- Newest
- Most votes
- Most comments
Hi.
- Can you confirm containers in task launched successfuly from container logs?
- What network mode are you using?EC2's default is bridge, so different from awsvpc used in AWS Fargate.
Hello Brian,
Could you please check the following troubleshooting steps and let me know if these help you?
- Please make sure you have allocated an IAM role to your launch template. Check the documentation for the IAM role here
- Please make sure you are using ECS optimised AMI or have the required tooling installed in your AMI.
- Please make sure that the autoscaling group you created has "maximum" instance configured for the group to be greater than 0.
- Please make sure the instances have either public IP or route to NAT gateway or VPC endpoint so that they can contact Amazon ECS service endpoint.
- . If you have more than 1 cluster in your region, please make sure in your launch template you have the following user data configured:
#!/bin/bash
echo ECS_CLUSTER=your_cluster_name >> /etc/ecs/ecs.config
This documentation here contains all of the above steps with a few more that are needed to configure EC2 instances in ECS, please have a look in case the above top 5 suspects does not work for you.
To troubleshoot further, you could also look login to your instance and check the logs under /var/log/ecs/ecs-agent/*
Thanks, Manish
Maybe there is a big piece of information that I have not understood when using ECS with EC2 versus Fargate. Do I have to create an EC2 instance first, before I even LOOK at creating ECS clusters, services, security groups, load balancers, and target groups? I have made the assumption that EC2 instances would get created on demand.
If that is so, I have created an EC2 instance according to the documentation linked above. Now what do I do when I create clusters, etc. on the ECS page?
Manish: I created an EC2 instance according to this: https://us-east-1.console.aws.amazon.com/ec2/home?region=us-east-1#LaunchInstances: I got a 'default' cluster on my ECS page. I do not know what to do with it. It has forced options I don't want when trying to create a service. I have an EC2 instance running. How do I connect that EC2 instance to MY cluster that I have created? How do I attach a certificate? Do I need a load balancer or does the EC2 instance security group take care of HTTPS to HTTP in the container?
TO add further, a video on how to use ECS with EC2 for an https remote client but http container would be great. Would save me (now) three weeks of frustration.
I would recommend that you use capacity providers for using EC2 instances with your existing ECS cluster. You will have to create a launch template and autoscaling group beforehand. Please follow this documentation - https://docs.aws.amazon.com/AmazonECS/latest/developerguide/create-capacity-provider-console-v2.html
When you are creating the autoscaling group for your capacity provider, please make sure you are configuring the below 2 things in your launch template:
- You are using an ECS optimised AMI(you can get one by AWS from marketplace).
- Allocated an IAM role to your launch template (This will be under the Advanced settings in Launch template). https://docs.aws.amazon.com/AmazonECS/latest/developerguide/instance_IAM_role.html
and also in your auto-scaling group you have maximum instances set as more than 0.
If you follow the above steps, when you launch your service next, you would see in your cluster, under infrastructure, you have container instances getting registered where ECS would then place the service/tasks.
Generic documentation for how to create launch template can be found here: https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-launch-template.html#create-launch-template-for-auto-scaling You can keep everything as default apart from the AMI, IAM role and your security group configurations for your use-case.
Relevant content
- asked 21 days ago
- asked 6 months ago
- asked 8 months ago
- asked 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 6 days ago
- AWS OFFICIALUpdated a year ago
There are no logs, so the container never deployed. I am using awsvpc. I am not sure from the descriptions of these network modes what the consequences of the choice mean, or what the side effects are for other configurations when one chooses one or the other. The only real clear explanations I ever find are in You Tube tutorials if you are lucky enough to find one that covers your problem..
It seems containers not up and running. Is it possible to pull container image and run on EC2 instance which used from ECS manually?
I am not quite sure what you mean - create an EC2 instance and run the container on it? That seems like it would be quite a bit of work as I would need a server to handle internet facing requests. I know the container is okay, as I have managed to deploy both nginx AND my desired code (which is a task consisting of two containers) using Fargate. I don't recall at this time if I succeeded in getting my desired code to work using https with Fargate (I did get the nginx working with https and Fargate). The problem with the desired code is that is uses 8080 and AWS makes it VERY hard to change that port on its target groups and security groups. There is often chicken-and-egg problems doing that.
I think the container image is fine since it is running on Fargate, but I am concerned that the EC2 instance (and its network) that is trying to run the ECS task is properly configured. You say that there are no logs of containers being started, but I thought it would be a good idea to do a docker pull of the container image and see if it can be started with docker exec in order to isolate if it is a configuration issue on the ECS side.