Bobcares
Client Area
Emergency Support
Amazon Web Services (AWS) | Latest

Access other AWS services from ECS tasks on Fargate

by | Aug 21, 2021

Wondering how to access other AWS services from ECS tasks on Fargate? We can help you.

Here, at Bobcares, we assist our customers with several AWS queries as part of our AWS Support Services.

Today, let us see how our Support techs assist with this query.

 

How to access other AWS services from ECS tasks on Fargate?

Before we start, we need to identify the following:

  • The AWS services that your Fargate tasks are trying to access
  • The resources that your Fargate tasks have permissions to act on

Today, let us see the steps followed by our Support techs to resolve it.

Create an S3 bucket and IAM role

1.Firstly, create an S3 bucket where you can store your data.

Please note the bucket name must be unique as per S3 bucket naming requirements.

2.Then, create an AWS Identity and Access Management (IAM) role with permissions to access your S3 bucket.

 

Create an Amazon ECS cluster and task definition

1.Firstly, create an Amazon ECS cluster on Fargate using either the AWS Management Console or the AWS CLI in your AWS Region.

2.Then, create a task definition using the Fargate launch type with a task role name inside the task role.

In your task definition, set the task role parameter to the IAM role that you created earlier. This task role is used by the container to access AWS services.

 

Use the task role with the Fargate container

1.To query the container credentials, run the following command from inside your container:

$ curl 169.254.170.2$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI

2.In the container definition, add the image name that the container will use.

3.In the command section for the container (inside the container definition only), run the following command to put an object into your S3 bucket:

"command": [s3api, put-object, --bucket, fargate-app-bucket, --key, test-file.txt]

You must include the test-file.txt file in the image when the image is built.

This ensures that the file exists on the container when it runs on Fargate.

The command in step 3 runs when the task runs or when the container starts.

 

Create and run a task

1.Firstly, create a task using the task definition that you created earlier.

2.Inside your Fargate cluster, run a standalone task using a Fargate launch type and the task definition that you created earlier.

Note: You can also run a task by using a service.

When the task begins its lifecycle, the task first goes into RUNNING state, and then performs its job.

Later, the task is STOPPED, because the container is only responsible for running a single AWS CLI command.

You can view the stopped task in Amazon CloudWatch Logs. The log shows output similar to the following:

{
"ETag": "\"d41d8cd98f00b204e9800998ecf8427e\""
}

If you look in the S3 bucket later, then you can see that the object test-file.txt is successfully generated.

 

Check to see what happens when you don’t use the task role inside the task definition

1.Firstly, create a new revision of the task definition that you created earlier, and set the value of the task tole to None.

2.Run the task again with your new revision of the task definition.

Once the task completes its lifecycle, you can use CloudWatch Logs to see output similar to the following:

Unable to locate credentials. You can configure credentials by running “aws configure”.

To access other AWS services from your Fargate tasks, you must create an IAM role with permissions to access the services.

Then, you must use this role within the task definition (in the task role parameter) to give the container access to the AWS services.

Important: The environment variable AWS_CONTAINER_CREDENTIALS_RELATIVE_URI is available only to PID 1 processes within a container.

If the container is running multiple processes or init processes (such as a wrapper script, start script, or supervisord), the environment variable is unavailable to non-PID 1 processes.

Those processes could result in “Access denied” errors when they try to access AWS services.

To set your environment variable so that it’s available to non-PID 1 processes, export the environment variable in the .profile file.

 

[Need help with the process? We’d be happy to assist]

 

Conclusion

In short, we saw how our Support Techs access other AWS services from ECS tasks on Fargate.

 

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

Related Articles

  1. Connect to a database from ECS task on Fargate
  2. CannotPullContainerError: API error in Amazon ECS
  3. Allow ECS tasks to pull images from ECR image repository
  4. Amazon ECS cannotpullcontainererror – How to resolve

Never again lose customers to poor
server speed! Let us help you.

GET STARTED