Containers

AWS container services offer the broadest choice of services to run your containers and run on the best global infrastructure, with 77 Availability Zones across 24 regions. AWS also provides strong security isolation between your containers, ensures you are running the latest security updates, and gives you the ability to set granular access permissions for every container.

Recent questions

see all
1/18
  • I am getting exec /bin/sh: exec format error while trying to deploy a basic Hello World container as ECS service using Fargate. Following are the steps I followed: 1. Build the docker image using docker desktop for Mac 2. Created the ECR repository using AWS console 3. Pushed the docker image to ECR 4. Created a task definition in ECS with Fargate as lunch type 5. Tried to deploy ECS task as service Here is the docker file I used to build the image: FROM ubuntu:18.04 #Install dependencies RUN apt-get update && \ apt-get -y install apache2 #Install apache and write hello world message RUN echo 'Hello World!' > /var/www/html/index.html #Configure apache RUN echo '. /etc/apache2/envvars' > /root/run_apache.sh && \ echo 'mkdir -p /var/run/apache2' >> /root/run_apache.sh && \ echo 'mkdir -p /var/lock/apache2' >> /root/run_apache.sh && \ echo '/usr/sbin/apache2 -D FOREGROUND' >> /root/run_apache.sh && \ chmod 755 /root/run_apache.sh EXPOSE 80 While troubleshooting the error I have tried to put #!/bin/sh as the first line in the docker file but that also did not work. I have tried to change the image from apache to NGINX and used different docker file like below: FROM nginx RUN rm /etc/nginx/conf.d/* COPY hello.conf /etc/nginx/conf.d/ COPY index.html /usr/share/nginx/html/ Using this image I am getting exec /docker-entrypoint.sh: exec format error
    0
    answers
    0
    votes
    6
    views
    asked 21 hours ago
  • Documentation say. To edit a scheduled task (Amazon ECS console) Open the Amazon ECS console at https://console.aws.amazon.com/ecs/. Choose the cluster in which to edit your scheduled task. On the Cluster: cluster-name page, choose Scheduled Tasks. Select the box to the left of the schedule rule to edit, and choose Edit. Edit the fields to update and choose Update. But I cannot see the "Scheduled Tasks" option. it was there before but ever since the new interface i cannot see it. Is there anyway that i can edit the scheduled task? I tried rules in eventbridge but it is not letting me edit the contraineroverrides.
    1
    answers
    0
    votes
    5
    views
    asked a day ago
  • I'm currently trying to deploy a Vue App to ECS. (with EC2) However, when executing the task, it was confirmed that "Essential container in task exited" was the cause of the interruption. Additionally, it returns exit code 1 for details. To check more detailed error logs, get the running container id through the docker-ps command, and docker logs <container-id> | I checked the log by entering the command head. The error log confirmed that msg="CREDENTIALS_FETCHER_HOST_DIR not found, err: stat /var/credentials-fetcher/socket/credentials_fetcher.sock: no such file or directory" module=parse_linux.go. Can you identify the cause of the problem and how to solve it?
    0
    answers
    0
    votes
    4
    views
    JuYoung
    asked a day ago
  • Hi, I have been banging my head trying to get this working and cannot figure it out. I have an ECS fargate cluster in 2 private subnets. There are 2 public subnets with NatGWs (needed for the tasks running in Fargate). Currently I have S3 traffic going through the NatGWs and I would like to implement an S3 endpoint as "best practice". I have created CFN scripts to create the endpoint and associated security group. All resources are created and appear to be working. However I can see from the logs that traffic for s3 is still going through the NatGWs. Is there something basic that I have missed? Is there a way to force the traffic from the tasks to the S3 endpoints? The fargate task security group has the following egress: ``` SecurityGroupEgress: - IpProtocol: "-1" CidrIp: 0.0.0.0/0 ``` Here is the script that creates the enpoint and SG: ``` endpointS3SecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: "Security group for S3 endpoint" GroupName: "S3-endpoint-sg" Tags: - Key: "Name" Value: "S3-endpoint-sg" VpcId: !Ref vpc SecurityGroupIngress: - IpProtocol: "tcp" FromPort: 443 ToPort: 443 SourceSecurityGroupId: !Ref fargateContainerSecurityGroup # S3 endpoint endpointS3: Type: AWS::EC2::VPCEndpoint Properties: PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: '*' Action: 's3:*' Resource: '*' SubnetIds: - !Ref privateSubnet1 - !Ref privateSubnet2 VpcEndpointType: Interface SecurityGroupIds: - !Ref endpointS3SecurityGroup ServiceName: Fn::Sub: "com.amazonaws.${AWS::Region}.s3" VpcId: !Ref vpc ``` Thanks in advance. Regards, Don.
