0

I want to execute django command ($python manage.py foo) on ecs task (ec2). I do not want to use ssh because production server. I wanted to use AWS Systems Manager Run Command or Session manager.

I added the install command to Dockerfile taking the following page as an example.(https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-install-managed-linux.html)

My docker image is debian because it is python 3.6 image

However, when I checked the ssm configuration method with cfn because there was a need for an activation code, there was no item for activation. (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_SSM.html)

I thought that I would manually create a manager and generate an activation code, but in 30 minutes I found the default setting for the code to expire. In this case, you have to generate an activation code each time you do docker build.

I'm trying to design an operation in this way.

  1. Can I execute shell command on ecs task (your docker image) other than SSM and ssh?

  2. Generate ssm with cfn, can you get an activation code with Ref etc?

  3. Is there a way to make the activation code period indefinitely or unnecessary?

  4. Can I get the ec2 instance of ecs created by my docker image to be displayed on the manager? Thank you

Kouji Kawasaki
  • 153
  • 3
  • 11

1 Answers1

2

You may have a look at aws system manager - session manager. You can connect to any instance by web console or cli without any open port on the instance. Access is controlled by IAM. https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html

If you want connect to your docker containers directly you may can utilize the on premise solution from session manager. https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-managedinstances.html

If you want to connect via ssh to an ec2 instance you can do this with session manager as well without the need to have an open ssh(22) port. https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-getting-started-enable-ssh-connections.html

I've also created a neat SSH ProxyCommand script that temporary adds your public ssh key to target instance during connection establishment to target instance.

AWS SSM SSH ProxyComand -> https://gist.github.com/qoomon/fcf2c85194c55aee34b78ddcaa9e83a1

qoomon
  • 4,549
  • 1
  • 21
  • 27