ECS ENI Trunking

0

Hello,

When I try to enable ENI Trunking from the ECS Console under "account settings", it doesn't work. However when I use the CLI to enable it account setting default with the below command it works.

aws ecs put-account-setting-default
--name awsvpcTrunking
--value enabled
--region us-east-1

I need help reasoning this out.

Thank you!

2개 답변
0

Hello.

In my AWS account, I was able to change the settings from the management console and confirm that they were reflected.
Can you confirm that the "PutAccountSetting" action is recorded in CloudTrail's API history after operating it from the management console?
If the operation is performed normally from the management console, it should be recorded in CloudTrail.
Also, there may be a slight delay in the update being reflected in your browser, so please try refreshing your browser and clearing your cache.

profile picture
전문가
답변함 9달 전
  • Hi Riku, Thank you for the reply. Yes "PutAccountSettings" is being recorded on CloudTrail, however still not working when I try with a new incognito window.

0

Hello,

Please note that "PutAccountSetting"[1] API will make the account setting changes specific to the Console user where as "put-account-setting-default" cli command (PutAccountSettingDefault API [2]) will modify the account setting for all users on an account for whom no individual account setting has been specified.

As per ECS documentation[3], there is specific way to enable the awsvpcTrunking account setting

Any user can use the PutAccountSettingDefault API to enable all IAM users and roles on an account.
A root user can use the PutAccountSetting API to enable the user or container instance role that will register the instance with the cluster
A container instance role can enable itself when the PutAccountSetting API is run on an instance prior to it being registered with a cluster

As you can see, it is recommended to use root user or container instance role while using PutAccountSetting API from console and I infer that your console role is not root and hence you notice the difference with ECS Console Account settings and aws ecs put-account-setting-default

References: [1] https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PutAccountSetting.html [2] https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PutAccountSettingDefault.html [3] https://docs.aws.amazon.com/AmazonECS/latest/developerguide/container-instance-eni.html

AWS
지원 엔지니어
답변함 9달 전
  • Hi Nambinayagan, Thank you for the details. yes you are right, I have followed everything from the documentation and I understand totally. However for some reason it just doesn't work when I enable ENI trunking from from console. I disabled at account level and IAM user level first to make sure, then I enabled it from the console but doesn't really work - then I disabled it from the console and enabled from CLI at account level then it works. I don't know it's really boggling me. I will check once again to make sure I am not missing something here. And of course it will be difficult to help if you cannot recreate the issue from your end.

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