Did some digging. Does prefect override my selecte...
# prefect-awse
Ethan Veres
03/06/2023, 10:24 PMDid some digging. Does prefect override my selected VPC subnets when running the task?
https://github.com/PrefectHQ/prefect-aws/blob/main/prefect_aws/ecs.py#L924
Ethan Veres
03/06/2023, 10:34 PMCc @Zanie is that correct?
Ethan Veres
03/06/2023, 10:36 PMWould that cause issues with private subnets?
https://github.com/PrefectHQ/prefect-aws/blob/main/prefect_aws/ecs.py#L1406
z
Zanie
03/06/2023, 10:45 PM
Are you looking for https://github.com/PrefectHQ/prefect-aws/blob/main/prefect_aws/ecs.py#L62-L74
gratitude thank you 1
e
Ethan Veres
03/06/2023, 10:55 PMI have a custom task definition arn being used. Do I still need to define those?
z
Zanie
03/06/2023, 11:03 PM
I think most of the network config needs to happen at runtime not task definition time?
Zanie
03/06/2023, 11:04 PM
ie the network configuration field in https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ecs/client/run_task.html#run-task
e
Ethan Veres
03/06/2023, 11:13 PMYou are correct. But that’s already defined in the running service, no?
Ethan Veres
03/06/2023, 11:19 PMI was under the impression that if I set a static task definition arn it won’t run another task? Which does seem to happen. But for some reason when I run a flow, it can’t read secrets. The agent does start up correctly and is able to read tasks.
Or am I thinking about this all wrong?
z
Zanie
03/06/2023, 11:21 PM
Like the agent is running in a task too?
Zanie
03/06/2023, 11:22 PM
I’m not really sure what you’re asking
e
Ethan Veres
03/06/2023, 11:22 PMSame 😂
z
Zanie
03/06/2023, 11:22 PM
Networking is the worst 😄
e
Ethan Veres
03/06/2023, 11:24 PMI used this for my starter https://github.com/PrefectHQ/prefect-recipes/tree/main/devops/infrastructure-as-code/aws/tf-prefect2-ecs-agent
And added datadog as the logging mechanism (with the api key as a secret). When I run the agent it works fine saying that it’s waiting for flow runs. But when a flow actually runs it can’t access the secret
z
Zanie
03/06/2023, 11:27 PM
Perhaps @Emil Christensen knows what’s up
🙌 1
e
Emil Christensen
03/07/2023, 2:28 PMHey @Ethan Veres 👋 The recipe specifically allows the agent’s execution role to access only the API key secret. You may need to attach a permission to allow reading your new secret to the role that your task uses.
e
Ethan Veres
03/08/2023, 4:53 PMThank you @Zanie @Emil Christensen! What I failed to realize is that the ECS agent spawns additional ECS tasks, with configuration from the block!
🙌 1
✅ 2
j
James Gatter
03/21/2023, 8:07 PMAre you looking for https://github.com/PrefectHQ/prefect-aws/blob/main/prefect_aws/ecs.py#L62-L74Thank you!! I just changed the VPC to our company's main VPC after following dataflowops template and specifying the subnet here allowed my container to access ECR again! Solved:
Copy code
prefect_aws.ecs.TaskFailedToStart: ResourceInitializationError: unable to pull secrets or registry auth: execution resource retrieval failed: unable to retrieve ecr registry auth: service call has been retried 3 time(s): RequestError: send request failed caused by: Post "<https://api.ecr>.<region>.<http://amazonaws.com/|amazonaws.com/>"38 Views