    2
    answers
    0
    votes
    9
    views
    Don
    asked a day ago
  • I'm currently trying to deploy a Vue App to ECS. (with EC2) However, when executing the task, it was confirmed that "Essential container in task exited" was the cause of the interruption. Additionally, it returns exit code 1 for details. To check more detailed error logs, get the running container id through the docker-ps command, and docker logs <container-id> | I checked the log by entering the command head. The error log confirmed that msg="CREDENTIALS_FETCHER_HOST_DIR not found, err: stat /var/credentials-fetcher/socket/credentials_fetcher.sock: no such file or directory" module=parse_linux.go. Can you identify the cause of the problem and how to solve it?
    0
    answers
    0
    votes
    2
    views
    JuYoung
    asked a day ago
  • Hi team, i'm trying to create AWS code build using this example : https://aws.amazon.com/blogs/containers/creating-container-images-with-cloud-native-buildpacks-using-aws-codebuild-and-aws-codepipeline/ it finish always with error on this command at the end of the buildspec file: ``` ./pack build --no-color --builder $builder \ --tag $IMAGE_TAG $ECR_REPOSITORY:latest \ --cache-image $ECR_REPOSITORY:cache \ --publish ``` I have this error : > ERROR: failed to : ensure registry read access to 111111111.dkr.ecr.region.amazonaws.com/myrepo:latest > ERROR: failed to build: executing lifecycle: failed with status code: 1 not sure what I did wrong? I tried to follow the blog's buildspec as is I already added the required ECR permissions to the code build service role update: I added the adminAccess to the code build service role to see if it's a permissions issue now I have this error : ``` ===> ANALYZING Restoring data for SBOM from previous image ===> DETECTING ERROR: No buildpack groups passed detection. ERROR: Please check that you are running against the correct path. ERROR: failed to detect: no buildpacks participating ERROR: failed to build: executing lifecycle: failed with status code: 20 [Container] Command did not exit successfully ./pack build --no-color --builder $builder \ --tag $IMAGE_TAG $REPOSITORY_URI:latest \ --cache-image $REPOSITORY_URI:cache \ --publish exit status 1 ``` basically I just want to generate the docker image of my spring boot appli in buildspec.yml without using a docker file, if there is any other method then using packbuikders? I appreciate your help on this Cheers,
    1
    answers
    0
    votes
    15
    views
    Jess
    asked 2 days ago
  • We are trying to launch a POD in EKS from MWAA. Our EKS is authenticated using aws-iam-authenticator in kube_config.yaml. But MWAA shows below error in the MWAA log kubernetes.config.config_exception.ConfigException: Invalid kube-config file. No configuration found. MWAA Environment ARN or Name: arn:axxxxxx:environment/airflow-demo Region: us-east-1 It looks like the DAG is unable to read the config file stored in S3. I am not sure whether its related to using the kube_config.yaml from S3 or using aws-iam-authenticator. We referred below writeup except the kubeconfig authentication part. https://blog.beachgeek.co.uk/working-with-amazon-eks-and-amazon-managed-workflows-for-apache-airflow-v2x/ Can someone help? Thanks --Venky
    1
    answers
    0
    votes
    8
    views
    asked 2 days ago
  • Hi, We're looking for a solution to remediate the excessive IP address consumption by EKS clusters. As the enterprise CIDR ranges are limited and tend to get eaten up fast by EKS we are facing an IP shortage and overlap. We thought of having a peering between two VPCs (1 that is routable and the 2nd will be a non-routable VPC which is the by default AWS VPC). We would then have the IPs we would like to publish on the routable one... Have anyone tried that approach ? Is there an alternative solution ? Thanks in advance,
