반응형
1. 준비 단계
- 로컬에 AWS의 Session Manager 플러그인 설치
AWS CLI의 Session Manager 플러그인 설치 - AWS Systems Manager
이 페이지에 작업이 필요하다는 점을 알려 주셔서 감사합니다. 실망시켜 드려 죄송합니다. 잠깐 시간을 내어 설명서를 향상시킬 수 있는 방법에 대해 말씀해 주십시오.
docs.aws.amazon.com
[root@ip-172-20-0-181 ec2-user]# sudo yum install -y https://s3.amazonaws.com/session-manager-downloads/plugin/latest/linux_64bit/session-manager-plugin.rpm
- 설치 확인
[root@ip-172-20-0-181 ec2-user]# session-manager-plugin
The Session Manager plugin was installed successfully. Use the AWS CLI to start a session.2. ECS 설정
aws ecs update-service --cluster <cluster-name> --service <service-name> --enable-execute-command --profile <profile-name>
[root@ip-172-20-0-181 .aws]# aws ecs update-service --cluster ecs-test --service ecs-test-svc --enable-execute-command --profile ecr-user- 위 명령어를 사용하여 "enableExecuteCommand" : true 부분이 true로 되어있는 지 확인 필요
3. ECS 접속
[root@ip-172-20-0-181 ~]# aws ecs execute-command --profile ecr-user --cluster ecs-test --task arn:aws:ecs:ap-northeast-2:859234351948:task/ecs-test/ccd1e9c68a064d288d32c2f3b7412a10 --container ecs-test --command "/bin/sh" --interactive
The Session Manager plugin was installed successfully. Use the AWS CLI to start a session.
Starting session with SessionId: ecs-execute-command-048cb4ea62cf87ca84. ERROR 모음
1) An error occurred (TargetNotConnectedException) when calling the ExecuteCommand operation: The execute command failed due to an internal error. Try again later.
[root@ip-172-20-0-181 ~]# aws ecs execute-command --profile ecr-user --cluster ecs-test --task arn:aws:ecs:ap-northeast-2:859234351948:task/ecs-test/70948fbf3e244606b46819138172189e --container ecs-test --command "/bin/sh" --interactive
The Session Manager plugin was installed successfully. Use the AWS CLI to start a session.
An error occurred (TargetNotConnectedException) when calling the ExecuteCommand operation: The execute command failed due to an internal error. Try again later.- IAM ▶ 정책 ▶ 정책 생성 ▶ JSON ▶ 아래 정책 복사하여 생성
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ssmmessages:CreateControlChannel",
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenControlChannel",
"ssmmessages:OpenDataChannel"
],
"Resource": "*"
}
]
}- IAM ▶ 역할 ▶ 원하는 태스크 정의에 들어가 있는 태스크 실행 역할 클릭 ▶ 방금 생성한 정책 추가 ▶ 태스크 삭제 후 재배포 ▶ 다시 접속 테스트
- 태스크 실행 역할 확인 방법 : ECS ▶ 태스크 정의 ▶ 원하는 태스크 정의 선택 ▶ 원하는 태스크 정의 : 개정 선택 ▶ 태스크 실행 역할 확인
2) An error occurred (AccessDeniedException) when calling the UpdateService operation: User: arn:aws:iam::859234351948:user/hlpark-ecr-user is not authorized to perform: ecs:UpdateService on resource: arn:aws:ecs:ap-northeast-2:859234351948:service/hlpark-ecs-test/hlpark-ecs-test-svc because no identity-based policy allows the ecs:UpdateService action
[root@ip-172-20-0-181 .aws]# aws ecs update-service --cluster hlpark-ecs-test --service hlpark-ecs-test-svc --enable-execute-command --profile hlpark-ecr-user
An error occurred (AccessDeniedException) when calling the UpdateService operation: User: arn:aws:iam::859234351948:user/hlpark-ecr-user is not authorized to perform: ecs:UpdateService on resource: arn:aws:ecs:ap-northeast-2:859234351948:service/hlpark-ecs-test/hlpark-ecs-test-svc because no identity-based policy allows the ecs:UpdateService action- IAM 권한 추가 필요
반응형
'Cloud > AWS' 카테고리의 다른 글
| EventBridge를 활용하여 Cloudwatch Alarm 임계치 변경 (0) | 2025.04.22 |
|---|---|
| TGW VS DX Gateway (0) | 2025.04.16 |
| [AWS] ECS 생성 (0) | 2025.01.23 |
| [AWS] Amazon EventBridge로 EC2 인스턴스 기동, 정지 스케쥴 설정 (0) | 2025.01.17 |
| [AWS] SSL 인증서 적용 (0) | 2025.01.13 |