Interact with Elastic Container Service, executing one-off sessions into ECS tasks/containers.
hoophq/hoopdev
image called ecs-exec.sh
. This script requires the following permissions to work:
ecs:ListTasks
ecs:DescribeTasks
ecs:ExecuteCommand
Name | Type | Description |
---|---|---|
CLUSTER_NAME | env-var | The name or arn of the ECS Cluster |
SERVICE_NAME | env-var | The name of the service on ECS |
CONTAINER | env-var | The name of the container defaults to the first one. |
AWS_ACCESS_KEY_ID | env-var | The access key credential |
AWS_SECRET_ACCESS_KEY | env-var | The secret key credential |
AWS_DEFAULT_REGION | env-var | The AWS region |
Name | Type | Value | Description |
---|---|---|---|
CLUSTER_NAME | env-var | - | The name or arn of the ECS Cluster |
SERVICE_NAME | env-var | - | The name of the service on ECS |
CONTAINER | env-var | - | The name of the container defaults to the first one. |
ECS_AGENT_URI | env-var | system.agent.envs | The access key credential |
AWS_EXECUTION_ENV | env-var | system.agent.envs | ECS launch type |
AWS_CONTAINER_CREDENTIALS_RELATIVE_URI | env-var | system.agent.envs | full HTTP URL endpoint when making a request for credentials |
ECS_CONTAINER_METADATA_URI_V4 | env-var | system.agent.envs | This path returns metadata for the container. |
AWS_DEFAULT_REGION | env-var | system.agent.envs | The default AWS region |
system.agent.envs
will expose the upstream environment variable from the agent to the connection, allowing the wrapper script to use the IAM task role.
--pipe
option necessitates the availability of the base64
command in the image. This command decodes the input content, preventing leakage of shell content such as single or double quotes. This helps address a limitation of the aws ecs execute-command
.