Need help?

Our experts have had an average response time of 11.7 minutes in August 2021 to fix urgent issues.

We will keep your servers stable, secure, and fast at all times for one fixed price.

Update private repository credentials on ECS container agent

by | Aug 31, 2021

Wondering how to update private repository credentials on ECS container agent? We can help you.

Here, at Bobcares, we assist our customers with several AWS queries as part of our AWS Support Services.

Today, let us discuss how we can do this.

How to update private repository credentials on ECS container agent?

You can choose either to supply private repository credentials to the Amazon ECS container agent using either Secrets Manager in your task definition or environment variables.

Today, let us see the steps followed by our Support Techs to perform the task.

Update your private repository credentials with Secrets Manager

1. Firstly, open the Secrets Manager console.

2. Choose your secret, and then choose Retrieve secret value.

3. Then, choose Edit.

4. Update the stored credentials for your private registry, and then choose Save.

To continue, follow the steps in the Test your updated private repository credentials section.

Update your private repository credentials with environment variables

1. Firstly, connect to your container instance.

2. To find out how you’re supplying Docker credentials to your ECS container agent, run the following command:

$ cat /etc/ecs/ecs.config

This command returns the contents of the /etc/ecs/ecs.config file.

If the ECS_ENGINE_AUTH_TYPE variable is set to docker, then you’re directly passing your Docker credentials by plaintext to your ECS container agent.

You should avoid this approach.

Instead, use Secrets Manager, or the dockercfg format approach in the Get a new Docker authentication value section.

If the ECS_ENGINE_AUTH_TYPE variable is set to dockercfg, then you’re passing your Docker credentials by a Docker-generated authentication value generated by the docker login command.

To continue this approach, complete the steps in the Get a new Docker authentication value section.

Get a new Docker authentication value

1. To log in to Docker locally, run the following command, and then enter your new credentials:

$ docker login

2. To concatenate your config.json file, run the following command, and then copy the Docker-generated authentication key value:

$ cat ~/.docker/config.json

3. To update the ECS_ENGINE_AUTH_DATA variable, run the following command:

$ sudo vi /etc/ecs/ecs.config

4. In the vi editor, update the value of the ECS_ENGINE_AUTH_DATA variable to the Docker authentication key value from step 2. For example:

ECS_CLUSTER=TestECSCluster
ECS_ENGINE_AUTH_TYPE=dockercfg
ECS_ENGINE_AUTH_DATA={"https://index.docker.io/v1/":{"auth","a2vpdGhhd3M6UGFzc3dvcmQ="}}

To continue, follow the steps in the Restart your ECS container agent section.

Restart your ECS container agent

To restart your ECS container agent, run either of the following commands based on the Amazon Machine Images (AMIs) that your container instances are running on.

Amazon Linux ECS-optimized AMIs:

$ sudo stop ecs && sudo start ecs

Amazon Linux 2 ECS-optimized AMIs:

$ sudo systemctl restart ecs

To continue, follow the steps in the Test your updated private repository credentials section.

Test your updated private repository credentials

The following steps assume that you’re deploying an updated image across your cluster.

1. Firstly, open the Amazon ECS console.

2. In the navigation pane, choose Clusters, and then select your cluster.

3. Select your service, then choose Update.

4. Next, select the Force new deployment check box.

5. For Minimum healthy percent, enter 50.

6. Complete the remaining steps in the setup wizard, and then choose Update Service.

7. Then, choose View Service.

8. On the Deployments tab, view the new deployment.

Amazon ECS gradually stops tasks under the previous deployment, and then restarts the tasks under the new deployment while attempting a fresh image pull.

9. Choose the Tasks tab, and then check each individual task and its status.

If the task status is set to Running, then the service updated this task successfully without error.

If the task status is set to Running (CannotPullContainerError), then the service updated this task, but there’s an error.

The ECS container agent can’t pull a new container image and is using the old cached image.

Verify that your credentials were updated, and then perform another service deployment update.

[Need help with ECS? We’d be happy to assist you]

Conclusion

In short, we saw how our Support Techs update private repository credentials on ECS container agent.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF