My $2375 Amazon EC2 Mistake [PATCHED]
LINK >> https://shoxet.com/2sXCTr
The same for the image name. I have to build my image as "foo" just to get it pushed as `xxx.dkr.ecr.us-east-1.amazonaws.com/foo`. This breaks usual Makefiles for no reason. I don't think it's smart for this pipe trying to be "smart". I can figure out and provide image names by myself.
The default reserved ports are 22 for SSH, the Docker ports 2375 and 2376, and the Amazon ECS container agent ports 51678-51680. Any host port that was previously specified in a running task is also reserved while the task is running. That is, after a task stops, the host port is released. The current reserved ports are displayed in the remainingResources of DescribeContainerInstances output. A container instance can have up to 100 reserved ports at a time. This number includes the default reserved ports. Automatically assigned ports aren't included in the 100 reserved ports quota.
Images in Amazon ECR repositories can be specified by using either the fullregistry/repository:tag orregistry/repository@digest namingconvention (for example, aws_account_id.dkr.ecr.region.amazonaws.com/my-web-app:latestor aws_account_id.dkr.ecr.region.amazonaws.com/my-web-app@sha256:94afd1f2e64d908bc90dbca0035a5b567EXAMPLE).
The default reserved ports are 22 for SSH, the Docker ports2375 and 2376, and the Amazon ECScontainer agent ports 51678-51680. Any hostport that was previously user-specified for a running taskis also reserved while the task is running (after a taskstops, the host port is released). The current reservedports are displayed in the remainingResourcesof describe-container-instances output,and a container instance mighthave up to 100 reserved ports at a time, including thedefault reserved ports. Automatically assigned ports do notcount toward the 100 reserved ports limit.
UDP support is only available on container instancesthat were launched with version 1.2.0 of the Amazon ECScontainer agent (such as theamzn-ami-2015.03.c-amazon-ecs-optimizedAMI) or later, or with container agents that have beenupdated to version 1.3.0 or later. To update yourcontainer agent to the latest version, see Updating the Amazon ECS container agent.
For the script to run successfully, you will require a pre-existing AMI that has a docker daemon installed, running and exposing the Docker API port (2375) to the relevant calling machine(s). The following public non-Digital Turbine GitHub gist by styblope has some information about how to make the docker daemon listen to TCP in addition to UNIX sockets, but to sum up the requirements:
It's an easy mistake and most of us have probably done a similar thing at one point or another. And it's not just AWS keys that are at risk. As our use of cloud-based services increases, the expanding use of a broad variety of service API keys can be leveraged by hackers and spammers alike.
Images in Amazon ECR repositories can be specified by either using the full registry/repository:tag or registry/repository@digest . For example, 012345678910.dkr.ecr..amazonaws.com/:latest or 012345678910.dkr.ecr..amazonaws.com/@sha256:94afd1f2e64d908bc90dbca0035a5b567EXAMPLE .
The URL of the Docker Daemon. If this configuration option is not given, then the optional configuration section is consulted. The scheme of the URL can be either given directly as http or httpsdepending on whether plain HTTP communication is enabled or SSL shouldbe used. Alternatively the scheme could be tcp in which case theprotocol is determined via the IANA assigned port: 2375 for httpand 2376 for https. Finally, Unix sockets are supported by usingthe scheme unix together with the filesystem path to the unix socket.The discovery sequence used by the docker-maven-plugin to determinethe URL is:
Some docker registries require additional steps to authenticate.Amazon ECR requires using an IAM access key to obtain temporary docker login credentials.The docker:push and docker:pull goals automatically execute this exchange for any registry of the form .dkr.ecr. .amazonaws.com, unless the skipExtendedAuth configuration (docker.skip.extendedAuth property) is set true.
The presence of the DOCKER_HOST environment variable in your shell overrides the endpoint defined by your selected context. In this example, docker commands will always target the daemon instance at tcp://1.2.3.4:2375. 2b1af7f3a8