How can I connect to a database from an Amazon ECS task on Fargate?

3 minute read

I want to connect to a database from an Amazon Elastic Container Service (Amazon ECS) task on AWS Fargate.


Before completing the following steps, confirm that you have an Amazon ECS cluster running on Fargate and an Amazon Relational Database Service (Amazon RDS) database. Amazon ECS and Amazon RDS might have communication issues. For more information, see How do I troubleshoot connectivity issues between my Amazon ECS tasks for an Amazon EC2 launch type and an Amazon RDS database?.

Note: The following resolution uses MySQL as the engine type.

Connect your task to your database

1.    Create a Python script that connects to your MySQL database.

The following example script outputs the result of the connection to the database to Amazon CloudWatch:

import pymysql
import os
Database_endpoint = os.environ['ENDPOINT']
Username = os.environ['USER']
Password = os.environ['PASS']
  print("Connecting to " + Database_endpoint)
  db = pymysql.connect(host = Database_endpoint, user = Username, password = Password)
  print("Connection successful to " + Database_endpoint)
except Exception as e:
  print("Connection unsuccessful due to " + str(e))

Note: Replace ENDPOINT, USER, and PASS with your database values.

2.    Create a Dockerfile that includes the required commands to assemble an image. For example:

FROM python
RUN pip install pymysql cryptography
CMD [ "python", "/" ]

Important: Be sure to place your script and Dockerfile in the same folder.

3.    Create an Amazon ECR repository, and then push the Docker image to that repository.

4.    Create a task definition, and then add the Docker image from step 2 as the container image. For example:

  "executionRoleArn": "arn:aws:iam::account_ID:role/ecsTaskExecutionRole",
  "containerDefinitions": [{
    "name": "sample-app",
    "image": "YOUR-ECR-Repository-URL",
    "essential": true
  "requiresCompatibilities": [
  "networkMode": "awsvpc",
  "cpu": "256",
  "memory": "512",
  "family": "sample-app"

Note: In your task definition, set the values for the ENDPOINT, USER, and PASS environment variables. You can pass these values directly as environment variables or retrieve them from secrets in AWS Secrets Manager. For more information, see How can I pass secrets or sensitive information securely to containers in an Amazon ECS task?

5.    Open the Amazon ECS console, and choose Task Definitions from the navigation pane.

6.    Select your task definition, choose Actions, and then choose Run Task.

7.    For Launch type, choose FARGATE.

8.    For Cluster, choose the cluster for your task definition.

9.    For Number of tasks, enter the number of tasks that you want copied.

10.    In the VPC and security groups section, for Cluster VPC, choose your Amazon Virtual Private Cloud (Amazon VPC).

11.    For Subnets, choose your subnets.

12.    For Security groups, select at least one security group.

13.    Choose Run Task.

The script stops the task and returns the following message:

Essential container in task exited.

Confirm that your task is connected to your database

1.    Open the Amazon ECS console.

2.    From the navigation menu, choose Clusters, and then choose your cluster.

3.    Choose the Tasks tab.

4.    For Desired task status, choose Stopped to see a list of stopped tasks.

5.    Choose your stopped task.

6.    On the Details tab of your stopped task, in the Containers section, choose the expander icon.

7.    Choose View logs in CloudWatch.

You should see the following message in the Amazon CloudWatch console:

Connection successful to [Your Endpoint]
AWS OFFICIALUpdated a year ago