TaskTaskFailedToStart: ATTRIBUTE from Tutorial: Using Windows Containers with Domainless gMSA using the AWS CLI
0
I have run through the Tutorial on Using Windows Containers with Domainless gMSA and got stuck on Step 12.
I get the error TaskTaskFailedToStart: ATTRIBUTE
in the ECS Task Overview Console. When I verified the instance in the previous step, I verified that the attribute "name": "ecs.capability.gmsa-domainless"
was there. I have another required attribute which is in the Task Definition as well "com.amazonaws.ecs.capability.task-iam-role"
which is also included in the container instance.
Here is the full Task Definition:
{
"taskDefinitionArn": "arn:aws:ecs:us-west-2:ACCOUNT_ID:task-definition/windows-gmsa-domainless-task:1",
"containerDefinitions": [
{
"name": "windows_sample_app",
"image": "mcr.microsoft.com/windows/servercore/iis",
"cpu": 1024,
"memory": 1024,
"portMappings": [
{
"containerPort": 80,
"hostPort": 8080,
"protocol": "tcp"
}
],
"essential": true,
"entryPoint": [
"powershell",
"-Command"
],
"command": [
"New-Item -Path C:\\inetpub\\wwwroot\\index.html -ItemType file -Value '<html> <head> <title>Amazon ECS Sample App</title> <style>body {margin-top: 40px; background-color: #333;} </style> </head><body> <div style=color:white;text-align:center> <h1>Amazon ECS Sample App</h1> <h2>Congratulations!</h2> <p>Your application is now running on a container in Amazon ECS.</p>' -Force ; C:\\ServiceMonitor.exe w3svc"
],
"environment": [],
"mountPoints": [],
"volumesFrom": [],
"credentialSpecs": [
"credentialspecdomainless:arn:aws:s3:::ecs-domainless-gmsa-credspec/gmsa-cred-spec.json"
]
}
],
"family": "windows-gmsa-domainless-task",
"taskRoleArn": "arn:aws:iam::ACCOUNT_ID:role/ecs-exec-demo-task-role",
"executionRoleArn": "arn:aws:iam::ACCOUNT_ID:role/ecsTaskExecutionRole",
"revision": 1,
"volumes": [],
"status": "ACTIVE",
"requiresAttributes": [
{
"name": "com.amazonaws.ecs.capability.task-iam-role"
},
{
"name": "ecs.capability.gmsa-domainless"
}
],
"placementConstraints": [],
"compatibilities": [
"EC2"
],
"registeredAt": "2023-07-20T20:10:16.178Z",
"registeredBy": "arn:aws:sts::ACCOUNT_ID:assumed-role/EC2RoleWithSessionManager/i-0586d9bd029891d36",
"tags": []
}
Here is the file from running aws ecs describe-container-instances ...
:
{
"containerInstances": [
{
"containerInstanceArn": "arn:aws:ecs:REGION:ACCOUNT:container-instance/windows-domainless-gmsa-cluster/c092a422a3c14dee8ef5dab22216cb29",
"ec2InstanceId": "MY_INSTANCE_ID",
"version": 10,
"versionInfo": {
"agentVersion": "1.72.0",
"agentHash": "ac93073e",
"dockerVersion": "DockerVersion: 20.10.21"
},
"remainingResources": [
{
"name": "CPU",
"type": "INTEGER",
"doubleValue": 0.0,
"longValue": 0,
"integerValue": 2048
},
{
"name": "MEMORY",
"type": "INTEGER",
"doubleValue": 0.0,
"longValue": 0,
"integerValue": 8089
},
{
"name": "PORTS",
"type": "STRINGSET",
"doubleValue": 0.0,
"longValue": 0,
"integerValue": 0,
"stringSetValue": [
"135",
"445",
"3389",
"2376",
"139",
"2375",
"80",
"5985",
"51678",
"5986",
"51679",
"53"
]
},
{
"name": "PORTS_UDP",
"type": "STRINGSET",
"doubleValue": 0.0,
"longValue": 0,
"integerValue": 0,
"stringSetValue": []
}
],
"registeredResources": [
{
"name": "CPU",
"type": "INTEGER",
"doubleValue": 0.0,
"longValue": 0,
"integerValue": 2048
},
{
"name": "MEMORY",
"type": "INTEGER",
"doubleValue": 0.0,
"longValue": 0,
"integerValue": 8089
},
{
"name": "PORTS",
"type": "STRINGSET",
"doubleValue": 0.0,
"longValue": 0,
"integerValue": 0,
"stringSetValue": [
"135",
"445",
"3389",
"2376",
"139",
"2375",
"80",
"5985",
"51678",
"5986",
"51679",
"53"
]
},
{
"name": "PORTS_UDP",
"type": "STRINGSET",
"doubleValue": 0.0,
"longValue": 0,
"integerValue": 0,
"stringSetValue": []
}
],
"status": "ACTIVE",
"agentConnected": true,
"runningTasksCount": 0,
"pendingTasksCount": 0,
"attributes": [
{
"name": "ecs.capability.gmsa-domainless"
},
{
"name": "ecs.capability.secrets.asm.environment-variables"
},
{
"name": "ecs.ami-id",
"value": "ami-08a45bd99e99e3787"
},
{
"name": "ecs.capability.secrets.asm.bootstrap.log-driver"
},
{
"name": "com.amazonaws.ecs.capability.logging-driver.none"
},
{
"name": "ecs.capability.ecr-endpoint"
},
{
"name": "com.amazonaws.ecs.capability.logging-driver.json-file"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.17"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
},
{
"name": "ecs.capability.docker-plugin.local"
},
{
"name": "ecs.capability.secrets.ssm.bootstrap.log-driver"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.30"
},
{
"name": "ecs.capability.full-sync"
},
{
"name": "ecs.capability.execution-role-ecr-pull"
},
{
"name": "ecs.capability.container-health-check"
},
{
"name": "ecs.os-family",
"value": "WINDOWS_SERVER_2022_FULL"
},
{
"name": "ecs.capability.execute-command"
},
{
"name": "ecs.availability-zone",
"value": "us-west-2a"
},
{
"name": "ecs.instance-type",
"value": "t3.large"
},
{
"name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.24"
},
{
"name": "ecs.capability.network.container-port-range"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.25"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.26"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.27"
},
{
"name": "com.amazonaws.ecs.capability.privileged-container"
},
{
"name": "ecs.capability.container-ordering"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.28"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.29"
},
{
"name": "ecs.cpu-architecture",
"value": "x86_64"
},
{
"name": "ecs.capability.env-files.s3"
},
{
"name": "ecs.capability.secrets.ssm.environment-variables"
},
{
"name": "com.amazonaws.ecs.capability.ecr-auth"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.20"
},
{
"name": "ecs.os-type",
"value": "windows"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.21"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.22"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.23"
},
{
"name": "ecs.capability.private-registry-authentication.secretsmanager"
},
{
"name": "com.amazonaws.ecs.capability.task-iam-role"
}
],
"registeredAt": "2023-07-20T20:34:32.470000+00:00",
"attachments": [],
"tags": []
}
],
"failures": []
}
Language
English
asked 9 months ago551 viewslg...
No Answers
- Newest
- Most votes
- Most comments
Relevant content
- asked a year agolg...
- asked 5 years agolg...
- asked 3 years agolg...
- Accepted Answerasked 2 years agolg...
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 months ago