- 最新
- 最多得票
- 最多評論
This might be happening due to network configuration/nacl/sg. AWS CLI connects to AWS services via SSL endpoints by default and if your instance doesn't allow SSL(443) traffic out, this behavior would be observed.
Thanks - I have updated the post above to show why I think it cannot be a SSL connectivity issue - the same client is able to execute the problematic scenario against other accounts in the same region - also, I can get an error response from the ecs-cli logs command if I mis-specify the task-id, so the request is clearly making it to the API.
Please make sure that your ECS task is using the awslogs
driver and have a log stream prefix specified.
Also, check if the IAM user/role being used to run the ecs-cli has the following IAM actions allowed.
logs:FilterLogEvents
ecs:DescribeTasks
ecs:DescribeTaskDefinition
It is also worth checking if your outbound network connectivity to ecs.<region>.amazonaws.com
and logs.<region>.amazonaws.com
is intact.
As your issue seems to be account/cluster specific, it would be better to reach out to AWS Support.
If you have the above mentioned pre-requisites already in place, please open a support case with AWS using the link: https://console.aws.amazon.com/support/home?#/case/create
Thanks for your reply.
Yes the ECS task has awslogs configured. I know this because it used to work, it briefly worked for a couple of days after it stopped working and it does still work in other accounts and the relevant configuration is the same (we use terraform to manage out environments).
The user does have all these permissions - the user actually as the Administrator role. Again, this user is configured in exactly the same manner as corresponding users in other AWS accounts where the problem does not occur.
SSL connectivity is verified - the same scenario executes without error from the same client talking to the same AWS API endpoints in the same AWS region. Also, I do get an error response if the --task-id is mis-specified. Only if the --task-id is valid does it hang (for at least 10 minutes, probably indefinitely)
I have reached out to AWS Support, but I figured I would post here just in case others run across the same issue.
相關內容
- AWS 官方已更新 1 年前
- AWS 官方已更新 2 年前
- AWS 官方已更新 2 年前
Can you specify the number log events in the Cloudwatch group? May be it is taking time to pull all the logs since you specified the application is running for 2.5 years!