AWS ECS Error when running task: No Container Instances were found in your cluster

Question

I'm trying to deploy a Docker container image to AWS using ECS, but the EC2 instance is not being created. I have scoured the internet looking for an explanation as to why I'm receiving the following error:

"A client error (InvalidParameterException) occurred when calling the RunTask operation: No Container Instances were found in your cluster."

Here are my steps:

1. Pushed a docker image FROM Ubuntu to my Amazon ECS repo.

2. Registered an ECS Task Definition:

aws ecs register-task-definition --cli-input-json file://path/to/my-task.json 

3. Ran the task:

aws ecs run-task --task-definition my-task

Yet, it fails.

Here is my task:

{

  "family": "my-task",

  "containerDefinitions": [

    

        "environment": [],

        "name": "my-container",

        "image": "my-namespace/my-image",

        "cpu": 10,

        "memory": 500,

        "portMappings": [

            

                "containerPort": 8080,

                "hostPort": 80

            

        ],

        "entryPoint": [

            "java",

            "-jar",

            "my-jar.jar"

        ],

        "essential": true  

}

I have also tried using the management console to configure a cluster and services, yet I get the same error. How do I configure the cluster to have ec2 instances, and what kind of container instances do I need to use? I thought this whole process was to create the EC2 instances, to begin with!!

Do you want to master AWS, then do checkout the aws certification training by Intellipaat.

Answer 1

There are two ways, 

First and the simpler way is to create an internet gateway and connect it to the VPC used by the cluster. So, to solve this you have to update your VPC’s route table:

0.0.0.0/0 igw-name

If the simple way didn’t work, you can follow this procedure:

1. In the EC2 dashboard, first click on launch instance
2. Now, check for ecs-optimized in the Community AMIs, select whichever AMIs type fits for your project. So, select one and click next.
3. In Configure Instance Details, click on the create new IAM role link and create a role called ecsInstanceRole.
4. AmazonEC2ContainerServiceforEC2Role - Attach this policy to that role
5. Finally, finish configuring you ECS instance. If it is a web server make sure to provide access to port 80 in your security group.

Comments

Thanks for your answer!

---

Thanks for the clear explanation!

---

Allowing all internet requests solved using an internet gateway solved my problem.

---

I think it is worth mentioning that the moment you add a route for 0.0.0..0/0 pointing to an IGW the subnet is no longer a private subnet. From a network security perspective, it is better to create a route pointing to a NAT-Gateway.

---

I agree with this once we add a route for 0.0.0.0/0 it is no longer a private subnet.

---

While creating EC2,  add #!/bin/bash echo ECS_CLUSTER=your_cluster_name >> /etc/ecs/ecs.config in Advanced Details -> User data if you have your own, non Default cluster. Other wise the newly created EC2 instance will create Default cluster

Answer 2

You can follow the below-mentioned ways to solve your issue:-

1. Select the suggested AMI which was specified for the given region it has solved my problem.
   If you do not know where to find out the AMI the check it here Launching an Amazon ECS Container Instance.

2. Another thing is the ec2 instances are added to the cluster by default. So the name of the cluster also matters.

Comments

Thank you for the clue! I had assigned a security group to my instances which blocked all outbound traffic except for traffic to my load balancer. I switched this to allow all outbound traffic but restrict incoming traffic from the load balancer only, and the instances then appeared in my EC2 cluster.

Answer 3

I ran into this issue when using Fargate. I fixed it when I explicitly defined launchType="FARGATE" when calling run_task.

Answer 4

I think the issue is lack of permission. As long as you create and assign a IAM Role with AmazonEC2ContainerServiceforEC2Role permission, the problem should go away.