search

NASA-PDS / registry-sweepers

Scripts that run regularly on the registry database, to clean and consolidate information
Apache License 2.0
0 stars 1 forks source link

Deploy Registry-Sweeper in MCP Prod #135

Closed sjoshi-jpl closed 1 month ago

sjoshi-jpl commented 2 months ago

💡 Description

Deploy Registry-Sweeper ECS Task and Task Definition in MCP Prod

⚔️ Parent Epic / Related Tickets

No response

alexdunnjpl commented 1 month ago

Branch fargate-support has been side-loaded to ECR under the assumption that the following - which could not be corroborated - was correct:

AWS automatically injects temporary security credentials into the environment of the container running inside the Fargate task. These credentials are accessible through standard environment variables:

AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
AWS_SESSION_TOKEN

If you are using an AWS SDK (e.g., boto3 for Python, AWS SDK for Java, etc.), the SDK will automatically use the credentials injected into the container.

Unfortunately, this does not appear to be correct, so it remains unclear how to manually (without boto3) get credentials for the task role from within Fargate (as opposed to EC2).

@sjoshi-jpl is EC2-based ECS a possibility here, as a stopgap or backup?

tloubrieu-jpl commented 1 month ago

Environment is different in ECS than EC2, this needs to be managed.

alexdunnjpl commented 1 month ago

Supported by #145

nutjob4life commented 1 month ago

Image updated to ECR, @sjoshi-jpl reports the task runs cleanly

jordanpadams commented 1 month ago

Done! 🎉

All working and tested