New deal!

Join 90,000+ creators to write, schedule and publish on Twitter • Sign up for free → typefully.com

Get in Touch

Updated:

Solved: (invalidparameterexception) when calling the executecommand operation

Danny Steenman

The error an error occurred (invalidparameterexception) when calling the executecommand operation: the execute command failed because execute command was not enabled when the task was run or the execute command agent isn’t running. wait and try again or run a new task with execute command enabled and try again. likely happens if you do one of the following things:

  • You run the aws ecs execute-command to connect with your container running on Amazon ECS but your IAM role or IAM user doesn’t have the required permissions enabled.
  • You don’t have the property EnableExecuteCommand enabled on your ECS Service.

In order to fix the error, you first need to validate if you’ve added SSM permissions to our existing ECS task IAM role. This grants permission for the ECS task to connect with the SSM Session Manager service.

{
   "Version": "2012-10-17",
   "Statement": [
       {
       "Effect": "Allow",
       "Action": [
            "ssmmessages:CreateControlChannel",
            "ssmmessages:CreateDataChannel",
            "ssmmessages:OpenControlChannel",
            "ssmmessages:OpenDataChannel"
       ],
      "Resource": "*"
      }
   ]
}

Next, you need to validate if you’ve added the ECS ExecuteCommand permission to your IAM role. Make sure your IAM role contains a policy that allows the action ecs:ExecuteCommand. Otherwise, you’re not able to run aws ecs execute-command in the AWS CLI in order to access the running container.

Add the following policy to your IAM role:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "User access to ECS ExecuteCommand",
            "Effect": "Allow",
            "Action": "ecs:ExecuteCommand",
            "Resource": "*"
        }
    ]
}

At last you need to make sure you’ve enabled the ECS Exec feature on existing and new ECS tasks and services by using the parameter --enable-execute-command.

To enable ECS Exec on an existing ECS service run the following in you AWS CLI:

aws ecs update-service \
    --cluster <cluster-name> \
    --task-definition <task-definition-name> \
    --service <service-name> \
    --enable-execute-command \

If you want to dive deeper on how to successfully run the ecs-execute-command on your ECS containers in AWS, then I’d suggest to read this guide that I wrote.

Want to join us? Join for tips, strategies, and resources that I use in my solo cloud agency to build well-architected, resilient, and cost-optimized AWS solutions on AWS.

Join 1k+ AWS Cloud enthusiasts
Loved by engineers worldwide
,

Related posts

Danny Steenman

A Senior AWS Cloud Engineer with over 9 years of experience migrating workloads from on-premises to AWS Cloud.

I have helped companies of all sizes shape their cloud adoption strategies, optimizing operational efficiency, reducing costs, and improving organizational agility.

Connect with me today to discuss your cloud aspirations, and let’s work together to transform your business by leveraging the power of AWS Cloud.

I need help with..
stacked cubes
Improving or managing my CDK App.Maximize the potential of your AWS CDK app by leveraging the expertise of a seasoned CDK professional.
Reducing AWS Costs.We can start by doing a thorough assessment of your current AWS infrastructure, identifying areas with potential for cost reduction and efficiency improvement.
Verifying if my infrastructure is reliable and efficient.We’ve created a comprehensive AWS Operations Checklist that you can utilize to quickly verify if your AWS Resources are set up reliably and efficiently.