How To SSH Your ECS Server(Running Fargate)

#aws #ecs #docker

1.Install ACLI V2

2.Install and Run Docker On EC2

3.Use ECR create repository

4.Attach IAM Role To EC2

5.Build and Push Image to Repository

6.Create ECS Task Definition

7.Create Cluster

8.Create Service

9.Use SSH Tool connect your container

1.Install ACLI V2 On Ami-2

In here,I use Amazon Linux 2, t3.micro instance type.

First,We need give the instance right IAM Role

Install ACLI V2,I will put the code

rm -rf /bin/aws
rm -rf /bin/aws*
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
ln -s /usr/local/bin/aws /bin/aws

[root@ip-172-31-43-69 ~]# yum install docker && systemctl start docker

Use ECR create repository

Attach IAM Role To EC2

https://docs.amazonaws.cn/en_us/AmazonECR/latest/userguide/registry-permissions-create.html

Build and Push Image to Repository

1.Write Dockerfile

FROM centos:7

RUN yum install -y openssh-server sudo
RUN sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config 
RUN useradd admin  
RUN echo "admin:123456" | chpasswd
RUN echo "admin   ALL=(ALL)       ALL" >> /etc/sudoers 

RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key

RUN mkdir /var/run/sshd
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]

2.Build Image

[root@ip-172-31-43-69 ~]# docker build -t sshd .

3.Tag and Push Image

aws ecr get-login-password --region region | docker login --username AWS --password-stdin aws_account_id.dkr.ecr.region.amazonaws.com
docker tag sshd:latest aws_account_id.dkr.ecr.region.amazonaws.com/sshd:latest
docker push aws_account_id.dkr.ecr.region.amazonaws.com/sshd:latest

Create Fargate Task Definitions(I put my json code)

Notice:Replace the capital letter identification part

{
  "ipcMode": null,
  "executionRoleArn": "YOUR_EXEC_ROLE_ARN": [
    {
      "dnsSearchDomains": null,
      "environmentFiles": null,
      "logConfiguration": {
        "logDriver": "awslogs",
        "secretOptions": null,
        "options": {
          "awslogs-group": "/ecs/sshd_task",
          "awslogs-region": "YOUR_REGION",
          "awslogs-stream-prefix": "ecs"
        }
      },
      "entryPoint": null,
      "portMappings": [
        {
          "hostPort": 22,
          "protocol": "tcp",
          "containerPort": 22
        }
      ],
      "command": null,
      "linuxParameters": null,
      "cpu": 0,
      "environment": [],
      "resourceRequirements": null,
      "ulimits": null,
      "dnsServers": null,
      "mountPoints": [],
      "workingDirectory": null,
      "secrets": null,
      "dockerSecurityOptions": null,
      "memory": null,
      "memoryReservation": 2048,
      "volumesFrom": [],
      "stopTimeout": null,
      "image": "YOU_CREATE_IMG_URL",
      "startTimeout": null,
      "firelensConfiguration": null,
      "dependsOn": null,
      "disableNetworking": null,
      "interactive": null,
      "healthCheck": null,
      "essential": true,
      "links": null,
      "hostname": null,
      "extraHosts": null,
      "pseudoTerminal": null,
      "user": null,
      "readonlyRootFilesystem": null,
      "dockerLabels": null,
      "systemControls": null,
      "privileged": null,
      "name": "sshd_container"
    }
  ],
  "placementConstraints": [],
  "memory": "2048",
  "taskRoleArn": "USE_YOURSELF_TASK_ROLE",
  "compatibilities": [
    "EC2",
    "FARGATE"
  ],
  "taskDefinitionArn": "USE_YOURSELF_ARN",
  "family": "sshd_task",
  "requiresAttributes": [
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "ecs.capability.execution-role-awslogs"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "com.amazonaws.ecs.capability.ecr-auth"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "com.amazonaws.ecs.capability.docker-remote-api.1.21"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "com.amazonaws.ecs.capability.task-iam-role"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "ecs.capability.execution-role-ecr-pull"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "ecs.capability.task-eni"
    }
  ],
  "pidMode": null,
  "requiresCompatibilities": [
    "FARGATE"
  ],
  "networkMode": "awsvpc",
  "cpu": "1024",
  "revision": 2,
  "status": "ACTIVE",
  "inferenceAccelerators": null,
  "proxyConfiguration": null,
  "volumes": []
}