How can I run commands in a running container in AWS ECS using Fargate

Question

If I am running container in AWS ECS using EC2, then I can access running container and execute any command.

ie. docker exec -it <containerid> <command>

How can I run commands in the running container or access container in AWS ECS using Fargate?

Answer 1

Update(16 March, 2021):

AWS announced a new feature called ECS Exec which provides the ability to exec into a running container on Fargate or even those running on EC2. This feature makes use of AWS Systems Manager(SSM) to establish a secure channel between the client and the target container. This detailed blog post from Amazon describes how to use this feature along with all the prerequisites and the configuration steps.

Original Answer:

With Fargate you don't get access to the underlying infrastructure so docker exec doesn't seem possible. The documentation doesn't mention this explicitly but it's mentioned in this Deep Dive into AWS Fargate presentation by Amazon where this is mentioned on slide 19:

Some caveats: can’t exec into the container, or access the underlying host (this is also a good thing)

There's also some discussion about it on this open issue in ECS CLI github project.

You could try to run an SSH server inside a container to get access but I haven't tried it or come across anyone doing this. It also doesn't seem like a good approach so you are limited there.

Answer 2

AWS Fargate is a managed service and it makes sense not to allow access into containers. If you need to troubleshoot the container you can always increase the log level of your app running in containers. Best practices on working with containers says

"Docker containers are in fact immutable. This means that a running container never changes because in case you need to update it, the best practice is to create a new container with the updated version of your application and delete the old one."

Hope it helps.