AWS container services offer the broadest choice of services to run your containers and run on the best global infrastructure, with 77 Availability Zones across 24 regions. AWS also provides strong security isolation between your containers, ensures you are running the latest security updates, and gives you the ability to set granular access permissions for every container.
Recent questionssee all
Help with connector configuration option "AWSSecretsArnList"
I am currently trying to set up a Docker Application Deployment connector in AWS IoT GreenGrass and since I need to authenticate the private repository that I will be pulling the docker images from, I also need to add the secret that I've created with the auth values to the configuration. The problem is that when I try to add the arn of the secret to the "**AWSSecretsArnList**" option, it gives me this warning: "**AWSSecretsArnList: List of ARNs**" I've tried following the example and pattern that are given inside the documentation about the Docker Application Deployment at https://docs.aws.amazon.com/greengrass/v1/developerguide/docker-app-connector.html#docker-app-connector-param , but it seems to be fruitless. Has anyone had similar experience and how did you find a way to resolve it. Am I overlooking something inside the documentation, or do I need to take a look somewhere else? Thanks!
App Runner service creation failed
Unable to create app runner service, here is the App Runner service ARN - arn:aws:apprunner:eu-west-1:770785616967:service/website-app-deploy-test-envs/9b8c8ad1fa4a419f9960bac46f58b75a. Creating this onbehalf of the customer for github issue - https://github.com/aws/apprunner-roadmap/issues/110#issuecomment-1331809397
Updating an ECS service automatically using the CLI via Lambda
I have a multi-container application that runs a service on ECS. The images are hosted on ECR, configuration files are pulled from a S3 bucket during container startup via script. The application sits behind a network loadbalancer with EIP. The loadbalancer is in a public subnet and reachable, the app itself is inside a private subnet. My ultimate goal is to automatically update the service when either a.) a new image is checked in or b.) a new configuration file is uploaded. I figured the best way to do this behind a network load balancer (which supports rolling update) is to use the AWS ECS CLi inside a lambda function that triggers upon update. If I did not misread the docs, the CLI should trigger a rolling update. To test the CLI, I tried: `aws ecs update-service --cluster mycluster --service myservice --force-new-deployment` However, this was not successful. A new task was created, but was stopped before deployment was finished with log message: > Essential container in task exited Parameters for the service are min. 100 % and max. 200 %. I also tried to set the lower bound of running tasks to 0 %. This resulted in the successful exit of the old task, but the new tasks failed to deploy with the same error. This makes me think that I probably configured something incorrectly. Questions: 1.) Is using a lambda function a smart choice here? Or is there a better way? 2.) How can I troubleshoot the failing rolling update? I appreciate any help! If you need more information, please let me know. Best regards, Sebastian
Run a task every hour - using containers
I am looking to use containers to run a task every hour using containers. Imagine the task takes 20 minutes, so it's not suitable for lambda, and it's not suitable for EC2, since 40 minutes out of every hour the instance would be idle. I have created a container that runs one simple task, (writes a row into a database) then stops. I created a docker container, pushed this to ECR, then created an ECS task that appears to run the task constantly (starting / restarting). I set the number of tasks to 0 for the cluster to stop this behaviour. I then created a schedule using AWS event bridge, and set it to run the task every hour, but it's not running at all. Can anyone suggest something that I should look at to achieve the desired scheduled task?
Does EKS perform any updates without initiation from administrator?
Premise: - Updates of kubernetes version or of the node group AMI drain nodes and and gracefully terminate any pods running on the nodes. - We want to make sure that this happens only at times that we choose. Question: Must any updates that are performed be initiated by me (or by some other principal such as terraform)?
Accessing my AWS Lightsail Container Image Files
I am running container on lightsail service. I pulled it as a ready image from my container "dockerhub". Thus, I can access my docker image from the "public domain" in my container. But I want to create username and password for this image application. Normally, I was able to create a username and password when using it locally on my own computer. But I have no idea how to access my image's files in container. Can you help me?
How to deploy frontend and backend in one CICD (CodePipeline)?
I have set up a CICD for the frontend of my App which is using Codepipeline, Code Build, and it deploys frontend of my app to ECS Fargate container. Similarly, I have setup a CICD for backend of my App which is also using Codepipeline, Code Build and it deploys backend of my app to ECS Fargate Container. The problem is that both frontend and backend of my application are in two different Bitbucket repositories. Is there any good practice to manage this in one CICD. Basically, I want to deploy my app's frontend and backend to one ECS Fargate cluster. Right now two ECS Fargate clusters are being used. I just want to deploy my application as one solution which eventually contains two containers but in a single cluster. I am following [this tutorial](https://medium.com/swlh/aws-cloudformation-managed-complete-ecs-infrastructure-including-ci-cd-pipeline-from-github-to-ecs-b833bb44e01c) if someone wants to get more details. Is there any best practice that I should follow for my solution? Any suggestion for the improvement will be appreciated greatly.
Facing CORS error on AWS ECS Fargate container
I have deployed my application backend on AWS ECS Fargate container and I deployed my application on second AWS ECS Fargate container. Both, frontend and backend, are using two different load balancers. But when I try to connect my frontend with backend it is throwing a CORS error that you can see in the following picture. ![CORS ERROR](/media/postImages/original/IMtioicrX8ThG8QtwRu35mEQ) Does anyone have any idea why this error is coming and how I can resolve it?
Is App Runner (ECR) compatible with ARM64 CPU architecture?
When deploying an application in App Runner through an ECR image I'm getting the following error inside the container: "exec format error". The docker image was built on a MacBook Air M1 laptop. After some googling, the error message seams to indicate an issue related to the cpu architecture. I found support for ARM64 in ECS (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-arm64.html), but it requires some special configuration on the task to indicate the cpu architecture. I can't find documentation that explains if ARM64 is supported by App Runner or not. In case it is not supported, it will be great to have this kind of information in the App Runner FAQ or a limitations page in the service documentation.
Does EKS support topology Aware Hints?
I was trying to setup this thing https://kubernetes.io/docs/concepts/services-networking/topology-aware-hints/ After adding annotation to my service I don't see hints on EndpointSlice. Pretty sure I have enough pods in each zone. Nodes has correct labels also. My k8s version is` v1.23.13-eks`. I am thinking that EKS just doesn't support this feature because it's still beta, or problem is on my side?
Amazon Managed Grafana (AMG) can't query data from Amazon Managed Prometheus (AMP)
Hi guy! I'm setting up Amazon Managed Grafana (AMG) to monitor my K8s cluster. The AMG will query data from Amazon Managed Prometheus (AMP) to get data and show it in dashboard. I follow the document to implement but the AMG can't query data from Prometheus in the final step. This is my reference resource. 1. https://www.eksworkshop.com/intermediate/246_monitoring_amp_amg/ 2. https://aws.amazon.com/blogs/mt/getting-started-amazon-managed-service-for-prometheus/ 3. https://www.youtube.com/watch?v=hAnSqrL8Hfc If you know how to fix it, please help me. ![Enter image description here](/media/postImages/original/IM6abUGZnfTIaDd7NE7HJpBQ) ![Enter image description here](/media/postImages/original/IMZjs_lWn-QXeJbPDSRwqYug) ![Enter image description here](/media/postImages/original/IMqDdllGsyS3Kj4sR3erZYww)
MWAA Airflow ssh Access to Fargate?
Hi all, We are in the migration process from self-hosted airflow on ec2 to mwaa, I want to ssh into the scheduler, run few ls commands, run pip list/freeze, assign path,env variable, import aws connection etc, i know we can send airflow commands like dags backfill/list etc but is it possible to connect to the executor that runs on fargate ? When i run aws ecs list-clusters it does not return anything but i have 2 mwaa environments running Thanks
Create a cloudwatch alarm if my running count in ecs service is 0
I have an ecs cluster with fargate as launch type and one service which has desired count as 1. In somecase all my task may stop and there may a bug in the last updated code , hence the task will be created and deleted frequently. If this scenario happens I need to get notified. The desired count would be 1 , but the task keeps on deleting and creating as there may be any scenario that stops the container.
Please share the steps to integrate AWS Secrets Manager with secrets.yaml file
we are running application in EKS Cluster environment. we are having secrets yaml file which includes DB configuration, Snowflake credentials, etc.. we want to move this secrets information to AWS Secret Manager. Could you please share the steps to implement?
AppRunner-RDS connection issues
I'm deploying an AppRunner service using an ECR Image, this service is public (both outgoing and incoming) and the actual issue is that I can't connect to a public RDS database. Actually RDS database is public just for debugging purposes and rapid testing of the image but my application can't reach (ETIMEOUT) that public database. Database endpoint is public and sg is allowing all inbound and all outbound. The same image deployed in ECS Fargate works correctly and also in my local environment while pointing to the public RDS instance. Is that an issue or am I missing something?
Does AWS managed prometheus support ingestion by Prometheus from a different cloud provider?
I have a few clusters with a different cloud provider and I'm planning to use AWS-managed Prometheus/Grafana to work on the data. Is this even possible? I know the two supported ones are from either an EKS cluster or a self-managed Kubernetes one hosted on EC2. Thank you for the responses.
Popular userssee all
Learn AWS faster by following popular topics