-
-
Save tlopo/2f10a75fbcc80f5e1589719ee64b5554 to your computer and use it in GitHub Desktop.
Connect Fargate instance to SSM Session Manager
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| INSTANCE_NAME=acme-development | |
| AWS_REGION="$(aws configure get region)" | |
| ################################################################################ | |
| # The section below first retrieves every offline instance ID that has the tag | |
| # "Type" defined with the value "fargate". It then iterates through these | |
| # instance IDs and deregisters them. | |
| ################################################################################ | |
| read -a OFFLINE_INSTANCE_IDS <<< $(aws ssm describe-instance-information --cli-input-json '{"Filters":[{"Key":"tag:Type","Values":["fargate"]}]}' --query "InstanceInformationList[?PingStatus!='Online'].InstanceId" --output text) | |
| for INSTANCE_ID in ${OFFLINE_INSTANCE_IDS[@]} | |
| do | |
| aws ssm deregister-managed-instance --instance-id "${INSTANCE_ID}" | |
| done | |
| ################################################################################ | |
| # The section below obtains an activation code and ID from SSM, and then uses it | |
| # to register the current agent. _This should only be done on the basis of | |
| # tightly controlled roles granted to ECS._ Note that it is registered with two | |
| # tags: | |
| # | |
| # Name: While the name is set via --default-instance-name, the name will | |
| # only show up when queries are performed in the CLI. The "Name" | |
| # tag is required for the name to be visible in the AWS console. | |
| # Type: This acts a flag, so that only offline Fargate instances get | |
| # cleaned up. | |
| # | |
| # The SSM agent is then started. | |
| ################################################################################ | |
| read -r ACTIVATION_CODE ACTIVATION_ID <<< $(aws ssm create-activation --default-instance-name "${INSTANCE_NAME}" --iam-role "SSMServiceRole" --registration-limit 1 --tags "Key=Name,Value=${INSTANCE_NAME}" "Key=Type,Value=fargate" --query "join(' ', [ActivationCode, ActivationId])" --output text) | |
| amazon-ssm-agent -register -code "${ACTIVATION_CODE}" -id "${ACTIVATION_ID}" -region "${AWS_REGION}" -clear -y | |
| amazon-ssm-agent | |
| # Manage the logs by redirecting output to CloudWatch log groups... |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM debian:10-slim | |
| RUN apt-get update -y && \ | |
| apt-get install -y awscli curl gnupg && \ | |
| apt-key adv --fetch-keys "https://nginx.org/keys/nginx_signing.key" && \ | |
| echo "deb http://nginx.org/packages/debian buster nginx" > /etc/apt/sources.list.d/nginx.list | |
| RUN curl --silent --show-error --location --output /tmp/amazon-ssm-agent.deb "https://s3.us-east-1.amazonaws.com/amazon-ssm-us-east-1/latest/debian_amd64/amazon-ssm-agent.deb" && \ | |
| dpkg -i /tmp/amazon-ssm-agent.deb | |
| COPY docker-entrypoint.sh / | |
| EXPOSE 80 | |
| ENTRYPOINT [ "/docker-entrypoint.sh" ] | |
| CMD [ "nginx" ] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment