Bring your towel and join one of the fastest growing data communities. Welcome to our second-generation open source orchestration platform, a completely rethought approach to dataflow automation.

Prefect Community

Hi! Currently I am using AWS Fargate for the ECSRun, one of my tasks needs to insert data on a RDS Instance, the ECSAgent has the correct security group to be able to access the database. But when I check the tasks when are running in the cluster, they create a ENI in the default vpc which is different from the one I am using, does anyone knows how to solve this issue ?

Hello! Do you have a custom task definition that you pass into ECSRun? If so, is your container name "flow" inside of that task definition? <https://docs.prefect.io/api/latest/run_configs.html#ecsrun>

I am currently using this configuration for my ECSRun

```RUN_CONFIG = ECSRun(
    labels=["prod"],
    task_role_arn=f"arn:aws:iam::{AWS_IAM_ID}:role/prefectTaskRole",
    execution_role_arn=f"arn:aws:iam::{AWS_IAM_ID}:role/prefectECSAgentTaskExecutionRole",
    run_task_kwargs=dict(cluster="prefectEcsCluster", launchType="FARGATE",),
    env={
        "PREFECT__CONTEXT__SECRETS__ENV_1": ENV_1,
    },
    image=f"{AWS_IAM_ID}.<http://dkr.ecr.us-east-1.amazonaws.com/{IMAGE_NAME}:latest|dkr.ecr.us-east-1.amazonaws.com/{IMAGE_NAME}:latest>"
)```

I have one task in my flow that save data to into an rds instance and I getting the following error

sqlalchemy.exc.OperationalError: (psycopg2.OperationalError) could not connect to server: Connection timed out. Is the server running on host "url-to-database"	TCP/IP connections on port 5432?

and when the task is created in ECS Fargate I do not know why the ENI is created in the default vpc which is not the one that the ECSAgent is using

Are you able to provide your ECSAgent configuration as well?

```aws ecs create-service \
    --service-name $ECS_SERVICE_NAME\
    --task-definition $ECS_SERVICE_NAME:1 \
    --desired-count 1 \
    --launch-type FARGATE \
    --platform-version LATEST \
    --cluster $ECS_CLUSTER_NAME \
    --network-configuration awsvpcConfiguration="{subnets=[$SUBNET1, $SUBNET2],assignPublicIp=ENABLED,securityGroups=[$SG-ID]}" --region $AWS_REGION```

This is how I am creating the ecs cluster

Are you able to try adding the ECS network configuration to your run task kwargs in ECSRun
```networkConfiguration={
        'awsvpcConfiguration': {
            'subnets': [
                'string',
            ],
            'securityGroups': [
                'string',
            ],
            'assignPublicIp': 'ENABLED'|'DISABLED'
        }
    }```

This solution worked, now my containers are running out of memory is it best to include in run task kwargs the memory or in the memory parameter of the ECSRun ?

I would try to include it in the ECSRun memory parameter first, but something to note is that ECS imposes strict values on what can be passed in: <https://docs.prefect.io/api/latest/run_configs.html#ecsrun>
<https://docs.aws.amazon.com/AmazonECS/latest/userguide/task-cpu-memory-error.html>

I added the value in the run task kwargs and it worked perfectly, the flow has just finished successfully, thank you so much for your help! Probably I will make a post or repository with my experience so it can be helpful for others in the community. Thanks!

Amazing!! Glad we could help :simple_smile: