ECS with AutoScalingGroup cannot use awsvpcTrunking

0

We have an ECS cluster with an autoscaling group (EC2 - m5.large). We want to place more than 3 tasks per instance using the awsvpcTrunking feature, with no luck. We have followed the ENI developer guide (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/container-instance-eni.html) taking into account:

  • We use Amazon Linux 2023 ec2 image ami. This are the networking settings: Enter image description here
  • In the Account Settings AWSVPC Trunking is turned on: Enter image description here

As you can see 2 task started and the remaining are in provisioning state: Enter image description here Enter image description here

已提问 1 年前919 查看次数
2 回答
1

Hello,

Please make sure that the requirements for using the ENI trunking feature are being considered.

Your account must have the AWSServiceRoleForECS service-linked role for ECS.

Also, only new Amazon EC2 instances launched after enabling awsvpcTrunking receive the increased ENI limits and the trunk network interface. Previously launched instances do not receive these features regardless of the actions taken.

You may check the detailed ENI trunking considerations in the link below :

[+] ENI trunking considerations - https://docs.aws.amazon.com/AmazonECS/latest/developerguide/container-instance-eni.html#eni-trunking-considerations

Further, you may go through the following documents for information related to "awsvpcTrunking" :

Also, please refer to the document below for Amazon ECS cluster auto scaling : https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-auto-scaling.html

Thank You!

AWS
已回答 1 年前
0

It's quite confusing but this is NOT a global or account level setting despite it being implied. When it says "AWSVPC Trunking Turned On", it's ONLY showing how it's currently set for the user or role you are logged into the AWS console as.

You are likely launching the ecs cluster instance (ec2) with a different IAM role attached. You can tell by going to EC2, clicking your ecs instance, click security and look at the "IAM Role". If that's different to what's displayed on the EC2 > Account Setting then under Account Info (which lists the IAM user or role you are assuming) then that's your problem.

If that is the case, make sure your role policy has ecs:PutAccountSetting allowed. Then you can run aws ecs put-account-setting --name awsvpcTrunking --value enabled --region yourregion on the ec2 instance, or include that command in the user data when you launch the instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html).

Let me know if that helps, or if I can clarify anything further. I had the same problem today.

已回答 1 年前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则