    1
    answers
    0
    votes
    9
    views
    asked 2 days ago
  • We have build a tier-1 service and we want to ensure 100% availability during the deployment. Our Service needs 15 tasks to serve 850 tps traffic. We are looking for deployment configuration (1) Desired count is 15 as of now To ensure the service is always available I had set minimumHealthyPercent to 100%, but during deployment I had seen there is spike in the unhealthy hosts. (2) what should be the minimumHealthyPercent ? (3) what should be maximumPercent ? (4) Should we modify the health check associated with target group ?
    1
    answers
    0
    votes
    23
    views
    asked 2 days ago
  • A few days ago attaching EBS volumes suddenly stopped working. My EKS cluster uses ebs.csi.aws.com addon with dynamic provisioning. here is my storageClass config ``` kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: ebs-sc provisioner: ebs.csi.aws.com parameters: type: gp3 reclaimPolicy: Delete volumeBindingMode: WaitForFirstConsumer ``` and volumeClaimTemplate in my sts config ``` volumeClaimTemplates: - metadata: name: log spec: accessModes: [ "ReadWriteOnce" ] resources: requests: storage: 1Gi ``` after sts deployment a PVC, PV and VolumeAttachment are created, however the pod is stuck in ContainerCreating state with error AttachVolume.Attach failed for volume "pvc-xxx" : rpc error: code = NotFound desc = Instance "i-xxx" not found I triple-checked, the volume is not attached to any other instance, and the instance exists. One funny thing though - when I describe the created PV I see this ``` Source: Type: CSI (a Container Storage Interface (CSI) volume source) Driver: ebs.csi.aws.com FSType: ext4 VolumeHandle: vol-xxx ReadOnly: false VolumeAttributes: storage.kubernetes.io/csiProvisionerIdentity=xxx-8081-ebs.csi.aws.com ``` the (unmasked) volumeHandle does not even exist. Where might be the problem? As I said earlier, this issue popped up from day to day without changing the config K8S version 1.24 EBS CSI Driver addon version v1.11.5-eksbuild.2 (upgrade nor downgrade didn't help) Thanks
    1
    answers
    0
    votes
    63
    views
    kovacs
    asked 2 days ago
  • Hello, after enabling ECS Service Connect we started noticing that requests longer than 15s are cancelled and a 504 response is returned: ``` content-length: 24 content-type: text/plain date: Wed, 25 Jan 2023 19:42:08 GMT server: envoy ``` Seems that envoy is enforcing this 15s timeout. Is this assumption correct? If so, is there any way to configure the timeout?
    0
    answers
    0
    votes
    6
    views
    asked 3 days ago
  • Suppose an 'EKS Cluster' was created, and if no loadbalancers exists, is there any way to associate the 'SSL Policies' without loadbalancer
    1
    answers
    1
    votes
    10
    views
    asked 3 days ago
  • AWS documents 30 default managed node groups per eks cluster, however as its adjustable , need to know the maximum hard limit for the managed node groups per eks cluster without any performance issue ?
    1
    answers
    0
    votes
    25
    views
    asked 3 days ago
  • I am using Free Tier account Last year this time, I could do the ECS bluegreen deployment, as there is such a deployment type option for Blue Green deployment type. However, I found it recently, there is change of ECS, the UI is totally different. After I have created cluster, then goto create service, I have done the following [Capacity provider strategy]-> [user custom(advanced)-> [Fargate]->[Latest] For the Deployment Configuration [Service]-> [nginxTask1]->[1(Latest)] -> key in service name [Replica] -> [1] for Desired task However for the Deployment Options, the Deployment type is disabled, the 'Rolling update' and 'Blue green' is supposed to be here, but I could not select I could not proceed from here could advise the problem, thanks
    2
    answers
    0
    votes
    24
    views
    asked 4 days ago
  • Hi, I am using the **aws-ebs-csi-driver** add-on, and while I was able yesterday to input a custom JSON content, today I tried to upgrade the add-on's version to latest (*v1.15.0-eksbuild.1*) and I got the below error: `ConfigurationValue is not in valid JSON or YAML format.` Here is my JSON: ``` { "controller": { "nodeSelector": { "kubernetes.io/os": "linux", "aaaaa": "xxx-yyy-zzz", "some_other_key": "abcd" } } } ``` which seems valid, according to the schema I get from ``` aws eks describe-addon-configuration --addon-name aws-ebs-csi-driver --addon-version v1.15.0-eksbuild.1 ``` It's very strange that I was able to input that JSON yesterday, but I cannot now? Has the updated version broken something in the schema validator? Is this a bug or something wrong with the data I try to input?
