cat << EOF > ecs_task_execution_role_policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ssmmessages:CreateControlChannel",
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenControlChannel",
"ssmmessages:OpenDataChannel"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ecr:*",
"cloudtrail:LookupEvents"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "*"
}
]
}
EOF
Shell
복사
aws iam create-policy --policy-name EcsTaskExecutionRolePolicy --policy-document file://ecs_task_execution_role_policy.json
Shell
복사
aws iam attach-role-policy --role-name EcsTaskExecutionRole --policy-arn arn:aws:iam::362708816803:policy/EcsTaskExecutionRolePolicy
Shell
복사
aws ecs update-service --cluster ws-cluster --service gateway-svc --enable-execute-command
Shell
복사
TASKDEF_ARN=$(aws ecs list-tasks --cluster ws-cluster --desired-status RUNNING --family gateway-td --region ap-northeast-2 --query "taskArns[0]" --output text)
Shell
복사
aws ecs execute-command \
--region ap-northeast-2 \
--cluster ws-cluster \
--task $TASKDEF_ARN \
--container gateway \
--command "/bin/sh" \
--interactive
Shell
복사
aws ecs update-service --cluster ws-cluster --service product-svc --force-new-deployment
Shell
복사
aws ecs update-service --cluster ws-cluster --service gateway-svc --force-new-deployment
Shell
복사