5

I deployed an ECS Task to a cluster, using the AWS Fargate launch type. It's currently in the RUNNING state, and everything looks healthy from the CloudWatch Log stream as well.

Now that it's running, I need to add a second security group to the Task, so that a separate ECS Task can access the service that's exposed by the first task.

When I navigate to the first Task's details, I can see a link to an Elastic Network Interface (ENI). When I click on that, it takes me over to the ENI section of the AWS Management Console. When I choose Actions --> Change Security Groups, add a security group, and click the Save button, I get the following error message.

Failed to change security groups for network interface .
You do not have permission to access the specified resource.

AWS Fargate ENI error message

Question ❓

Is it possible to modify the associated security groups with an AWS Fargate Task's ENI?

1 Answers1

1

!! Fargate mode !!

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking-awsvpc.html

The task ENI is fully managed by Amazon ECS. Amazon ECS creates the ENI and attaches it to the host Amazon EC2 instance with the specified security group. These ENIs are visible in the Amazon EC2 console for your account, but they cannot be detached manually or modified by your account.

Vladyslav Didenko
  • 1,352
  • 1
  • 14
  • 19