amazon-ecs-exec-checker
amazon-ecs-exec-checker copied to clipboard
🚀 Pre-flight checks for ECS Exec
Fixing required permissions
Check if AWS_EXECUTION_ENV and AWS_CONTAINER_CREDENTIALS_RELATIVE_URI exist, as they also may prevent SSM from working correctly. Additionally to the environment variables, we check the embed secrets for AWS_ACCESS_KEY, AWS_ACCESS_KEY_ID, AWS_EXECUTION_ENV, AWS_CONTAINER_CREDENTIALS_RELATIVE_URI,...
I recently ran into a case where I had all green checks using this script, but still could not docker exec into my container because the EC2 instance it was...
I have Deny for all permissions if its not a STS session with MFA, except getSessionToken, listMFADevices, setMFADevice and few more. `{ "Sid": "DenyAllExceptListedIfNoMFA", "Effect": "Deny", "NotAction": [ "iam:CreateVirtualMFADevice", "iam:EnableMFADevice",...
The script check-ecs-exec.sh currently encounters a subnet ID parsing error when used with ECS tasks that have EBS volumes attached. The error arises because the script incorrectly assumes that the...
VPC Endpoints shown as "CHECK FAILED" in a RAM-shared VPC/subnets context.. but actually unnecessary
I'm facing the following result: ``` VPC Endpoints | CHECK FAILED Amazon ECS Exec Checker doesn't support VPC endpoint validation for AWS RAM shared VPC/subnets. ``` I don't have VPC...
Read-Only Root Filesystem check should check mounted folders and advise to mount appropriate folders
Read-Only Root Filesystem is not a definite obstacle to ECS Exec (event if that's not covered in the officiel Documentation). Creating bind mounts for the following folders will actually enable...
IAM evaluation relies on ` aws iam simulate-principal-policy` but I have noticed that this can give surprising/false results. For instance I'm using a role with AdministratorAccess managed policy attached to...