ECS + Task = ecsk 😆
ecsk is a CLI tool that you can interactively call Amazon ECS APIs (run-task, execute-command, stop-task), copy files between ECS and local, and view logs.
Since esck specializes in operating containers (tasks),
- Management of ECS services and task definitions -> CDK, Terraform, etc
- Debugging -> ecsk 😁
The above use is assumed.
brew install yukiarrr/tap/ecskwget https://github.com/yukiarrr/ecsk/releases/download/v0.9.3/ecsk_Linux_x86_64.tar.gz
tar zxvf ecsk_Linux_x86_64.tar.gz
chmod +x ./ecsk
sudo mv ./ecsk /usr/local/bin/ecskDownload from Releases.
Here are some frequently used commands.
For detailed flags, run ecsk [command] --help to check them.
ecsk runIf you don't specify any flags, after entering task information interactively, the log will continue to flow until the task is started and stopped as in docker run.
ecsk run -e -i --rm -c [container_name] -- /bin/shAfter the task is started, execute the command specified by execute-command.
By specifying --rm, the task will be automatically stopped at the end of the session, so you can operate it like a bastion host.
ecsk run -dAfter entering the task information interactively, the command will be stopped without waiting for the task to start or stop.
ecsk exec -i -- /bin/shAfter selecting the task and container interactively, and execute the command.
ecsk cp ./ [container_name]:/etc/nginx/After selecting the task interactively, copy the files from local to remote.
Internally, using an S3 Bucket to transfer the files, so you need to add permissions for the corresponding Bucket to the task role.
If you want to select the container interactively, use ecsk cp ./ :/etc/nginx/.
ecsk cp [container_name]:/var/log/nginx/access.log ./Transfer files from remote to local.
ecsk logsAfter selecting the task interactively, view logs.
Multiple tasks can be specified.
ecsk uses knqyf263/utern to view logs.
ecsk stopAfter selecting the task interactively, stop.
ecsk describeAfter selecting the tasks interactively, view detailed information.
You can also use it to check a task list.
Since ecsk is executing execute-command internally, there are some prerequisites.
Here are the prerequisites with reference to the official documentation.
Please refer to the following.
The ECS Exec feature requires a task IAM role to grant containers the permissions needed for communication between the managed SSM agent (execute-command agent) and the SSM service.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ssmmessages:CreateControlChannel",
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenControlChannel",
"ssmmessages:OpenDataChannel"
],
"Resource": "*"
}
]
}You need to enable ECS Exec in order to execute-command on a task of a service that has already been created.
Add the --enable-execute-command flag for AWS CLI, or EnableExecuteCommand for CFn.
Note that you should use the -e or --enable-execute-command flag for tasks started with ecsk run.
As these are more prerequisites, ecsk will run aws-containers/amazon-ecs-exec-checker on errors.
Since ecsk uses S3 Bucket for file transfer, you need to add permissions for the corresponding bucket to the task role.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::[bucket_name]",
"arn:aws:s3:::[bucket_name]/ecsk_*"
]
}
]
}