Fetch external link of ecs task running from aws cli - amazon-web-services

How to fetch the external link of aws ecs task running which has the public ip of container instance and port of the task running?
I am managing task/service execution from cli and would like to fetch the external link which is shown in the aws UI from aws cli. I tried describe-tasks command of aws cli but it doesn't return the public IP address of the instance the task is running on.
Is there a way to fetch the same from aws cli?
Thanks in advance!

This is quite the pain in the neck, but it will do what you want:
List your tasks by service name
aws ecs list-tasks --cluster mycluster --service-name my-service-name
Get the details of a task using the task ARN from the above.
aws ecs describe-tasks --cluster mycluster --tasks arn:aws:ecs:us-east-1:999999999999:task/ad0ba3e9-ac3b-4a4c-a1af-de3e06f46dfa
The task description includes two pieces of information you need: the network bindings, which includes the port (look for the one that is mapped to the service port you care about), and the container instance ARN. (NOT the container ARN. Don't make that mistake and be super-confused when the next step fails, like I did). Using the container instance's ARN, get the details of the container instance:
aws ecs describe-container-instances --cluster mycluster --container-instances arn:aws:ecs:us-east-1:999999999999:container-instance/707e5193-51e3-454b-ba09-9745c5d7f527
As part of this description, you should be able to get the EC2 instance ID & query EC2 for more details:
aws ec2 describe-instances --instance-ids i-c91aee40d92c23b3c
^^^^ NOT ECS
The output of this command should include the private IP of the EC2 instance. This IP + previously computed port should correspond to the external link from the web UI.
NOTE: Data has been anonymized, but should still LOOK like what you can expect to see. Also I omitted AWS region and profile params, which I have set to defaults using environment variables.

This should show your Ingress IP address which is a public URL and is typically then mapped to your domain as a Type A record using AWS route53 console so your users can reach same just using your URL domain.com/lalala
aws ecs describe-services --service my-http-service
to discover this command and others generally the aws command line tool is actually very friendly ... just issue
aws help
then view that top level list of available subcommands then drill down by issuing
aws ecs help
and repeat above burrowing deeper into the available commands until you reach what could work ... as in
ecs ecs describe-services help

You can get to the answer you want by running:
aws ecs describe-tasks --cluster foo --tasks 8591006e-6f05-4886-bc4a-58d9063d3852
This will contain the networkBindings section like this:
"networkBindings": [
{
"protocol": "tcp",
"bindIP": "0.0.0.0",
"containerPort": 7000,
"hostPort": 32769
},
{
"protocol": "tcp",
"bindIP": "0.0.0.0",
"containerPort": 7001,
"hostPort": 32768
}
]
Then you're golden!

Related

AWS ECS: How to list Fargate containers?

I need to obtain details on a Fargate container running for a task in an AWS ECS cluster.
The information I retrieve using the AWS CLI matches what I see in the AWS Console, e.g.
$ aws ecs list-clusters
{
"clusterArns": [
"arn:aws:ecs:us-east-1:<my account ID>:cluster/<cluster short name>"
]
}
$ aws ecs list-services --cluster "arn:aws:ecs:us-east-1:<my account ID>:cluster/<cluster short name>"
{
"serviceArns": [
"arn:aws:ecs:us-east-1:<my account ID>:service/<cluster short name>/<service short name>"
]
}
$ aws ecs list-tasks --cluster "arn:aws:ecs:us-east-1:<my account ID>:cluster/<cluster short name>"
{
"taskArns": [
"arn:aws:ecs:us-east-1:<my account ID>:task/<cluster short name>/<task ID>"
]
}
Now, I am looking at the container running for the task shown above: It is running, it is healthy, everything seems fine.
However, when I try to obtain container details using the AWS CLI, I get an empty result:
$ aws ecs list-container-instances --cluster "arn:aws:ecs:us-east-1:<my account ID>:cluster/<cluster short name>"
{
"containerInstanceArns": []
}
I'm completely puzzled. I have double / triple / quadruple-checked what I'm doing, everything seems fine - not exactly rocket science, anyway...
My best guess at this stage is that list-container-instances only supports EC2, not Fargate instances, but TBH, that feels way off - like a massive 'blind spot' in the AWS API, i.e. an AWS resources not properly supported by AWS itself.
My question: How do I list AWS ECS Fargate container instances using the AWS CLI ?
Some additional internals (these shouldn't matter to the problem at hand, but might still help to give some context):
The Fargate container is running a service inside private subnet only accessed by the backend application of my current project. In order to configure that service, I start a jump host in a public subnet in the same VPC as the private subnet and create an SSH tunnel from my local dev machine over that jump host to the Fargate container. In order to create that SSH tunnel, I need the container's private IP address.
From what I understand, these seems a fairly common approach. Things work fine when doing them on the fly , i.e. copying the private IP address from the AWS Console to the Terminal. However, for long term DevOps production, I need to get the private IP address in a script using the AWS CLI. HTH.

How to determine if Fargate is using Spot Instances

Background: I'm running docker-compose ecs locally and need to ensure I use Spot instances due to my hobbyist budget.
Question: How do I determine and guarantee that instances are running as Fargate Spot instances?
Evidence:
I have setup the default capacity provider strategy as FARGATE_SPOT
I have both the default-created capacity providers 'FARGATE' and 'FARGATE_SPOT'
capacity providers
default strategy
You can see this in the web console when you view a specific task:
To find this page open click on your cluster from within ECS, then go to the "Tasks" tab and click on the task id.
You can also see this through the aws cli:
aws ecs describe-tasks --cluster <your cluster name> --tasks <your task id> | grep capacityProviderName

ecs-cli refers to old cluster after changing default profile; doesn't show EC2 instances

I've been using AWS's ECS CLI to spin clusters of EC2 instances up and down for various tasks. The problem I'm running into is that it seems to be referring to old information that I don't know how to change.
e.g., I just created a cluster, my-second-cluster successfully, and can see it in the AWS console:
$ ecs-cli up --keypair "my-keypair" --capability-iam --size 4 --instance-type t2.micro --port 22 --cluster-config my-second-cluster --ecs-profile a-second-profile
INFO[0001] Using recommended Amazon Linux 2 AMI with ECS Agent 1.45.0 and Docker version 19.03.6-ce
INFO[0001] Created cluster cluster=my-second-cluster region=us-east-1
INFO[0002] Waiting for your cluster resources to be created...
INFO[0002] Cloudformation stack status stackStatus=CREATE_IN_PROGRESS
INFO[0063] Cloudformation stack status stackStatus=CREATE_IN_PROGRESS
INFO[0124] Cloudformation stack status stackStatus=CREATE_IN_PROGRESS
VPC created: vpc-123abc
Security Group created: sg-123abc
Subnet created: subnet-123abc
Subnet created: subnet-123def
Cluster creation succeeded.
...but eci-cli ps returns an error referring to an old cluster:
$ ecs-cli ps
FATA[0000] Error executing 'ps': Cluster 'my-first-cluster' is not active. Ensure that it exists
Specifying the cluster explicitly (ecs-cli ps --cluster my-second-cluster --region us-east-1) returns nothing, even though I see the 4 EC2 instances when I log into the AWS console.
Supporting details:
Before creating this second cluster, I created a second profile and set it to the default. I also set the new cluster to be the default.
$ ecs-cli configure profile --access-key <MY_ACCESS_KEY> --secret-key <MY_SECRET_KEY> --profile-name a-second-profile
$ ecs-cli configure profile default --profile-name a-second-profile
$ ecs-cli configure --cluster my-second-cluster --region us-east-1
INFO[0000] Saved ECS CLI cluster configuration default.
It's unclear to me where these ECS profile and cluster configs are stored (I'd expect to see them as files in ~/.aws, but no), or how to manipulate them beyond the cli commands that don't give great feedback. Any ideas on what I'm missing?
The ECS CLI stores it's credentials at ~/.ecs/credentials.
When you create the initial profile it's name is default and is used by default. When you set a-second-profile to default, it sets the metadata to use a-second-profile by default but you still have a profile named default that points to the original creds.
My guess is that to see the first cluster you need to now specify a profile name since you changed the default. If you didn't give your initial profile a name then it will be default.
ecs-cli ps --ecs-profile default
If you deleted your cluster configuration you may need to add the cluster again and associate to the right profile:
ecs-cli configure --cluster cluster_name --default-launch-type launch_type --region region_name --config-name configuration_name
I hope that makes sense. Hopefully looking at how your commands update ~/.ecs/credentials be helpful.
Some resources:
ECS CLI Configurations

How to add Amazon ECS to non default VPC I have already created?

I have created VPC and added Amazon RDS to it. Now I want to add ECS in this VPC and push my Docker container. My container is React web app and Flask server which I want to communicate with Amazon RDS. I have passed through a great deal of ECS documentation but still can’t do this. Any help or guidance will be great. Thanks!
It depends on how you create your ECS service. One way was already provided by #ThiagoDaAnunciação.
Other ways are (for FARGATE):
in CloudFormation there is NetworkConfiguration
in CLI there is --network-configuration
For EC2 launch type, you specify the VPC and subnets when you create your container instances.
I think that is quite simple if I understand your question of course.
I you are using ECS-CLI, what I extremely recommend, and if you don't, here some doc and the installation process:
AWS ECS-CLI Doc
Github doc ECS-CLI
I think that all of this commands could by fill on AWS ECS console, but I think that using ECS-CLI is so easier so, that is how I do that.
ecs-cli configure --cluster YOURCLUSTER --default-launch-type FARGATE --region sa-east-1
ecs-cli up --vpc vpc-6548c10d --subnets subnet-46386800,subnet-6648c10e,subnet-6748c10f --cluster-config achievemore --ecs-profile achievemore_ecs
Hope that it could be helpful for you.

AWS spot price history coming empty

I got AWS CLI tools and account on AWS. I ran the command aws configure and set the AWS Access key, AWS secret key, region and output format. Now when I am running the command
aws ec2 describe-spot-price-history --instance-type m1.xlarge --product-description "Linux/Unix"
I get the output empty
{
"SpotPriceHistory": []
}
I have tried it with multiple instance types, giving start time and end time etc.
Please can someone help me on this.
Are you sure your account supports launching an ec2-classic instance ?
If you created your account after 2013-12-04, it supports EC2-VPC only and to retrieve the information you will need to specify that you want ec2 instances from VPC
aws ec2 describe-spot-price-history --product-description "Linux/UNIX (Amazon VPC)" --instance-type m1.xlarge