[ECS] [request]: AWS ECS Execute-command return status fix

[trent-abc]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Tell us about your request What do you want us to build?

ECS Exec does not seem to pass through the exit code of command back to AWS CLI. It's not expected behaviour for most users that because SSM connected successfully then the exit code should be 0. Please add a flag like --exit-with-command-status or something similar to bubble up the error, or when the command run via ecs exec fails, exit with that status code by default.

Please refer to https://github.com/aws/amazon-ecs-agent/issues/2846 for more details.

Which service(s) is this request for? This could be Fargate, ECS, EKS, ECR

Fargate/ECS

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard? What outcome are you trying to achieve, ultimately, and why is it hard/impossible to do right now? What is the impact of not having this problem solved? The more details you can provide, the better we'll be able to understand and solve the problem.

Scripts that run the "aws ecs execute-command" as a simple component are expecting the return value to match, for example the following scenario, which could just be one line in a long script:

> aws ecs execute-command --region us-east-1 --cluster fargate-esc-cluster --task <task_arn> --container ubuntu --command "ls /tmp/folderthatdoesntexist" --interactive

The Session Manager plugin was installed successfully. Use the AWS CLI to start a session.

Starting session with SessionId: ecs-execute-command-123
ls: cannot access '/tmp/folderthatdoesntexist': No such file or directory

Exiting session with sessionId: ecs-execute-command-123.

> echo $?
0

Are you currently working around this issue? How are you currently solving this problem?

Currently we have to add some logging to our python script in ECS that prints "OUTPUT SUCCESS" then we grep for that in the response of the aws ecs execute-command command, which is needless to say, a hack, and doesn't work with other things like the ls example above.

Additional context Anything else we should know?

Attachments If you think you might have additional information that you'd like to include via an attachment, please do - we'll take a look. (Remember to remove any personally-identifiable information.)

[blimmer]

From the existing thread, it seems like exec-command is intended to be for interactive debugging only. However, this isn't obvious since you have to pass the --interactive flag as a required parameter (and --non-interactive returns a message that it's not implemented).

As they mentioned in that thread, the SSM run-command could be used, but the ergonomics of using raw SSM with ECS Fargate leaves a lot to be desired.

So if non-interactive exec-command is out of the picture, then maybe the request is a different command that makes it simpler to run a single one off task, reporting back the exit code.

[BeyondEvil]

We need this. What's the hold-up on implementing --non-interactive? The documentation mentions it even.