role-awslogs"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.efsAuth"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.ecr-auth"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.efs"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.25"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.execution-role-ecr-pull"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.task-eni"
}
],
"pidMode": null,
"requiresCompatibilities": [
"FARGATE"
],
"networkMode": "awsvpc",
"runtimePlatform": {
"operatingSystemFamily": "LINUX",
"cpuArchitecture": null
},
"cpu": "512",
"revision": 1,
"status": "ACTIVE",
"inferenceAccelerators": null,
"proxyConfiguration": null,
"volumes": [
{
"fsxWindowsFileServerVolumeConfiguration": null,
"efsVolumeConfiguration": {
"transitEncryptionPort": null,
"fileSystemId": "fs-0d3a6954788af5d3c",
"authorizationConfig": {
"iam": "DISABLED",
"accessPointId": null
},
"transitEncryption": "DISABLED",
"rootDirectory": "/data"
},
"name": "storage",
"host": null,
"dockerVolumeConfiguration": null
}
]
}
The final solution for me is to use ECS with EC2 on demand and EPS but I really want it to be without any EC2.
Is there any suggestion for me or any idea how to use the EFS without any errors?
I just found this solution and it's about defining the security group on creation
ECS and EFS connection issue
At the end still facing errors, I'm moving files to S3
I am deploying Jenkins slaves on ECS. I followed the following article and provisioned it with AWS CDK link. However, when I started the task definition for Jenkins agent, the status of task was stuck at PROVISIONING. I checked the CloudWatch logs and got the following error:
Full logs
2022-05-20 17:34:36.687+0000 [id=194] INFO c.c.j.p.amazonecs.ECSLauncher#launchECSTask: [ecs-cloud-ecs-xnsn0]: ContainerInstanceArn: null
com.amazonaws.waiters.WaiterUnrecoverableException: Resource never entered the desired state as it failed.
Here is the task definition of the Jenkins agent:
{
"ipcMode": null,
"executionRoleArn": "arn:aws:iam::251623506909:role/ecsTaskExecutionRole",
"containerDefinitions": [
{
"dnsSearchDomains": null,
"environmentFiles": null,
"logConfiguration": {
"logDriver": "awslogs",
"secretOptions": null,
"options": {
"awslogs-group": "ECSLogGroup-jenkins-for-ecs-with-agents",
"awslogs-region": "us-east-2",
"awslogs-stream-prefix": "jenkins-agent"
}
},
"entryPoint": null,
"portMappings": [
{
"hostPort": 8080,
"protocol": "tcp",
"containerPort": 8080
}
],
"command": null,
"linuxParameters": null,
"cpu": 1024,
"environment": [],
"resourceRequirements": null,
"ulimits": null,
"dnsServers": null,
"mountPoints": [],
"workingDirectory": null,
"secrets": null,
"dockerSecurityOptions": null,
"memory": null,
"memoryReservation": 2048,
"volumesFrom": [],
"stopTimeout": null,
"image": "jenkins/inbound-agent:windowsservercore-1809",
"startTimeout": null,
"firelensConfiguration": null,
"dependsOn": null,
"disableNetworking": null,
"interactive": null,
"healthCheck": null,
"essential": true,
"links": null,
"hostname": null,
"extraHosts": null,
"pseudoTerminal": null,
"user": null,
"readonlyRootFilesystem": null,
"dockerLabels": null,
"systemControls": null,
"privileged": false,
"name": "ecs-cloud-jenkins-agent"
}
],
"placementConstraints": [],
"memory": "2048",
"taskRoleArn": "arn:aws:iam::251623506909:role/ecsTaskRole",
"compatibilities": [
"EC2",
"FARGATE"
],
"taskDefinitionArn": "arn:aws:ecs:us-east-2:251623506909:task-definition/ecs-cloud-jenkins-agent:136",
"family": "ecs-cloud-jenkins-agent",
"requiresAttributes": [
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.execution-role-awslogs"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.21"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.task-iam-role"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.task-eni"
}
],
"pidMode": null,
"requiresCompatibilities": [
"FARGATE"
],
"networkMode": "awsvpc",
"runtimePlatform": {
"operatingSystemFamily": "WINDOWS_SERVER_2019_CORE",
"cpuArchitecture": "X86_64"
},
"cpu": "1024",
"revision": 136,
"status": "ACTIVE",
"inferenceAccelerators": null,
"proxyConfiguration": null,
"volumes": []
}
I tried with port 50000 and different OS and images but it keeps failing.
The security groups for Jenkins master and agent are set to allow all traffic.
What I have are Python Scripts that listen to SQS and Process messages received from those.These are dockerized and uploaded to ECR. What the requirement is to run this docker on ECS using EC2 and Scale up/in based on the number of messages from sqs.
The issue is I am not able to run the tasks defined, I think the reason for it is the health check is not set, so I set it to CMD_SHELL, ps aux | grep "Python" || exit 1 , but of no use can anyone help me with it. Also is it possible to run Non-Web application on ECS.
If anyone has any documents please point me put to it.
I am posting my container definition here
i-00bd43d507b521acc
{
"ipcMode": null,
"executionRoleArn": "arn",
"containerDefinitions": [
{
"dnsSearchDomains": null,
"environmentFiles": null,
"logConfiguration": {
"logDriver": "awslogs",
"secretOptions": null,
"options": {
"awslogs-group": "python-extract",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "ecs"
}
},
"entryPoint": [
"/bin/sh",
"-c",
"/tmp/bin/main"
],
"portMappings": [
{
"hostPort": 0,
"protocol": "tcp",
"containerPort": 80
}
],
"command": null,
"linuxParameters": null,
"cpu": 256,
"environment": [
],
"resourceRequirements": null,
"ulimits": null,
"dnsServers": null,
"mountPoints": [],
"workingDirectory": null,
"secrets": null,
"dockerSecurityOptions": null,
"memory": null,
"memoryReservation": 512,
"volumesFrom": [],
"stopTimeout": null,
"image": "<docker-registery:latest>",
"startTimeout": null,
"firelensConfiguration": null,
"dependsOn": null,
"disableNetworking": null,
"interactive": null,
"healthCheck": {
"retries": 3,
"command": [
"ps aux | grep "python" || exit 1"
],
"timeout": 5,
"interval": 30,
"startPeriod": 5
},
"essential": true,
"links": null,
"hostname": null,
"extraHosts": null,
"pseudoTerminal": null,
"user": null,
"readonlyRootFilesystem": null,
"dockerLabels": null,
"systemControls": null,
"privileged": null,
"name": "python-extract"
}
],
"placementConstraints": [],
"memory": "1024",
"taskRoleArn": "arn:aws:iam::<is>:role/ecsTaskRole",
"compatibilities": [
"EC2",
"FARGATE"
],
"taskDefinitionArn": "<ecsTaskRole>",
"family": "map-extractor",
"requiresAttributes": [
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.execution-role-awslogs"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.ecr-auth"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.21"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.task-iam-role"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.container-health-check"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.execution-role-ecr-pull"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.task-eni"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.29"
}
],
"pidMode": null,
"requiresCompatibilities": [
"EC2"
],
"networkMode": "awsvpc",
"cpu": "256",
"revision": 6,
"status": "ACTIVE",
"inferenceAccelerators": null,
"proxyConfiguration": null,
"volumes": []
}
Any suggestion on whether it's possible to run non-server containers on ECS would be of great help or any one has done it please let me know what should be the healtchecks
"healthCheck" is not required for running ECS task. I would recommend you to check the stop status of the task and viewing the logs of the task in the "python-extract" CloudWatch log group.
Until recently ECS is not running my program. I've set up a cluster, container, task and service on ECS, and it has worked fine.
When I trigger the program to run via lambda, ECS starts up like normal, but it does not run the task. I ran the following commands and it looks like the task isn't even running even though ECS is running.
curl -s http://localhost:51678/v1/metadata | python -mjson.tool
output:
{
"Cluster": "newsapi-dev",
"ContainerInstanceArn": "arn:aws:ecs:us-east-1:649469097921:container-instance/newsapi-dev/dbdac61426954f3b9cb8e89c4eabcd3e",
"Version": "Amazon ECS Agent - v1.51.0 (5c821610)"
}
Then I ran
curl http://localhost:51678/v1/tasks
output:
{"Tasks":[]}
So it seems that ECS isn't running the task. I'm not sure what has happened because the program ran normally, and I would see the logs in cloud watch.
Furthermore, Docker ps -a on the EC2 instances just shows the amazon container running
Below is my task definition:
{
"ipcMode": null,
"executionRoleArn": null,
"containerDefinitions": [
{
"dnsSearchDomains": null,
"environmentFiles": null,
"logConfiguration": {
"logDriver": "awslogs",
"secretOptions": null,
"options": {
"awslogs-group": "new-api-log",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "ecs"
}
},
"entryPoint": null,
"portMappings": [],
"command": null,
"linuxParameters": null,
"cpu": 0,
"environment": [
{
"name": "MONGODB_PORT",
"value": "27017"
},
{
"name": "MONGODB_URL",
"value": "private IP"
},
{
"name": "NEWS_API_CRAWLER_ENV",
"value": "daily"
}
],
"resourceRequirements": null,
"ulimits": null,
"dnsServers": null,
"mountPoints": [],
"workingDirectory": null,
"secrets": null,
"dockerSecurityOptions": null,
"memory": 1024,
"memoryReservation": null,
"volumesFrom": [],
"stopTimeout": null,
"image": "649469097921.dkr.ecr.us-east-1.amazonaws.com/newsapi-dev:dev-b2e7988b8a3fa5db5f44775a447c9b8a86ee42ed",
"startTimeout": null,
"firelensConfiguration": null,
"dependsOn": null,
"disableNetworking": null,
"interactive": null,
"healthCheck": null,
"essential": true,
"links": null,
"hostname": null,
"extraHosts": null,
"pseudoTerminal": null,
"user": null,
"readonlyRootFilesystem": null,
"dockerLabels": null,
"systemControls": null,
"privileged": null,
"name": "newsapi-dev"
}
],
"placementConstraints": [],
"memory": null,
"taskRoleArn": null,
"compatibilities": [
"EXTERNAL",
"EC2"
],
"taskDefinitionArn": "arn:aws:ecs:us-east-1:649469097921:task-definition/newsapi-dev:55",
"family": "newsapi-dev",
"requiresAttributes": [
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.ecr-auth"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
}
],
"pidMode": null,
"requiresCompatibilities": [],
"networkMode": null,
"cpu": null,
"revision": 55,
"status": "ACTIVE",
"inferenceAccelerators": null,
"proxyConfiguration": null,
"volumes": []
}
Any help would be greatly appreciated.
I'm trying to attach the IAM role to AWS Fargate container. There is no error and the container could execute. However, the container could not call the AWS API.
From the container:
When run aws command, I got the Unable to locate credentials
error
curl to http://169.254.169.254/latest/meta-data/iam/info does not success
My task definition:
{
"executionRoleArn": "arn:aws:iam::my-account-id:role/test-ecs-role",
"containerDefinitions": [
{
"dnsSearchDomains": null,
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "Fargate",
"awslogs-region": "us-west-2",
"awslogs-stream-prefix": "my-app"
}
},
"entryPoint": null,
"portMappings": [],
"command": null,
"linuxParameters": null,
"cpu": 0,
"environment": [],
"ulimits": null,
"dnsServers": null,
"mountPoints": [],
"workingDirectory": null,
"dockerSecurityOptions": null,
"memory": null,
"memoryReservation": null,
"volumesFrom": [],
"image": "my-account-id.dkr.ecr.us-west-2.amazonaws.com/app/submit_data:3e87860f128a286d9b557c90664ad99c",
"disableNetworking": null,
"healthCheck": null,
"essential": true,
"links": null,
"hostname": null,
"extraHosts": null,
"user": null,
"readonlyRootFilesystem": null,
"dockerLabels": null,
"privileged": null,
"name": "my-app"
}
],
"placementConstraints": [],
"memory": "2048",
"taskRoleArn": "arn:aws:iam::my-account-id:role/MasterFargate",
"compatibilities": [
"EC2",
"FARGATE"
],
"taskDefinitionArn": "arn:aws:ecs:us-west-2:my-account-id:task-definition/my-app:10",
"family": "my-app",
"requiresAttributes": [
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.execution-role-ecr-pull"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.task-eni"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.ecr-auth"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.task-iam-role"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.execution-role-awslogs"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
}
],
"requiresCompatibilities": [
"FARGATE"
],
"networkMode": "awsvpc",
"cpu": "256",
"revision": 10,
"status": "ACTIVE",
"volumes": []
}
What should I do to get it work? Thanks.
With the same symptoms, my issue was resolved by installing the latest awscli via pip rather than using the packaged version.
Older versions (for example one available in ubuntu trusty) do not support being run from Fargate.