Add support for Amazon EC2 Instance Connect

[dali546]

Summary

ECS Machines can be accessed via SSM, using the aws-ssm-agent. It would be nice if you can also add aws-ec2-instance-connect too, allowing another way for systems that use EC2 Instance Connect

Description

[chienhanlin]

Hello @dali546 thanks for suggesting this enhancement. We will take a look on this feature request, and provide updates on the PR and this issue. Thanks.

Notes

1. Confirm ECS-optimized AL2 and AL2023 AMIs do not come preinstalled with the EC2 Instance Connect package.
2. The package ec2-instance-connect is very light (20k), and has dependencies: ec2-instance-connect-selinux (7.2k) on ECS-optimized AL2 AMI.
3. The package ec2-instance-connect is very light (22k), and has dependencies: ec2-instance-connect-selinux (12k) and policycoreutils-python-utils (72k) on ECS-optimized AL2023 AMI.
4. Workaround: Launch instances with ECS-optimized AL2/AL2023 AMIs + userdata
   Example:

ECS-optimized AL2 AMI

#!/bin/sh -ex
sudo yum install -y ec2-instance-connect

ECS-optimized AL2023 AMI

#!/bin/sh -ex
sudo dnf install -y ec2-instance-connect

5. This package is supported in all AWS Regions except Israel (Tel Aviv). Find the prerequisites for installing EC2 Instance Connect and for using EC2 Instance Connect to connect to an instance doc for more details.

Appendix

1. Built an alpha ECS-optimized AL2 AMI and an alpha ECS-optimized AL2023 AMI with following variables

ecs_agent_version    = "1.79.1"
ecs_init_rev         = "1"
docker_version       = "20.10.25"
docker_version_al2023 = "20.10.25"
containerd_version   = "1.6.19"
containerd_version_al2023 = "1.6.19"
source_ami_al2       = "amzn2-ami-minimal-hvm-2.0.20231116.0-x86_64-ebs"
source_ami_al2023    = "al2023-ami-minimal-2023.2.20231113.0-kernel-6.1-x86_64"
kernel_version_al2023    = "-kernel-6.1"
distribution_release_al2023  = "2023.2.20231113"

• Launch m5.xlarge instances with these alpha AMIs
• SSH into instances and confirm ec2-instance-connect is not preinstalled via the AL source minimal AMIs

[root@ip-xxx bin]# yum list installed | grep ec2
dracut-config-ec2.noarch            2.0-3.amzn2                     installed
ec2-net-utils.noarch                1.7.3-1.amzn2                   @amzn2-core
ec2-utils.noarch                    1.2-47.amzn2                    installed
grub2-efi-x64-ec2.x86_64            1:2.06-14.amzn2.0.2             installed

2. Launch m5.xlarge instances with the same set of alpha AMIs + userdata to install the ec2-instance-connect package

• Connect to the instance via EC2 Instance Connect
• Confirm the package ec2-instance-connect is installed via userdata

[root@ip-xxx ~]# sudo yum list installed | grep ec2
dracut-config-ec2.noarch             2.0-3.amzn2                    installed   
ec2-instance-connect.noarch          1.1-19.amzn2                   @amzn2-core 
ec2-instance-connect-selinux.noarch  1.1-19.amzn2                   @amzn2-core 
ec2-net-utils.noarch                 1.7.3-1.amzn2                  @amzn2-core 
ec2-utils.noarch                     1.2-47.amzn2                   installed   
grub2-efi-x64-ec2.x86_64             1:2.06-14.amzn2.0.2            installed 

