Title
c

Claire Herdeman

05/26/2021, 9:02 PM
Hi there, I'm new to Prefect and checking out options to see if Prefect will work for my company. I'm having trouble starting an ECS Agent within our infrastructure that communicates with PrefectCloud. We are using HIPAA compliant AWS architecture as described here, i.e. most of the infrastructure is in private VPCs and exposed via a public VPC. Can you help me figure out if that's my issue?
I ran the following start command from within a private vpc:
prefect agent ecs start \
    --cluster <arn> \
    --run-task-kwargs "config.yaml"
where
config.yaml
contains:
networkConfiguration:
  awsvpcConfiguration:
    assignPublicIP: ENABLE
    subnets: [private_subnet]
    securityGroups: [security_group]
This is the (abridged) connection refused error I'm getting:
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPConnectionPool(host='localhost', port=4200): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7fa5b7613ed0>: Failed to establish a new connection: [Errno 111] Connection refused'))
k

Kevin Kho

05/26/2021, 9:06 PM
Hi @Claire Herdeman, do you mean the Agent is even able to be seen by Cloud?
c

Claire Herdeman

05/26/2021, 9:07 PM
No, it doesn't seem to launch at all
I got a similar connection error when I ran
prefect create project <name>
k

Kevin Kho

05/26/2021, 9:08 PM
Is this ecs agent running on an EC2? Does it have permissions for HTTP going out?
c

Claire Herdeman

05/26/2021, 9:10 PM
No, i'm just trying to run
prefect ecs start
also this is my first time trying to get it set up so I could be misunderstanding agent usage!
k

Kevin Kho

05/26/2021, 9:14 PM
Let me try setting up an ec2 on my end without traffic allowed and see if I replicate
🙏 1
Are you on Prefect Cloud or Server?
c

Claire Herdeman

05/26/2021, 9:15 PM
As another workaround, would using server rather than cloud be easier if it can be launched within our infrastructure?
I just set up a free Prefect Cloud
k

Kevin Kho

05/26/2021, 9:16 PM
We do have people using Prefect Server because of regulations that don’t let them have connections, but really Prefect is a tool of choice for organizations that need HIPAA compliant because we don’t see any of the data or the code
c

Claire Herdeman

05/26/2021, 9:19 PM
Ahhh makes sense
k

Kevin Kho

05/26/2021, 9:38 PM
Could you walk me over what you did? Did you change your backend to server by any chance? Did you authenticate Prefect with the CLI?
c

Claire Herdeman

05/26/2021, 9:39 PM
I actually did change backend to server, how do I switch back? and I'm not sure, which means probably not. What's the best way to do that?
k

Kevin Kho

05/26/2021, 9:40 PM
prefect backend cloud
to change the backend first and then try starting the agent again?
c

Claire Herdeman

05/26/2021, 9:42 PM
looks like that did it, thank you so much for your help!
k

Kevin Kho

05/26/2021, 9:42 PM
Oh nice! Happy to help 🙂
That error was because it was trying to access the local database spun up by Prefect server at localhost:4200, but that wasn’t available.