Hello I am currently using an ECS service to run a prefect a Prefect Community #ask-community

Hello! I am currently using an ECS service to run ...

Frank Oplinger

12/15/2021, 8:56 PM

Hello! I am currently using an ECS service to run a prefect agent. When defining the service, I set a security group shared with an RDS instance. However, my flows launched from that agent are unable to connect to the RDS. Is there a way to define a security group for the task that the agent executes?

Kevin Kho

12/15/2021, 8:57 PM

I think it would so in the task definition that goes along with your flow. I don’t have this specific example, but I do have an example of using a yaml if that helps here

Frank Oplinger

12/15/2021, 9:00 PM

Thanks! Do you know if its possible to set a security group in a task definition? I’ve been looking around AWS docs and haven’t seen that as an option. I’ve only seen setting the security group in the service set up. I’ve also seen the option to set a security group when you select ‘Run Task’ from ECS.

Kevin Kho

12/15/2021, 9:02 PM

I think it’s under

networkConfiguration

but will double check in a bit

Frank Oplinger

12/15/2021, 9:25 PM

Thank you! I did specify the network configuration when I created the service: https://docs.prefect.io/orchestration/agents/ecs.html#running-ecs-agent-in-production But after looking again still haven’t had any luck finding how to pass the security group to the task run itself.

Frank Oplinger

12/15/2021, 9:32 PM

Looking into this more, do you think I would be able to pass the network configuration into the run_task_kwargs in the ECSRun? The aws docs linked in that section are related to the run_task method which is basically exactly what I’m after

Frank Oplinger

12/15/2021, 9:32 PM

These are the docs I’m referring to: https://docs.prefect.io/api/latest/run_configs.html#ecsrun

Kevin Kho

12/15/2021, 9:34 PM

Just got out of a call, yes you can do it through