• Check dependencies of ec2-instance-connect

ECS-optimized AL2 AMIs

[root@ip-xxx ~]# sudo yum deplist ec2-instance-connect
Loaded plugins: priorities, update-motd, upgrade-helper
package: ec2-instance-connect.noarch 1.1-19.amzn2
  dependency: /bin/grep
   provider: grep.x86_64 2.20-3.amzn2.0.2
  dependency: /bin/sh
   provider: bash.x86_64 4.2.46-34.amzn2
  dependency: /usr/bin/getent
   provider: glibc-common.x86_64 2.26-63.amzn2.0.1
  dependency: /usr/bin/printf
   provider: coreutils.x86_64 8.22-24.amzn2
  dependency: /usr/sbin/useradd
   provider: shadow-utils.x86_64 2:4.1.5.1-24.amzn2.0.3
  dependency: /usr/sbin/userdel
   provider: shadow-utils.x86_64 2:4.1.5.1-24.amzn2.0.3
  dependency: /usr/sbin/usermod
   provider: shadow-utils.x86_64 2:4.1.5.1-24.amzn2.0.3
  dependency: coreutils
   provider: coreutils.x86_64 8.22-24.amzn2
  dependency: curl
   provider: curl.x86_64 8.3.0-1.amzn2.0.4
  dependency: ec2-instance-connect-selinux
   provider: ec2-instance-connect-selinux.noarch 1.1-19.amzn2
  dependency: openssh >= 6.9.0
   provider: openssh.x86_64 7.4p1-22.amzn2.0.5
  dependency: openssh-server >= 6.9.0
   provider: openssh-server.x86_64 7.4p1-22.amzn2.0.5
  dependency: openssl
   provider: openssl.x86_64 1:1.0.2k-24.amzn2.0.10
  dependency: systemd-units
   provider: systemd.x86_64 219-78.amzn2.0.22

ECS-optimized AL2023 AMIs

[root@ip-xxx ~]# sudo yum deplist ec2-instance-connect
Last metadata expiration check: 0:18:15 ago on Tue Nov 28 18:52:35 2023.
package: ec2-instance-connect-1.1-19.amzn2023.noarch
  dependency: /bin/grep
   provider: grep-3.8-1.amzn2023.0.4.x86_64
  dependency: /bin/sh
   provider: bash-5.2.15-1.amzn2023.0.2.x86_64
  dependency: /usr/bin/getent
   provider: glibc-common-2.34-52.amzn2023.0.7.x86_64
  dependency: /usr/bin/printf
   provider: coreutils-8.32-30.amzn2023.0.3.x86_64
   provider: coreutils-single-8.32-30.amzn2023.0.3.x86_64
  dependency: /usr/sbin/useradd
   provider: shadow-utils-2:4.9-12.amzn2023.0.2.x86_64
  dependency: /usr/sbin/userdel
   provider: shadow-utils-2:4.9-12.amzn2023.0.2.x86_64
  dependency: /usr/sbin/usermod
   provider: shadow-utils-2:4.9-12.amzn2023.0.2.x86_64
  dependency: coreutils
   provider: coreutils-8.32-30.amzn2023.0.3.x86_64
  dependency: curl
   provider: curl-8.3.0-1.amzn2023.0.2.x86_64
  dependency: ec2-instance-connect-selinux
   provider: ec2-instance-connect-selinux-1.1-19.amzn2023.noarch
  dependency: openssh >= 6.9.0
   provider: openssh-8.7p1-8.amzn2023.0.8.x86_64
  dependency: openssh-server >= 6.9.0
   provider: openssh-server-8.7p1-8.amzn2023.0.8.x86_64
  dependency: openssl
   provider: openssl-1:3.0.8-1.amzn2023.0.9.x86_64
  dependency: systemd-units
   provider: systemd-252.16-1.amzn2023.0.1.x86_64

• cloud-init.log from the instance launched with ECS-optimized AL2 AMI + userdata

Dependencies Resolved

================================================================================
 Package                         Arch      Version          Repository     Size
================================================================================
Installing:
 ec2-instance-connect            noarch    1.1-19.amzn2     amzn2-core     20 k
Installing for dependencies:
 ec2-instance-connect-selinux    noarch    1.1-19.amzn2     amzn2-core    7.2 k

Transaction Summary
================================================================================
Install  1 Package (+1 Dependent package)

