terraform-aws-ecs-service icon indicating copy to clipboard operation
terraform-aws-ecs-service copied to clipboard

Published 20 hours ago verified publisher icon techservicesillinois

Containers can't retrieve parameters from SSM when public IP is set to false

Open kwessel opened this issue 5 years ago • 2 comments

When I set assign_public_ip to false, my contask tries to start, but fails. In the console under the task instance (stopped tasks tab), I see:

STOPPED(ResourceInitializationError: unable to pull secrets or registry auth: execution resource retrieval failed: unable to retrieve secrets from ssm: service call has been retried 1 time(s): RequestError: send request failed caused by: Post https://ssm.us-ea...)

More available from Cloudwatch if I only knew how to find it... but since switching back to a public IP resolves the issue, it's surely a communication issue because of our route to the SSM API.

kwessel avatar Sep 03 '20 20:09 kwessel

@kwessel Which tier are you using? If you use public then assign_public_ip needs to be true, if you use private you can not make outbound Internet connections, if you use nat then you can make outbound connections while assign_public_ip is set to false.

ddriddle avatar Sep 03 '20 22:09 ddriddle

I suspected that might be the case, David. The question is should I use NAT rather than a public IP? Both seem to have associated costs, actual or otherwise.

Keith

From: David D. Riddle [email protected] Sent: Thursday, September 3, 2020 5:01 PM To: techservicesillinois/terraform-aws-ecs-service [email protected] Cc: Wessel, Keith [email protected]; Mention [email protected] Subject: Re: [techservicesillinois/terraform-aws-ecs-service] Containers can't retrieve parameters from SSM when public IP is set to false (#43)

@kwesselhttps://github.com/kwessel Which tier are you using? If you use public then assign_public_ip needs to be true, if you use private you can not make outbound Internet connections, if you use nat then you can make outbound connections while assign_public_ip is set to false.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/techservicesillinois/terraform-aws-ecs-service/issues/43#issuecomment-686785951, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AATJOTEYR2Z2JAQFYT4ITGDSEAGZLANCNFSM4QV5DGDA.

kwessel avatar Sep 03 '20 22:09 kwessel

I don't think there's a use case that merits attention to this ancient issue.

JonRoma avatar Feb 24 '23 17:02 JonRoma