SSH AWS ECS Container

SSH AWS ECS Container: How to SSH onto an ECS Instance

Connections to an ECS container are done using AWS ECS Execute. SSH AWS ECS Container provides a secure alternative to SSH, which works using IAM functionality from AWS.

Before you begin, you must ensure that:

Here is a detailed step-by-step procedure to SSH onto an AWS container using AWS ECS Execute:

Step 1: Preparing Your Environment

Install Necessary Tools

Before you start, ensure that the following tools are installed in your system:

  1. AWS CLI: This is the command-line interface tool for interacting with AWS services.
  2. AWS Session Manager plugin: This plugin helps you to manage your AWS sessions more securely.
  3. JQ command-line tool: This is a lightweight and flexible command-line JSON processor.

Download and Install the AWS Session Manager Plugin

Use the following command to download and install the AWS Session Manager plugin. You can also use AWS-VAULT if you prefer.

Bash
curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_64bit/session-manager-plugin.deb" -o "session-manager-plugin.deb" 
sudo dpkg -i session-manager-plugin.deb

Install the JQ Command Line Tool

Install the JQ command-line tool using the following command:

Bash
sudo apt-get install jq

Step 2: Setting Up Access

Obtain AWS Access

Ensure that you have access to the Appropriate AWS Account role available in Single Sign-On (SSO).

I copy the programmatic AWS keys into my terminal for the account I want to access.

Step 3: Connecting to the AWS Container

Open Your Bash Terminal

Open your bash terminal and enter the following script to initiate the connection process:

Bash
#!/bin/bash

ACCOUNT_ID=$(aws sts get-caller-identity | jq -r .Account)

if [[ "${ACCOUNT_ID}" != "my_aws_account_id" ]]
then
  echo "[error] Expected account my_aws_account_id but credentials are for account ${ACCOUNT_ID}"
  exit 1
fi

USER=www-data

if [[ -z "${USER}" ]]
then
  USER="www-data"
fi

CLUSTER_NAME=$(aws ecs list-clusters | jq -r '.clusterArns[0] | split("/")[-1]')
SERVICE_NAME=$(aws ecs list-services --cluster "${CLUSTER_NAME}" | jq -r '.serviceArns[0] | split("/")[-1]')
TASK_ID=$(aws ecs list-tasks --cluster "${CLUSTER_NAME}" --service "${SERVICE_NAME}" | jq -r '.taskArns[0] | split("/")[-1]')
CONTAINER_NAME="YOUR_CONTAINER_NAME_HERE"

echo ""
echo "Account:   ${ACCOUNT_ID}"
echo "Cluster:   ${CLUSTER_NAME}"
echo "Service:   ${SERVICE_NAME}"
echo "Task:      ${TASK_ID}"
echo "Container: ${CONTAINER_NAME}"
echo "User:      ${USER}"
echo ""

aws ecs execute-command --cluster "${CLUSTER_NAME}" --task "${TASK_ID}" --container "${CONTAINER_NAME}" --interactive --command "runuser -u ${USER} -- bash"

Verify AWS Account ID

Verify that the AWS account ID matches with your credentials using the following script:

Bash
ACCOUNT_ID=$(aws sts get-caller-identity | jq -r .Account)
if [[ "${ACCOUNT_ID}" != "my_aws_account_id" ]]
then
  echo "[error] Expected account my_aws_account_id but credentials are for account ${ACCOUNT_ID}"
  exit 1
fi

Set User Variable

Set the user variable to using the following script. In this example, my user is called www-data

Bash
USER=www-data
if [[ -z "${USER}" ]]
then
  USER="www-data"
fi

Retrieve AWS ECS Details

Retrieve details such as cluster name, service name, task ID, and container name using the following script:

Bash
CLUSTER_NAME=$(aws ecs list-clusters | jq -r '.clusterArns[0] | split("/")[-1]')
SERVICE_NAME=$(aws ecs list-services --cluster "${CLUSTER_NAME}" | jq -r '.serviceArns[0] | split("/")[-1]')
TASK_ID=$(aws ecs list-tasks --cluster "${CLUSTER_NAME}" --service "${SERVICE_NAME}" | jq -r '.taskArns[0] | split("/")[-1]')
CONTAINER_NAME="wordpress"

Display Retrieved Details

Display the retrieved details using the following script:

Bash
echo ""
echo "Account:   ${ACCOUNT_ID}"
echo "Cluster:   ${CLUSTER_NAME}"
echo "Service:   ${SERVICE_NAME}"
echo "Task:      ${TASK_ID}"
echo "Container: ${CONTAINER_NAME}"
echo "User:      ${USER}"
echo ""

Execute Command to Access the Container

Finally, execute the following command to access the container interactively:

Bash
aws ecs execute-command --cluster "${CLUSTER_NAME}" --task "${TASK_ID}" --container "${CONTAINER_NAME}" --interactive --command "runuser -u ${USER} -- bash"

Step 4: Verification

Verify that you have successfully connected to the AWS container and can execute commands within the container environment.

Remember to replace "my_aws_account_id" with your actual AWS account ID in the script. This step-by-step procedure should guide you through SSHing onto an AWS container using AWS ECS Execute.

Richard.Bailey

Richard Bailey, a seasoned tech enthusiast, combines a passion for innovation with a knack for simplifying complex concepts. With over a decade in the industry, he's pioneered transformative solutions, blending creativity with technical prowess. An avid writer, Richard's articles resonate with readers, offering insightful perspectives that bridge the gap between technology and everyday life. His commitment to excellence and tireless pursuit of knowledge continues to inspire and shape the tech landscape.

1 Response

  1. 04/09/2023

    […] SSH onto the WordPress instance with the following details. There is a detailed procedure here to SSH onto ECS. […]

Leave a Reply

Your email address will not be published. Required fields are marked *

Translate ยป