AWS ECS Windows Scheduled Task running as System – AWS Credentials not found

  amazon-ec2, amazon-ecs, amazon-s3, windows

looking for some pointers,

I am trying to get a windows scheduled task running on a Windows Container on AWS ECS, so far I have:

  • EC2 Windows instance
  • ECS with a running container instance (Windows)
  • IAM Role applied to the ECS Host
  • S3 Bucket

I have a powershell script I have written to interact with an S3 bucket which runs perfectly fine when I execute it from the AWS Session manager and exec into the running container. The aws configure list command shows the credentials it’s using (container-role) and everything works ok interaction wise.

The issue is I need this to be a timed operation, so I created a Scheduled Task to run the powershell command and that’s where the issue starts:

  1. Running scheduled task not as System means it won’t run like a daemon / without login / non-interactively – however, when I try to execute the same script, the aws cli commands fail because they cannot find the AWS credentials, aws configure list returns empty and the s3 command returns a No credentials found message.
  2. Running the scheduled task as the container-admin user (which is what the AWS Session shell logs me in as) refuses to execute the task – though it shows as ready it never runs, I believe because that is the same user which also sets up the scheduled task it is implicitly set to run only when the user is logged on – unless I used the /NP switch, which wants me to enter the password interactively (no good).

Is there any reason why a Scheduled task running as the SYSTEM user would not be able to use the same AWS CLI commands as the ContainerAdmin user which I get logged in as via the AWS Session manager? Have I missed an option on the Scheduled Task command somewhere?

Thanks in advance

Source: Windows Questions

LEAVE A COMMENT