Channels
pacc-may-31-2023
prefect-ai
pacc-clearcover-june-12-2023
marvin-in-the-wild
data-ecosystem
geo-israel
geo-japan
prefect-cloud
ppcc-may-16-2023
prefect-azure
prefect-docker
prefect-recipes
gratitude
geo-nyc
geo-bay-area
geo-boston
geo-london
geo-dc
geo-chicago
geo-berlin
geo-texas
geo-seattle
geo-colorado
prefect-community
data-tricks-and-tips
prefect-aws
prefect-gcp
introductions
find-a-prefect-job
prefect-dbt
random
events
ask-marvin
show-us-what-you-got
prefect-getting-started
prefect-integrations
prefect-contributors
best-practices-coordination-plane
announcements
prefect-server
prefect-ui
prefect-kubernetes
Title
e
Ethan Veres
03/06/2023, 10:24 PMDid some digging. Does prefect override my selected VPC subnets when running the task?
https://github.com/PrefectHQ/prefect-aws/blob/main/prefect_aws/ecs.py#L924
Cc @Zanie is that correct?
Would that cause issues with private subnets?
https://github.com/PrefectHQ/prefect-aws/blob/main/prefect_aws/ecs.py#L1406
z
Zanie
03/06/2023, 10:45 PMAre you looking for https://github.com/PrefectHQ/prefect-aws/blob/main/prefect_aws/ecs.py#L62-L74
:gratitude-thank-you: 1
e
Ethan Veres
03/06/2023, 10:55 PMI have a custom task definition arn being used. Do I still need to define those?
z
Zanie
03/06/2023, 11:03 PMI think most of the network config needs to happen at runtime not task definition time?
ie the network configuration field in https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ecs/client/run_task.html#run-task
e
Ethan Veres
03/06/2023, 11:13 PMYou are correct. But that’s already defined in the running service, no?
I was under the impression that if I set a static task definition arn it won’t run another task? Which does seem to happen. But for some reason when I run a flow, it can’t read secrets. The agent does start up correctly and is able to read tasks.
Or am I thinking about this all wrong?
z
Zanie
03/06/2023, 11:21 PMLike the agent is running in a task too?
I’m not really sure what you’re asking
e
Ethan Veres
03/06/2023, 11:22 PMSame 😂
z
Zanie
03/06/2023, 11:22 PMNetworking is the worst 😄
e
Ethan Veres
03/06/2023, 11:24 PMI used this for my starter https://github.com/PrefectHQ/prefect-recipes/tree/main/devops/infrastructure-as-code/aws/tf-prefect2-ecs-agent
And added datadog as the logging mechanism (with the api key as a secret). When I run the agent it works fine saying that it’s waiting for flow runs. But when a flow actually runs it can’t access the secret
z
Zanie
03/06/2023, 11:27 PMPerhaps @Emil Christensen knows what’s up
🙌 1
e
Emil Christensen
03/07/2023, 2:28 PMHey @Ethan Veres 👋 The recipe specifically allows the agent’s execution role to access only the API key secret. You may need to attach a permission to allow reading your new secret to the role that your task uses.
e
Ethan Veres
03/08/2023, 4:53 PMThank you @Zanie @Emil Christensen! What I failed to realize is that the ECS agent spawns additional ECS tasks, with configuration from the block!
🙌 1
✅ 2
j
James Gatter
03/21/2023, 8:07 PMAre you looking for https://github.com/PrefectHQ/prefect-aws/blob/main/prefect_aws/ecs.py#L62-L74Thank you!! I just changed the VPC to our company's main VPC after following dataflowops template and specifying the subnet here allowed my container to access ECR again! Solved:
prefect_aws.ecs.TaskFailedToStart: ResourceInitializationError: unable to pull secrets or registry auth: execution resource retrieval failed: unable to retrieve ecr registry auth: service call has been retried 3 time(s): RequestError: send request failed caused by: Post "<https://api.ecr>.<region>.<http://amazonaws.com/|amazonaws.com/>"