Access Fargate Windows Container
Problem Statement
AWS provides way to access Linux based Fargate container using ECS Exec. But it doesn’t support Windows Container. Refer section “Fargate for Windows tasks unsupported features” in this post.
We could ship Windows/App/IIS logs to centralised logging system but still may need to connect some container to debug issues. Without ECS Exec, I personally don’t feel comfortable going live with Fargate Windows tasks.
Note — I am using Windows task for .NET Framework 4.8 based apps.
Solution
Key Points:
- Treat Windows container (Fargate task) as Non AWS system like On-Premise system.
- Bake SSM agent on container image
- Configure SSM agent in runtime as Hybrid Environment
- Run Powershell Script using SSM to fetch any details/info to debug container app.
Detailed Steps
Note — This are steps from UI but I would encourage you to automate it and integrate in your pipeline.
- SSM Console → Node Management → Create Activation
2. Enter all required information → Click on “Create Activation”. You will get “activation-code" & "activation-id". This activation will be used in later step to configure SSM. Note → Code will expire in 30 day.
3. Bake SSM in Container Image
PS Code to download n bake SSM Agent —
$dir = $env:TEMP + “\ssm”
$region = “<>”
New-Item -ItemType directory -Path $dir -Force
cd $dir
(New-Object System.Net.WebClient).DownloadFile(“https://amazon-ssm-$region.s3.$region.amazonaws.com/latest/windows_amd64/AmazonSSMAgentSetup.exe", $dir + “\AmazonSSMAgentSetup.exe”)
4. Configure SSM Agent
$code = “activation-code" $id = "activation-id"
$region = "<region>"
Start-Process .\AmazonSSMAgentSetup.exe -ArgumentList @("/q", "/log", "install.log", "CODE=$code", "ID=$id", "REGION=$region") -Wait
Get-Content ($env:ProgramData + "\Amazon\SSM\InstanceData\registration")
Get-Service -Name "AmazonSSMAgent"
Refer AWS link on how to deploy and configure SSM Agent in hybrid mode
5. Now you may check the status from SSM. Also, may run PS command or script remotely.