5

I am running aws ecs execute-command --cluster UltimaF --task 838d773b17954bcfbbacf343fb4fea70 --container ultima --interactive --command "/bin/sh"

Getting back: An error occurred (InvalidParameterException) when calling the ExecuteCommand operation: The execute command failed because execute command was not enabled when the task was run or the execute command agent isn’t running. Wait and try again or run a new task with execute command enabled and try again.

I have ensured that:

  1. The task is running.
  2. aws ecs describe-tasks --cluster UltimaF --tasks 838d773b17954bcfbbacf343fb4fea70 returns "enableExecuteCommand": true
  3. Task role has the following permissions attached:
    • ssmmessages:CreateControlChannel
    • ssmmessages:CreateDataChannel
    • ssmmessages:OpenControlChannel
    • ssmmessages:OpenDataChannel

I am running on Windows, aws-cli/2.8.2

UPDATE: after running ecs exec checker I have two yellow items and one red:

    ----------
      Managed Agent Status
    ----------
         1. STOPPED (Reason: null) for "ultima" - LastStartedAt: null
    ----------
      Init Process Enabled (first-run-task-definition:12)
    ----------
         1. Disabled - "ultima"

UPDATE two:

This issue suggests ecs:clustername_taskid_containerruntimeid but for me it returns an error: An error occurred (TargetNotConnected) when calling the StartSession operation: ecs:UltimaF_838d773b17954bcfbbacf343fb4fea70_838d773b17954bcfbbacf343fb4fea70-2587323273 is not connected.

Question: How do I connect?

SweetFeet
  • 132
  • 1
  • 1
  • 14
Anatoly Bugakov
  • 772
  • 1
  • 7
  • 18
  • Did you go through all the requirement here? https://docs.aws.amazon.com/toolkit-for-vscode/latest/userguide/ecs-exec.html – Mark B Nov 08 '22 at 12:39
  • 1) I am not using VS Code here. 2) the link you sent really just mentions Enable Command Execution. I did that. – Anatoly Bugakov Nov 08 '22 at 12:46
  • Sorry, I gave the wrong link: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-exec.html But both links mention other things like the required IAM role permissions on the ECS task. – Mark B Nov 08 '22 at 12:48
  • Thank you! The link does mention managed agent needs to be running but doesn't say anything about what to do if it is Stopped and why it is. – Anatoly Bugakov Nov 08 '22 at 13:30
  • Did you verify it has the correct IAM permissions needed to connect to the SSM service? – Mark B Nov 08 '22 at 13:33
  • Yes indeed. see point 3. – Anatoly Bugakov Nov 08 '22 at 13:37

1 Answers1

1

I faced this issue before and after running the execute-command it's still the same so I removed the task under service and the new container got access with no issue.

Arsany Atya
  • 11
  • 1