- Newest
- Most votes
- Most comments
Hi,
If you can connect via shell (I guess over ssh) then you can use scp to copy files to your container instance. See https://linuxize.com/post/how-to-use-scp-command-to-securely-transfer-files/?utm_content=cmp-true
But, be aware of one thing: files copied in a running container are not part of its initial image. The consequence is that next time your container restarts, the file will no longer be present in your container image.
It means that Fargate may restart your image automatically at any time for maintenance purpose and your file will disappear: see https://docs.aws.amazon.com/AmazonECS/latest/userguide/task-maintenance.html
AWS is responsible for patching and maintaining the underlying infrastructure
for AWS Fargate. When AWS determines that a security or infrastructure update
is needed for an Amazon ECS task hosted on Fargate, the tasks need to be stopped
and new tasks launched to replace them.
Best,
Didier
Hello.
I believe that RunCommand can be used by installing SSM Agent on the container to be run by Fargate and registering it with Systems Manager as a Managed Instance.
Also, since the container is not EC2, the advanced-instances tier must be enabled in Systems Manager.
https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-managedinstances-advanced.html
SSM Agent can be installed in the Dockerfile as follows.
FROM ubuntu:20.04
WORKDIR /
RUN \
--mount=type=cache,target=/var/lib/apt/lists \
--mount=type=cache,target=/var/cache/apt/archives \
apt-get update \
&& apt-get -y install \
curl \
jq \
unzip
RUN curl https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o awscliv2.zip \
&& unzip awscliv2.zip \
&& ./aws/install \
&& rm -rf awscliv2.zip ./aws
RUN curl https://s3.ap-northeast-1.amazonaws.com/amazon-ssm-ap-northeast-1/latest/debian_amd64/amazon-ssm-agent.deb -o /tmp/amazon-ssm-agent.deb \
&& dpkg -i /tmp/amazon-ssm-agent.deb \
&& mv /etc/amazon/ssm/amazon-ssm-agent.json.template /etc/amazon/ssm/amazon-ssm-agent.json \
&& mv /etc/amazon/ssm/seelog.xml.template /etc/amazon/ssm/seelog.xml \
&& rm /tmp/amazon-ssm-agent.deb
COPY ./run.sh /run.sh
CMD ["bash", "/run.sh"]
run.sh does the following to start SSM Agent, etc.
#!/bin/bash
set -e
ACTIVATION_PARAMETERS=$(aws ssm create-activation \
--description "Activation Code for Fargate Bastion" \
--default-instance-name bastion \
--iam-role "SSM_SERVICE_ROLE_NAME" \
--registration-limit 1 \
--tags Key=Type,Value=Bastion \
--region "region"
SSM_ACTIVATION_ID=$(echo ${ACTIVATION_PARAMETERS} | jq -r .ActivationId)
SSM_ACTIVATION_CODE=$(echo ${ACTIVATION_PARAMETERS} | jq -r .ActivationCode)
service amazon-ssm-agent stop
amazon-ssm-agent -register -code "${SSM_ACTIVATION_CODE}" -id "${SSM_ACTIVATION_ID}" -region "region"
service amazon-ssm-agent start
Relevant content
- asked 2 years ago
- asked 2 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 14 days ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 years ago