https://dagster.io/ logo
#deployment-ecs
Title
# deployment-ecs
k

Kyle Montag

03/01/2023, 12:07 AM
hi - when i’m using
dagster_shell
from within an ECS task that was created by dagster, I am getting the following error:
AWS_CONTAINER_CREDENTIALS_RELATIVE_URI: unbound variable
when trying to do a spot check on the task’s execution role permissions. is there a bug related to this on ECS somewhere? am i doing something wrong? i am not seeing the IAM credentials being passed to the subprocess that is being kicked off as part of
dagster_shell.execute_shell_script
, both when trying to use the credentials via the aws cli, or when doing
curl 169.254.170.2$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
which is recommended by the ECS docs EDIT: i solved this, it turns out that the environment from the operating system is not forwarded to the subprocess created by
execute_shell_script
by default. this means that the aforementioned environment variable does not get loaded in. to remedy i simply changed my call to
execute_shell_script
to include
dict(os.environ)
in the value being sent to the
env
parameter
d

daniel

03/01/2023, 1:52 AM
Hi Kyle -
execute_shell_script
takes in an optional env dictionary argument, does it work if you pass in
Copy code
{"AWS_CONTAINER_CREDENTIALS_RELATIVE_URI": os.getenv("AWS_CONTAINER_CREDENTIALS_RELATIVE_URI")}
there? I think this is an oddity of execute_shell_script where it doesn't pass through the env from the parent process, i'll see about changing this
Oh hey, just saw your edit
https://github.com/dagster-io/dagster/pull/12609 Here's a PR for this, I think it's unlikely the current behavior is intentional
❤️ 1
k

Kyle Montag

03/01/2023, 1:59 AM
at least when it comes to ECS not having the task’s environment will break a lot of random stuff
explains a ton of the random errors i’ve been seeing related to permissions over the last week as we’ve moved more complicated processes to prod lol
d

daniel

03/01/2023, 2:00 AM
We’ll probably put that out next with with 1.2 with a note since there’s a small chance it would change behavior unexpectedly
k

Kyle Montag

03/01/2023, 2:01 AM
if your team isn’t comfortable making that change, i’d say just a brief blurb in the docs would cover the situation
this function does not forward the OS environment by default, if you need it be sure to include
or something like that
2 Views