How to get inside a container running on AWS Fargate

Introduction

In the case of AWS Fargate, it is inconvenient that I can not investigate because it is not in the container that is running when there is a problem, so I investigated how to enter the container.

If you use ssm-agent, you don't have to open the SSH port and manage the public key to SSH, so I used ssm-agent.

How to install sshd in a container

  1. Keep the SSH port open
  2. Add the public key of the user to ssh to ~ / .ssh / authorzied_keys in the container
  3. Install sshd in the container and start sshd when the container starts.

merit

Demerit

How to install ssm-agent in a container

  1. When the container starts, create an activation with hybrid activation, register it, and start ssm-agent.
  2. Use Session Manager to enter the container

merit

Since it uses a session manager, it has the following merits.

Demerit

https://docs.aws.amazon.com/ja_jp/systems-manager/latest/userguide/activations.html

Access to your Amazon EC2 instance is available at no additional charge.

Source code

https://github.com/f96q/fargate-ssm-sample

Includes Terraform to create an environment that runs on Dockerfile and AWS Fargate

Dockerfile

When using with Alpine, there is no ssm-agent package, so you need to bring it from the source, build it, and install it.

For other Linux distortions, we may provide an ssm-agent package that you can install, in which case you only need to install that package. https://docs.aws.amazon.com/ja_jp/systems-manager/latest/userguide/sysman-manual-agent-install.html

ARG GOLANG_TAG=1.14.4-alpine3.12
ARG ALPINE_TAG=3.12

# ssm agenet builder
FROM golang:$GOLANG_TAG as ssm-agent-builder

ARG SSM_AGENT_VERSION=2.3.1205.0

RUN apk add --no-cache \
         'make~=4.3-r0' \
         'git~=2.26.2-r0' \
         'gcc~=9.3.0-r2' \
         'libc-dev~=0.7.2-r3' \
         'bash~=5.0.17-r0'

RUN wget -q https://github.com/aws/amazon-ssm-agent/archive/${SSM_AGENT_VERSION}.tar.gz && \
    mkdir -p /go/src/github.com && \
    tar xzf ${SSM_AGENT_VERSION}.tar.gz && \
    mv amazon-ssm-agent-${SSM_AGENT_VERSION} /go/src/github.com/amazon-ssm-agent && \
    echo ${SSM_AGENT_VERSION} > /go/src/github.com/amazon-ssm-agent/VERSION

WORKDIR /go/src/github.com/amazon-ssm-agent

RUN gofmt -w agent && make checkstyle || ./Tools/bin/goimports -w agent && \
    make build-linux

# merge image
FROM alpine:$ALPINE_TAG

RUN apk add --no-cache \
      'jq~=1' \
      'aws-cli~=1.18.55-r0' \
      'sudo~=1.9.0-r0'

RUN adduser -D ssm-user && \
    echo "Set disable_coredump false" >> /etc/sudo.conf && \
    echo "ssm-user ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/ssm-agent-users && \
    mkdir -p /etc/amazon/ssm

COPY --from=ssm-agent-builder /go/src/github.com/amazon-ssm-agent/bin/linux_amd64/ /usr/bin
COPY --from=ssm-agent-builder /go/src/github.com/amazon-ssm-agent/bin/amazon-ssm-agent.json.template /etc/amazon/ssm/amazon-ssm-agent.json
COPY --from=ssm-agent-builder /go/src/github.com/amazon-ssm-agent/bin/seelog_unix.xml /etc/amazon/ssm/seelog.xml

COPY docker-entrypoint.sh /
ENTRYPOINT ["/docker-entrypoint.sh"]

CMD ["amazon-ssm-agent"]

docker-entrypoint.sh


#!/bin/sh

set -e


AWS_REGION=${AWS_REGION:-}
SSM_ACTIVATION=$(aws ssm create-activation --default-instance-name "fargate-ssm" --iam-role "service-role/AmazonEC2RunCommandRoleForManagedInstances" --registration-limit 1 --region $AWS_REGION)

export SSM_ACTIVATION_CODE=$(echo $SSM_ACTIVATION | jq -r .ActivationCode)
export SSM_ACTIVATION_ID=$(echo $SSM_ACTIVATION | jq -r .ActivationId)

amazon-ssm-agent -register -code $SSM_ACTIVATION_CODE -id $SSM_ACTIVATION_ID -region $AWS_REGION

exec "$@"

What you have to do manually when you finish using

https://aws.amazon.com/jp/systems-manager/pricing/#On-Premises_Instance_Management

Do the following because you will be charged for the time you are running.

Recommended Posts

How to get inside a container running on AWS Fargate
How to deploy a kotlin (java) app on AWS fargate
How to get a heapdump from a Docker container
How to make a Java container
I tried running a Docker container on AWS IoT Greengrass 2.0
How to deploy a Rails application on AWS (article summary)
How to create a web server on an EC2 instance on AWS
How to get JDK 11 on your mac in a comfortable way
A memorandum on how to use Eclipse
How to redo a deployment on Heroku
How to send push notifications on AWS
How to get the absolute path of a directory running in Java
How to save images on Heroku to S3 on AWS
I tried running Ansible on a Docker container
How to build a Pytorch environment on Ubuntu
How to install Ruby on an EC2 instance on AWS
Memo to build a Servlet environment on AWS EC2
List how to learn from Docker to AKS on AWS
How to make JavaScript work on a specific page
[Java] How to get a request by HTTP communication
As of April 2018 How to get Java 8 on Mac
[Java] How to execute tasks on a regular basis
Fargate to get a rough idea in relation to EC2
How to get started with creating a Rails app
[Docker] How to update using a container on Heroku and how to deal with Migrate Error
How to get the class name / method name running in Java
[AWS] How to check logs
How to connect a container created later to an existing network
How to create a lightweight container image for Java apps
How to create an application server on an EC2 instance on AWS
[IOS] How to get the table name from AWS DynamoDB
How to leave a comment
What to do if you get a "Cannot Pull Container Error" when starting ECS ​​Fargate
How to display a graph in Ruby on Rails (LazyHighChart)
How to install GNOME as a desktop environment on CentOS 7
How to get started with JDBC using PostgresSQL on MacOS
[jsoup] How to get the full amount of a document
How to insert a video
How to create a method
[Docker] How to access the host from inside the container. http://host.docker.internal:
How to run a mock server on Swagger-ui using stoplight/prism (using AWS/EC2/Docker)
How to automatically operate a screen created in Java on Windows
How to run a job with docker login in AWS batch
[Rails] How to put a crown mark on the ranking function
How to install Adopt OpenJDK on Debian, Ubuntu with apt (-get)
How to use Java HttpClient (Get)
How to deploy jQuery on Rails
How to add columns to a table
How to deploy Laravel on CentOS 7
How to get started with slim
How to "hollow" View on Android
How to install ImageMagick on Windows 10
How to use Ruby on Rails
How to sign a Minecraft MOD
To beginners launching Docker on AWS
How to make a JDBC driver
Run React on a Docker container
Build a Minecraft server on AWS
How to deploy Bootstrap on Rails
How to run JavaFX on Docker
How to get parameters in Spark