Total download size: 27 k
Installed size: 25 k
Downloading packages:
--------------------------------------------------------------------------------
Total                                              287 kB/s |  27 kB  00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : ec2-instance-connect-selinux-1.1-19.amzn2.noarch             1/2 
libsemanage.semanage_direct_install_info: Overriding ec2-instance-connect module at lower priority 100 with module at priority 200.
  Installing : ec2-instance-connect-1.1-19.amzn2.noarch                     2/2 
  Verifying  : ec2-instance-connect-1.1-19.amzn2.noarch                     1/2 
  Verifying  : ec2-instance-connect-selinux-1.1-19.amzn2.noarch             2/2 

Installed:
  ec2-instance-connect.noarch 0:1.1-19.amzn2                                    

Dependency Installed:
  ec2-instance-connect-selinux.noarch 0:1.1-19.amzn2    

• cloud-init.log from the instance launched with ECS-optimized AL2023 AMI + userdata

sudo dnf install -y ec2-instance-connect
Amazon Linux 2023 repository                     32 MB/s |  21 MB     00:00    
Amazon Linux 2023 Kernel Livepatch repository   495 kB/s | 162 kB     00:00    
Dependencies resolved.
================================================================================
 Package                       Arch    Version               Repository    Size
================================================================================
Installing:
 ec2-instance-connect          noarch  1.1-19.amzn2023       amazonlinux   22 k
Installing dependencies:
 ec2-instance-connect-selinux  noarch  1.1-19.amzn2023       amazonlinux   12 k
 policycoreutils-python-utils  noarch  3.4-6.amzn2023.0.2    amazonlinux   72 k

Transaction Summary
================================================================================
Install  3 Packages

Total download size: 107 k
Installed size: 142 k
Downloading Packages:
(1/3): ec2-instance-connect-selinux-1.1-19.amzn 100 kB/s |  12 kB     00:00    
(2/3): ec2-instance-connect-1.1-19.amzn2023.noa 172 kB/s |  22 kB     00:00    
(3/3): policycoreutils-python-utils-3.4-6.amzn2 425 kB/s |  72 kB     00:00    
--------------------------------------------------------------------------------
Total                                           384 kB/s | 107 kB     00:00     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Installing       : policycoreutils-python-utils-3.4-6.amzn2023.0.2.noar   1/3 
  Running scriptlet: ec2-instance-connect-selinux-1.1-19.amzn2023.noarch    2/3 
  Installing       : ec2-instance-connect-selinux-1.1-19.amzn2023.noarch    2/3 
  Running scriptlet: ec2-instance-connect-selinux-1.1-19.amzn2023.noarch    2/3uavc:  op=setenforce lsm=selinux enforcing=0 res=1uavc:  op=load_policy lsm=selinux seqno=2 res=1 
  Running scriptlet: ec2-instance-connect-1.1-19.amzn2023.noarch            3/3 
  Installing       : ec2-instance-connect-1.1-19.amzn2023.noarch            3/3 
  Running scriptlet: ec2-instance-connect-1.1-19.amzn2023.noarch            3/3 
/bin/grep: warning: stray \ before %
/bin/grep: warning: stray \ before %
/bin/grep: warning: stray \ before %
/bin/grep: warning: stray \ before %

  Running scriptlet: ec2-instance-connect-selinux-1.1-19.amzn2023.noarch    3/3 
  Running scriptlet: ec2-instance-connect-1.1-19.amzn2023.noarch            3/3 
  Verifying        : ec2-instance-connect-1.1-19.amzn2023.noarch            1/3 
  Verifying        : ec2-instance-connect-selinux-1.1-19.amzn2023.noarch    2/3 
  Verifying        : policycoreutils-python-utils-3.4-6.amzn2023.0.2.noar   3/3 

Installed:
  ec2-instance-connect-1.1-19.amzn2023.noarch                                   
  ec2-instance-connect-selinux-1.1-19.amzn2023.noarch                           
  policycoreutils-python-utils-3.4-6.amzn2023.0.2.noarch    

[danehlim]

Hello, thank you for your request! Our product team will continue to look into this as a feature request and track it here: aws/containers-roadmap#1300

I will be closing this issue for now in favor of the above. Please refer to the workaround provided by @chienhanlin if you urgently need this functionality. I will also post about the workaround in the linked issue above.