AWS ECS: Run Tasks Failed Reasons : ["ATTRIBUTE"]

Question

While trying to run a task in EC2 instances, I get this terrible error message.

Run tasks failed
Reasons : ["ATTRIBUTE"]

Like many others, I was referred to check out the "requiresAttributes" section of my task where I found this list:

  "requiresAttributes": [
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "ecs.capability.execution-role-ecr-pull"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "ecs.capability.task-eni"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "com.amazonaws.ecs.capability.ecr-auth"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "com.amazonaws.ecs.capability.task-iam-role"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "ecs.capability.execution-role-awslogs"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
    }
  ]

While trying to added these seemingly useless attributes to my cluster's instances, I am blocked. The AWS console says that certain prefixes like ecs are not allowed to be customized/added.

How does one match the attributes when the platform doesn't allow it?

I've also researched into creating instances with different AMIs, but Amazon ECS doesn't allow this and simply defaults with their most recent.

Amazon ECS is a really cool product, but this reflects some of its immaturity. I actually went into ECS from a beanstalk background hoping that the professional suite would be as promised to orchestrate containers. Instead, I have a handful of reasonable complaints after using it for 3 hours!

Answer 1

I ran into this same situation trying to run a Windows docker container in ECS.

In my case, the task definition showed the following required attributes:

Describing the ECS instance with aws ecs describe-container-instances --cluster=ClusterName --container-instances arn:<rest of the instance arn> showed that they were missing the ecs.capability.execution-role-awslogs and com.amazonaws.ecs.capability.logging-driver.awslogs attributes.

The solution was documented at https://github.com/aws/amazon-ecs-agent/issues/1395, and was to set the ECS_ENABLE_AWSLOGS_EXECUTIONROLE_OVERRIDE environment variable to True with the command [Environment]::SetEnvironmentVariable("ECS_ENABLE_AWSLOGS_EXECUTIONROLE_OVERRIDE", $TRUE, "Machine"). Once the Amazon ECS service was restarted, I could deploy my tasks.

So depending on your situation you may find there is some override that you can apply to give your ECS instances the attributes they require.