Posted On: Apr 7, 2022

Amazon Elastic Container Service (Amazon ECS) Exec adds support for executing commands in a Windows container running on AWS Fargate. ECS Exec gives you interactive shell or single command access to a running container making it easier to debug issues, diagnose errors, collect one-off dumps and statistics, and interact with processes in the container.

With ECS Exec, you directly interact with the running container without interacting with the host instance, thereby improving the security posture of your Windows container instances. You can enable this feature at a granular level, such as an ECS task or service, to help you maintain tighter security. By using AWS Identity and Access Management (IAM) policies, you can create fine-grained policies to control who can run commands against which clusters, tasks, or containers. Once access is provided, you can audit which user accessed the container using AWS CloudTrail and log each command with output to Amazon Simple Storage Service (Amazon S3) or Amazon CloudWatch Logs. This allows ECS Windows users to safely troubleshoot bugs or system issues encountered during development and gives them a debugging tool for break-glass procedures in production for their containerized applications.

Amazon ECS Exec for AWS Fargate is now available at no additional cost in all public AWS Regions where Windows support is available. This feature is supported on Fargate Windows Platform Version 1.0.0 or later. Visit our documentation page or read more in the blog post about executing commands in a running Windows container using ECS Exec from API, AWS Command Line Interface (CLI) , AWS SDKs, or the AWS Copilot CLI.