Register EC2 with ECS
Hello! I'm following the instructions at https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-anywhere-registration.html to register an existing EC2 instance with an ECS Cluster.
My first attempt I recieved a 'Please run as root'.
So I entered root bash command and seem to be running at root, but am still getting a permission error '/tmp/ecs-anywhere-install.sh: Permission'
Note: -The InstanceRole has AmazonEC2ContainerServiceforEC2Role and AmazonSSMManagedInstanceCore policies associated with it. -My intent is to be able to deploy a batch ecs task to this ec2 instance after registering it -this ec2 has a static public ip (via associated EIP) that can be whitelisted (otherwise I'd just use a Fargate launch type for the task).
- The ecs cluster has no load balancing, and only scheduled batch jobs are being associated with it, no persistent services.
I'm sure this is a dumb question, but I'm pretty new to ec2 and managing aws configs and linux generally. Thanks for any helpful leads!
- Newest
- Most votes
- Most comments
After chatting with AWS support, here is the resolution (in case someone else lands on this post):
First, on launch the EC2 instance add to the user data (under advanced options towards bottom of setup screen) the following command: #!/bin/bash echo ECS_CLUSTER={cluster_name} >> /etc/ecs/ecs.config
AND
I had to launch an ecs optimized ami, that was key. I tried the above alone which was not sufficient, but once the ami was ecs optimized it successfully registered after launch.
I thought the problem was that the owner of the file has not changed to root because I downloaded it once as a general user with the curl command.
Try executing the following command once to delete it and then execute the registration command.
rm /tmp/ecs-anywhere-install.sh -f
Or I think changing the ownership of the file to root with the following command will solve the problem.
chown root:root /tmp/ecs-anywhere-install.sh
@Riku Kobayashi thanks for responding to my post. So that did get me past the permissions error! Thank you!
However after pasting the linux registration command from the 'Register External Instances' window from the cluster, there is a timeout that occurs during installation, and from the last log it looks like there is an issue retrieving a valid 'Identity document':
Next, I thought perhaps there is some underlying configuration issue due my instance being Ubuntu and what's installed doesn't have all the information to complete the registration. So, I tried again with a AWS Linux EC2.. and got a similiar error from the log. Though not all the warnings and installation stuff that was in the Ubuntu ec2. I'm assuming due to the AWS AMI already coming installed with all the needed libraries out of the box.
Also I followed the troubleshooting suggested at https://repost.aws/knowledge-center/ecs-instance-unable-join-cluster and followed the instructions for AWSSupport-TroubleshootECSContainerInstance runbook to get AWS System Managers to run a test for this.
The output said:
*The container instance profile DATK-EC2-Role is missing the following required permission(s): ['ecs:RegisterContainerInstance', 'ecs:CreateCluster', 'ecs:DeregisterContainerInstance', 'ecs:DiscoverPollEndpoint', 'ecs:Poll', 'ecs:StartTelemetrySession', 'ecs:UpdateContainerInstancesState', 'ecs:SubmitAttachmentStateChange', 'ecs:SubmitContainerStateChange', 'ecs:SubmitTaskStateChange'] Make sure that the container instance has all the recommended permissions. *
But the DATK-EC2-Role has the AmazonEC2ContainerServiceforEC2Role assigned which has all of those policies allowed...
Relevant content
- asked 2 years ago
- asked 2 years ago
- asked 4 days ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 years ago
- AWS OFFICIALUpdated 3 years ago
@Riku Kobayashi thanks for responding to my post. So that did get me past the permissions error! Thank you! However after pasting the linux registration command from the 'Register External Instances' window from the cluster, there is a timeout that occurs during installation, and from the last log it looks like there is an issue retrieving a valid 'Identity document. The comment has a 600 char limit, so I posted a fuller response as another post below this thread.