运行任务时出现 AWS ECS 错误：在您的集群中未找到任何容器实例

Question

Im trying to deploy a docker container image to AWS using ECS , but the EC2 instance is not being created. I have scoured the internet looking for an explanation as to why I'm receiving the following error:

"A client error (InvalidParameterException) occurred when calling the RunTask operation: No Container Instances were found in your cluster."

Here are my steps:

1. Pushed a docker image FROM Ubuntu to my Amazon ECS repo.

2. Registered an ECS Task Definition:

aws ecs register-task-definition --cli-input-json file://path/to/my-task.json 

3. Ran the task:

aws ecs run-task --task-definition my-task

Yet, it fails.

Here is my task:

{
  "family": "my-task",
  "containerDefinitions": [
    {
        "environment": [],
        "name": "my-container",
        "image": "my-namespace/my-image",
        "cpu": 10,
        "memory": 500,
        "portMappings": [
            {
                "containerPort": 8080,
                "hostPort": 80
            }
        ],
        "entryPoint": [
            "java",
            "-jar",
            "my-jar.jar"
        ],
        "essential": true
    }
  ]
}

I have also tried using the management console to configure a cluster and services, yet I get the same error. How do I configure the cluster to have ec2 instances, and what kind of container instances do I need to use? I thought this whole process was to create the EC2 instances to begin with!!

Answer 1

I figured this out after a few more hours of investigating. Amazon, if you are listening, you should state this somewhere in your management console when creating a cluster or adding instances to the cluster:

"Before you can add ECS instances to a cluster you must first go to the EC2 Management Console and create ecs-optimized instances with an IAM role that has the AmazonEC2ContainerServiceforEC2Role policy attached"

Here is the rigmarole:

1. Go to your EC2 Dashboard , and click the Launch Instance button.

2. Under Community AMIs , Search for ecs-optimized , and select the one that best fits your project needs. Any will work. Click next.

3. When you get to Configure Instance Details, click on the create new IAM role link and create a new role called ecsInstanceRole .

4. Attach the AmazonEC2ContainerServiceforEC2Role policy to that role.

5. Then, finish configuring your ECS Instance.
NOTE: If you are creating a web server you will want to create a securityGroup to allow access to port 80.

After a few minutes, when the instance is initialized and running you can refresh the ECS Instances tab you are trying to add instances too.

Answer 2

Currently, the Amazon AWS web interface can automatically create instances with the correct AMI and the correct name so it'll register to the correct cluster.

Even though all instances were created by Amazon with the correct settings, my instances wouldn't register. On the Amazon AWS forums I found a clue. It turns out that your clusters need internet access and if your private VPC does not have an internet gateway, the clusters won't be able to connect.

The fix

In the VPC dashboard you should create a new Internet Gateway and connect it to the VPC used by the cluster. Once attached you must update (or create) the route table for the VPC and add as last line

0.0.0.0/0 igw-24b16740  

Where igw-24b16740 is the name of your freshly created internet gateway.

Answer 3

I ran into this issue when using Fargate. I fixed it when I explicitly defined launchType="FARGATE" when calling run_task .

Answer 4

Other suggested checks

1. Selecting the suggested AMI which was specified for the given region solved my problem.

   To find out the AMI - check Launching an Amazon ECS Container Instance .

2. By default all the ec2 instances are added to default cluster . So the name of the cluster also matters.

See point 10 at Launching an Amazon ECS Container Instance .

More information available in this thread .

Answer 5

Just in case someone else is blocked with this problem as I was... I've tried everything here and didn't work for me.

Besides what was said here regards the EC2 Instance Role, as commented here , in my case only worked if I still configured the EC2 Instance with simple information. Using the User Data an initial script like this:

#!/bin/bash
cat <<'EOF' >> /etc/ecs/ecs.config
ECS_CLUSTER=quarkus-ec2
EOF

Informing the related ECS Cluster Name created at this ecs config file, resolved my problem. Without this config, the ECS Agent Log at the EC2 Instance was showing an error that was not possible to connect to the ECS, doing this I've got the EC2 Instance visible to the ECS Cluster.

After doing this, I could get the EC2 Instance available for my EC2 Cluster:

The AWS documentation said that this part is optional, but in my case, it didn't work without this "optional" configuration.

Answer 6

When this happens, you need to look to the following:

1. Your EC2 instances should have a role with AmazonEC2ContainerServiceforEC2Role managed policy attached to it
2. Your EC2 Instances should be running AMI image which is ecs-optimized (you can check this in EC2 dashboard)
3. Your VPC's private subnets don't have public IPs assigned, OR you do not have an interface VPC endpoint configured, OR you don't have NAT gateway set up

Most of the time, this issue appears because of the misconfigured VPC. According to the Documentation :

QUOTE: If you do not have an interface VPC endpoint configured and your container instances do not have public IP addresses, then they must use network address translation (NAT) to provide this access.

• To create a VPC endpoint: Follow to the documentation here
• To create a NAT gateway: Follow to the documentation here

These are the reasons why you don't see the EC2 instances listed in the ECS dashboard.

Answer 7

If you have come across this issue after creating the cluster

Go the ECS instance in the EC2 instances list and check the IAM role that you have assigned to the instance. You can identify the instances easily with the instance name starts with ECS Instance

After that click on the IAM role and it will direct you to the IAM console. Select the AmazonEC2ContainerServiceforEC2Role policy from the permission policy list and save the role.

Your instances will be available in the cluster shortly after you save it.

Answer 8

The real issue is lack of permission. As long as you create and assign a IAM Role with AmazonEC2ContainerServiceforEC2Role permission, the problem goes away.

Answer 9

我遇到的另一个可能的原因是将我的 ECS 集群 AMI 更新为“Amazon Linux 2”AMI 而不是“Amazon Linux AMI”，这导致我的 EC2 user_data 启动脚本无法运行。

Answer 10

I realize this is an older thread, but I stumbled on it after seeing the error the OP mentioned while following this tutorial .

Changing to an ecs-optimized AMI image did not help. My VPC already had a route 0.0.0.0/0 pointing to the subnet. My instances were added to the correct cluster, and they had the proper permissions.

Thanks to @sanath_p's link to this thread , I found a solution and took these steps:

1. Copied my Autoscaling Group's configuration
2. Set IP address type under the Advanced settings to "Assign a public IP address to every instance"
3. Updated my Autoscaling Group to use this new configuration.
4. Refreshed my instances under the Instance refresh tab.

Answer 11

for other than ecs-optimized instance image. Please do below step

• Install ECS Agent ECS Agent download link

ECS_CLUSTER=REPLACE_YOUR_CLUSTER_NAME

• add above content to /etc/ecs/ecs.config