amazon-ecs-agent icon indicating copy to clipboard operation
amazon-ecs-agent copied to clipboard
verified publisher icon aws

Add VpcId to TMDE Task Responses

Open amogh09 opened this issue 3 years ago • 1 comments

Summary

This change is to enhance the TaskResponse returned by Task Metadata Endpoint to include VPC ID. This change does not apply to ECS Anywhere instances, so no VPC ID would be returned by Task Metadata Endpoint on ECS Anywhere instances.

Implementation details

For agent instances with TaskENIEnabled setting set to true

Agent loads the VPC ID of the container instance by querying EC2 Instance Metadata Service (IMDS). So, for TMDE the VPC ID of the container instance is already available in ecsAgent type.

For agent instances with TaskENIEnabled setting set to false

Currently the agent does not load the VPC ID of the container instance in this case. This PR includes changes to make the agent load VPC ID (and mac and subnets) of the container instance if the container instance is not external. Doing so shouldn't have any side-effects because these values are not used to drive any logic.

Changes under this PR add some piping to forward the VPC ID value from ecsAgent type to Task Metadata Endpoint handlers and change the handlers to include the VPC ID value in all task responses. TaskResponse type definition is updated to include a new VPCID field.

Testing

Deployed changed agent source to a test EC2 instance, ran test tasks with awsvpc, bridge, and host network modes, and verified that VpcId field is populated in task responses for all cases.

Deployed changed agent to a test ECS Anywhere instance, ran a test task with host network mode, and verified that VpcId field is not populated and that a successful Task Response is returned.

Updated MACIS TMDE functional tests for Linux and Windows and ran them against the agent artifacts for this PR for EC2 Linux and Windows, and ECS-A Linux and Windows platforms.

Updated existing Task Metadata Endpoint unit tests to include VpcId.

New tests cover the changes: Updated existing tests

Description for the changelog

VpcId field will be present in task responses from Task Metadata Endpoint for EC2 instances. ECS Anywhere instances are not affected.

Licensing

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

amogh09 avatar Jul 06 '22 23:07 amogh09

Only v4 endpoint's response may be changed. Older versions are considered immutable. Need to limit this change to v4.

amogh09 avatar Aug 15 '22 17:08 amogh09