amazon-ssm-agent icon indicating copy to clipboard operation
amazon-ssm-agent copied to clipboard
verified publisher icon aws

aws ssm start-session fails with TargetNotConnected on ECS on Fargate

Open ganeshgk opened this issue 2 years ago • 3 comments

I have ECS running with Fargate launchtype: the containers are running successfully, however to troubleshoot/debug an issue I tried the AWS ECS Exec, however while trying with the https://github.com/aws-containers/amazon-ecs-exec-checker all checks are passed, it only shows in red

 Managed Agent Status
    ----------
         1. STOPPED (Reason: null) for "containernameredacted" - LastStartedAt: null

Since there are many reports of ECS Exec not working & based on this comment https://github.com/aws/amazon-ssm-agent/issues/361#issuecomment-1007335151 I tried using the

aws ssm start-session --target ecs:.... but it throws TargetNotConnected error,


aws ssm start-session --target ecs:clusternameredacted_e7e36d0d4e744104bd4d225c44daddfe_e7e36d0d4e744104bd4d225c44daddfe-3839356491

An error occurred (TargetNotConnected) when calling the StartSession operation: ecs:clusternameredacted_e7e36d0d4e744104bd4d225c44daddfe_e7e36d0d4e744104bd4d225c44daddfe-3839356491 is not connected

so my questions is

  • is it not possible to connect to containers running on ECS with fargate launchtype
  • Is any config missing for the aws ssm start-session for ECS Fargate? If somebody has already faced this targetnotconnected for ssm start-session please do guide on the solution?

ganeshgk avatar Oct 11 '23 06:10 ganeshgk

I struggled with a similar problem for hours, and running the ECS task with --enable-execute-command fixed the problem for me. ECS services can also be configured to spawn their tasks with that flag on.

This is really weird since nothing on https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-troubleshooting.html mentioned this flag, and SSM and ECS Exec not exactly the same thing AFAICS.

Anyway, I hope this helps.

bcmedeiros avatar Oct 19 '23 18:10 bcmedeiros

Thanks for reaching out. Did above answer solve the issue you had? If not, can you please provide the below information for further investigation?

  1. The agent and SSMCLI version: https://docs.aws.amazon.com/systems-manager/latest/userguide/plugin-version-history.html https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent-get-version.html
  2. The agent log: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-agent-logs.html

ziwangj avatar Oct 26 '23 23:10 ziwangj