    2
    answers
    0
    votes
    63
    views
    babis
    asked 4 days ago
  • We have deployed a Django application in EKS and used RDS PostgreSQL with RDS proxy as a database backend. Over the last month, we have started noticing occasional 500 "Internal Server Error" responses from our web app with the following error coming from Django: `django.db.utils.OperationalError: connection to server at "<proxy DNS name>" (<proxy IP address>), port 5432 failed: server closed the connection unexpectedly` This suggests that RDS proxy closed the client connection. In Django settings, the configured value of `CONN_MAX_AGE` parameter is the default 0, which means Django opens a new database connection for every query - this means that the observed failures cannot be related to RDS proxy's idle client connection timeout setting, which we have set to 30 minutes. To deal with this issue, we have implemented retries on the service mesh level (Istio). However, we would like to know more about the root cause of the failures and why we have seen an increased frequency of them during the last month - this almost never happened previously. Looking at the proxy and the database metrics in Cloudwatch, it doesn't look like there was increased traffic during the failures. Nevertheless, could the proxy close a client connection during a scaling operation? How can we get more insight into RDS Proxy internal operations? Turning on Enhanced Logging keeps it enabled only for 24 hours and there is no guarantee that the error will occur during that time window - we are also a bit nervous enabling it on production since it can slow down performance.
    1
    answers
    0
    votes
    19
    views
    nikos64
    asked 4 days ago
  • Team I Building a cloudformation stack in which we are creating AWS-EKS cluster and post creation of EKS cluster by using "Custom::Helm" resource type we are deploying Fluentbit in the cluster. ``` AWSTemplateFormatVersion: "2010-09-09" Parameters: pEKSClusterName: Description: Name of the EKS Cluster Type: String Default: EKSCluster VPCID: Description: VPC ID Type: AWS::EC2::VPC::Id AllowedPattern: ".+" Resources: fluentbitagent: Type: "AWSQS::Kubernetes::Helm" Properties: TimeOut: 10 ClusterID: !Ref pEKSClusterName Name: fluent-bit Namespace: aws-cloudwatch Repository: https://aws.github.io/eks-charts Chart: eks/aws-for-fluent-bit Values: image.repository: !FindInMap [RegionMap, !Ref "AWS::Region", cwrepo] ValueYaml: !Sub - | clusterName: ${ClusterName} serviceAccount: create: false name: aws-logs region: ${AWS::Region} vpcId: ${VPCID} - ClusterName: !Ref pEKSClusterName VPCID: !Ref VPCID Mappings: RegionMap: us-east-1: cwrepo: public.ecr.aws/aws-observability/aws-for-fluent-bit ``` I wanted to pass custom value to helm values for Fluentbit, for example i wanted to pass FluentBitHttpPort='2020', TIA:-)
    2
    answers
    0
    votes
    14
    views
    AWS
    asked 5 days ago
  • Hi, I've been trying to update the protectionEnabled flag of my container using the [endpoint](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-scale-in-protection-endpoint.html) . The API and the request are as below : PUT http://169.254.170.2/api/<container-id>/task-protection/v1/state HTTP/1.1 Request : '{"ProtectionEnabled":true,"ExpiresInMinutes":3}' I'm receiving a 400 Bad Error from the API and unable to understand the issue with the request. Would appreciate if someone could help with this. Response: HttpResponseProxy{HTTP/1.1 400 Bad Request [Content-Type: application/json, X-Rate-Limit-Duration: 1, X-Rate-Limit-Limit: 80, X-Rate-Limit-Request-Forwarded-For: , X-Rate-Limit-Request-Remote-Addr: 169.254.172.2:48376, Date: Mon, 23 Jan 2023 22:20:50 GMT, Content-Length: 105] ResponseEntityProxy{[Content-Type: application/json,Content-Length: 105,Chunked: false]}} @timestamp 1674512450139
    0
    answers
    0
    votes
    10
    views
    asked 5 days ago

Popular users

see all
1/18

Learn AWS faster by following popular topics

1/2