Reputation:
Add or remove security groups to AWS Fargate ENI for running ECS Task
I deployed an ECS Task to a cluster, using the AWS Fargate launch type. It's currently in the RUNNING state, and everything looks healthy from the CloudWatch Log stream as well.
Now that it's running, I need to add a second security group to the Task, so that a separate ECS Task can access the service that's exposed by the first task.
When I navigate to the first Task's details, I can see a link to an Elastic Network Interface (ENI). When I click on that, it takes me over to the ENI section of the AWS Management Console. When I choose Actions --> Change Security Groups, add a security group, and click the Save button, I get the following error message.
Failed to change security groups for network interface .
You do not have permission to access the specified resource.
Question ❓
Is it possible to modify the associated security groups with an AWS Fargate Task's ENI?
Upvotes: 5
Views: 3254
Answers (1)
Reputation: 1641
!! Fargate mode !!
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking-awsvpc.html
The task ENI is fully managed by Amazon ECS. Amazon ECS creates the ENI and attaches it to the host Amazon EC2 instance with the specified security group.
These ENIs are visible in the Amazon EC2 console for your account, but they cannot be detached manually or modified by your account.
Upvotes: 1
Related Questions
- Step function unable to trigger ECS task on fargate cluster, permission issue
- Add a specific IAM role to the ECS task definition
- ECS Fargate task not applying role
- Security group configuration for fargate task accesing ec2 not working
- AWS ECS Fargate not creating task AmazonECSTaskExecutionRole error
- Attach Security group to EKS on Fargate profile
- Fargate service not respecting security groups
- How to give a Fargate Task the right permissions to upload to S3
- Allow ECS Tasks to access RDS
- Add target group to ECS Fargate task using boto3