Is it possible to SSH into FARGATE managed container instances?

ssh amazon-web-services aws-fargate

Looking on that issue on github https://github.com/aws/amazon-ecs-cli/issues/143 I think it's not possible to make docker exec from remote host into container on ECS Fargate. You can try to run ssh daemon and your main process in one container using e.g. systemd (https://docs.docker.com/config/containers/multi-service_container/) and connect to your container using SSH but generally it's not good idea in containers world.


Starting from middle of March 2021 it is possible to execute command in ECS container when the container runs in AWS Fargate, check Using Amazon ECS Exec to access your containers on AWS Fargate and Amazon EC2

Quick check list:

  1. Enable command execution in the service.
  2. Make sure to use latest platform version in the service.
  3. Add ssmmessages:.. permissions to the task execution role.
  4. Force new deployment for the service to run tasks with command execution enabled.

This should allow to run /bin/bash command and get interactive shell into the container running on AWS Fargate. This all is clearly explained in the article I have referenced above.


It is possible, but not easy.straight forward. Shortly: install SSH, don't expose ssh port out from VPC, add bastion host, SSH through bastion.

A little bit more details:

  • spin up SSHD with password-less authentication. Docker instructions
  • Fargate Task: Expose port 22
  • Configure your VPC, instructions
  • create EC2 bastion host
  • From there SSH into your Task's IP address

Here is an example of adding SSH/sshd to your container to gain direct access:

# Dockerfile
FROM alpine:latest

RUN apk update && apk add --virtual --no-cache \
  openssh

COPY sshd_config /etc/ssh/sshd_config

RUN mkdir -p /root/.ssh/
COPY authorized-keys/*.pub /root/.ssh/authorized_keys
RUN cat /root/.ssh/authorized-keys/*.pub > /root/.ssh/authorized_keys
RUN chown -R root:root /root/.ssh && chmod -R 600 /root/.ssh

COPY docker-entrypoint.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/docker-entrypoint.sh
RUN ln -s /usr/local/bin/docker-entrypoint.sh /

# We have to set a password to be let in for root - MAKE THIS STRONG.
RUN echo 'root:THEPASSWORDYOUCREATED' | chpasswd

EXPOSE 22
ENTRYPOINT ["docker-entrypoint.sh"]

# docker-entrypoint.sh
#!/bin/sh

if [ "$SSH_ENABLED" = true ]; then
  if [ ! -f "/etc/ssh/ssh_host_rsa_key" ]; then
    # generate fresh rsa key
    ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
  fi
  if [ ! -f "/etc/ssh/ssh_host_dsa_key" ]; then
    # generate fresh dsa key
    ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa
  fi

  #prepare run dir
  if [ ! -d "/var/run/sshd" ]; then
    mkdir -p /var/run/sshd
  fi

  /usr/sbin/sshd

  env | grep '_\|PATH' | awk '{print "export " $0}' >> /root/.profile
fi

exec "$@"

More details here: https://github.com/jenfi-eng/sshd-docker

Related

Quickly getting the color of some pixels on the screen in Python on Windows 7
Issue with shared WinForms resources across projects in Visual Studio
CMake: The C Compiler is not able to compile a simple test program
selecting contact from autocomplete textview
Can FreeRDP be used as server?
snd-hda-intel and the HP Envy 17
Apple wireless keyboard pairs but won't connect in 15.10
How to use Caps Lock as Enter in 14.04?
Want left and right mouse buttons to both map to select
How to recover data from an encrypted hard drive on a dead laptop?
Rename Music Files with Missing File Extensions
Terminal : open path with middle-click/context menu?