Skip to content

Enable ECS Exec Command on non-Production Containers#66616

Open
sureshc wants to merge 8 commits into
stagingfrom
infrastructure/enable-ecs-execute-command-test-containers
Open

Enable ECS Exec Command on non-Production Containers#66616
sureshc wants to merge 8 commits into
stagingfrom
infrastructure/enable-ecs-execute-command-test-containers

Conversation

@sureshc

@sureshc sureshc commented Jun 18, 2025
edited
Loading

Copy link
Copy Markdown
Contributor

Change marketing site ECS Task Role to enable AWS Systems Manager on non-production containers to permit engineers to better debug issues with the Next.js web application server.

Testing story

Deployment strategy

  1. Merge this Pull Request to apply the change to all Marketing Sites Stacks
  2. bundle exec rake stack:iam:start RAILS_ENV=production ADMIN=true to update the Marketing Sites Deployer IAM Role

Follow-up work

Privacy

Security

Caching

PR Checklist:

  • Tests provide adequate coverage
  • Privacy and Security impacts have been assessed
  • Code is well-commented
  • New features are translatable or updates will not break translations
  • Relevant documentation has been added or updated
  • User impact is well-understood and desirable
  • Pull Request is labeled appropriately
  • Follow-up work items (including potential tech debt) are tracked and linked

@sureshc sureshc requested review from a team, carl-codeorg and stephenliang June 18, 2025 20:18
carl-codeorg
carl-codeorg approved these changes Jun 18, 2025
View reviewed changes

@carl-codeorg carl-codeorg left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. It would probably also be useful to be able to exec into prod containers. Engineers are already able to SSH into our prod machines. Should we also enable execing into ECS containers from the gateway bastion host?

stephenliang
stephenliang reviewed Jun 23, 2025
View reviewed changes
Comment thread frontend/apps/marketing/cicd/3-app/template.yml.erb
Comment thread frontend/apps/marketing/cicd/3-app/template.yml.erb Outdated
@sureshc sureshc force-pushed the infrastructure/enable-ecs-execute-command-test-containers branch from 9de1f2c to 3c42cb3 Compare June 26, 2025 06:06
@sureshc sureshc marked this pull request as ready for review June 26, 2025 17:26
@sureshc

sureshc commented Jun 26, 2025

Copy link
Copy Markdown
Contributor Author

LGTM. It would probably also be useful to be able to exec into prod containers. Engineers are already able to SSH into our prod machines. Should we also enable execing into ECS containers from the gateway bastion host?

I think our long term goal is to reduce the need for an engineer to execute commands/code on production EC2 Instances / containers.

@sureshc sureshc force-pushed the infrastructure/enable-ecs-execute-command-test-containers branch from b60ac7c to 8fa1b9c Compare June 27, 2025 19:13
@sureshc sureshc changed the title Enable ECS Exec Command on Test Containers Enable ECS Exec Command on non-Production Containers Jun 27, 2025
@sureshc sureshc force-pushed the infrastructure/enable-ecs-execute-command-test-containers branch from 1a1a3ba to aa0dd4a Compare July 1, 2025 01:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stephenliang stephenliang stephenliang approved these changes
@carl-codeorg carl-codeorg carl-codeorg approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sureshc @stephenliang @carl-codeorg