By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

ECS ENI Trunking

0

Hello,

When I try to enable ENI Trunking from the ECS Console under "account settings", it doesn't work. However when I use the CLI to enable it account setting default with the below command it works.

aws ecs put-account-setting-default
--name awsvpcTrunking
--value enabled
--region us-east-1

I need help reasoning this out.

Thank you!

Topics
Containers
Tags
Amazon Elastic Container Registry (ECR)Amazon Elastic Container ServiceECS Service Discovery
Language
English
Aman
asked 4 months ago325 views
2 Answers
0

Hello.

In my AWS account, I was able to change the settings from the management console and confirm that they were reflected.
Can you confirm that the "PutAccountSetting" action is recorded in CloudTrail's API history after operating it from the management console?
If the operation is performed normally from the management console, it should be recorded in CloudTrail.
Also, there may be a slight delay in the update being reflected in your browser, so please try refreshing your browser and clearing your cache.

profile picture
EXPERT
Riku_Kobayashi
answered 4 months ago
  • Aman
    4 months ago

    Hi Riku, Thank you for the reply. Yes "PutAccountSettings" is being recorded on CloudTrail, however still not working when I try with a new incognito window.

0

Hello,

Please note that "PutAccountSetting"[1] API will make the account setting changes specific to the Console user where as "put-account-setting-default" cli command (PutAccountSettingDefault API [2]) will modify the account setting for all users on an account for whom no individual account setting has been specified.

As per ECS documentation[3], there is specific way to enable the awsvpcTrunking account setting

Any user can use the PutAccountSettingDefault API to enable all IAM users and roles on an account.
A root user can use the PutAccountSetting API to enable the user or container instance role that will register the instance with the cluster
A container instance role can enable itself when the PutAccountSetting API is run on an instance prior to it being registered with a cluster

As you can see, it is recommended to use root user or container instance role while using PutAccountSetting API from console and I infer that your console role is not root and hence you notice the difference with ECS Console Account settings and aws ecs put-account-setting-default

References: [1] https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PutAccountSetting.html [2] https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PutAccountSettingDefault.html [3] https://docs.aws.amazon.com/AmazonECS/latest/developerguide/container-instance-eni.html

AWS
SUPPORT ENGINEER
Nambinayagan_Y
answered 4 months ago
  • Aman
    4 months ago

    Hi Nambinayagan, Thank you for the details. yes you are right, I have followed everything from the documentation and I understand totally. However for some reason it just doesn't work when I enable ENI trunking from from console. I disabled at account level and IAM user level first to make sure, then I enabled it from the console but doesn't really work - then I disabled it from the console and enabled from CLI at account level then it works. I don't know it's really boggling me. I will check once again to make sure I am not missing something here. And of course it will be difficult to help if you cannot recreate the issue from your end.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content