@@ -49,10 +49,9 @@ COLOR_RED='\033[0;31m'
4949COLOR_YELLOW=' \033[1;33m'
5050COLOR_GREEN=' \033[0;32m'
5151
52- # Required parameters
52+ # Validation for required parameters
5353CLUSTER_NAME=${1:- None} # A cluster name or a full ARN of the cluster
5454TASK_ID=${2:- None} # A task ID or a full ARN of the task
55- # Validation
5655if [[ " x${CLUSTER_NAME} " = " xNone" || " x${TASK_ID} " = " xNone" ; then
5756 printf " ${COLOR_RED} Usage:\n" >&2
5857 printf " ./check-ecs-exec.sh YOUR_ECS_CLUSTER_NAME YOUR_ECS_TASK_ID\n" >&2
@@ -85,7 +84,7 @@ showEvalResult() {
8584 printf " ${COLOR_GREEN}${evalResult} \n"
8685 else
8786 printf " ${COLOR_RED}${evalResult} \n"
88- fi
87+ fi
8988}
9089
9190# # 1. CHECK PREREQUISITES FOR check-ecs-exec.sh ##########################################
@@ -124,7 +123,7 @@ callerIdentityJson=$(${AWS_CLI_BIN} sts get-caller-identity)
124123ACCOUNT_ID=$( echo " ${callerIdentityJson} " | jq -r " .Account" )
125124MY_IAM_ARN=$( echo " ${callerIdentityJson} " | jq -r " .Arn" )
126125
127- # Check if the AWS CLI v1.19.28/v2.1.30 or later exists
126+ # Check whether the AWS CLI v1.19.28/v2.1.30 or later exists
128127describedTaskJson=$( ${AWS_CLI_BIN} ecs describe-tasks \
129128 --cluster " ${CLUSTER_NAME} "
130129 --tasks " ${TASK_ID} "
140139awsCliVersion=$( ${AWS_CLI_BIN} --version 2>&1 )
141140printf " ${COLOR_DEFAULT} AWS CLI Version | ${COLOR_GREEN} OK ${COLOR_DEFAULT} (${awsCliVersion} )\n"
142141
143- # Check if the Session Manager plugin exists
142+ # Check whether the Session Manager plugin exists
144143printf " ${COLOR_DEFAULT} Session Manager Plugin | "
145144command -v session-manager-plugin > /dev/null 2>&1 && status=" $? " || status=" $? "
146145if [[ " ${status} " = 0 ]]; then
@@ -161,7 +160,7 @@ printf "${COLOR_DEFAULT}Task : ${TASK_ID}\n"
161160printSectionHeaderLine
162161# #########################################################################################
163162
164- # 1. Check the cluster configurations
163+ # 1. Checks on the cluster configurations
165164describedClusterJson=$( ${AWS_CLI_BIN} ecs describe-clusters \
166165 --clusters " ${CLUSTER_NAME} "
167166 --include CONFIGURATIONS \
230229fi
231230printf " \n"
232231
233- # 2. Check if "I" can call ecs:ExecuteCommand
232+ # 2. Check whether "I" can call ecs:ExecuteCommand
234233printf " ${COLOR_DEFAULT} Can I ExecuteCommand? | ${MY_IAM_ARN} \n"
235234ecsExecuteCommand=" ecs:ExecuteCommand"
236235ecsExecEvalResult=$( ${AWS_CLI_BIN} iam simulate-principal-policy \
288287 printf " ${COLOR_YELLOW} UNKNOWN\n"
289288fi
290289
291- # 4. Check if the `execute-command` option is enabled for the task
290+ # 4. Check whether the `execute-command` option is enabled for the task
292291printf " ${COLOR_DEFAULT} Exec Enabled for Task | "
293292if [[ " x${executeCommandEnabled} " = " xtrue" ; then
294293 printf " ${COLOR_GREEN} OK"
@@ -330,7 +329,7 @@ taskRoleArn=$(echo "${taskDefJson}" | jq -r ".taskDefinition.taskRoleArn")
330329hasRole=true
331330isEC2Role=false
332331if [[ " x${taskRoleArn} " = " xnull" ; then
333- # # Check if the task has an underlying EC2 instance and it has a IAM role through its instance profile
332+ # # When the task runs on EC2 without a task role then we should check the instance profile
334333 if [[ " x${launchType} " = " xEC2" ; then
335334 ec2InstanceId=$( echo " ${describedContainerInstanceJson} " | jq -r " .containerInstances[0].ec2InstanceId" )
336335 instanceProfileArn=$( ${AWS_CLI_BIN} ec2 describe-instances --instance-ids " ${ec2InstanceId} " | jq -r " .Reservations[0].Instances[0].IamInstanceProfile.Arn" )
455454fi
456455
457456# 7. Check existing VPC Endpoints (PrivateLinks) in the task VPC.
458- # If there is any VPC Endpoints configured for the task VPC, this means it would need an additional SSM PrivateLink to be configured.
457+ # If there is any VPC Endpoints configured for the task VPC, we assume you would need an additional SSM PrivateLink to be configured.
459458# TODO: In the ideal world, the script should simply check if the task can reach to the internet or not :)
460459taskNetworkingAttachment=$( echo " ${describedTaskJson} " | jq -r " .tasks[0].attachments[0]" )
461460taskVpcId=" "
@@ -475,7 +474,7 @@ printf "${COLOR_DEFAULT} VPC Endpoints | "
475474if [[ " x${vpcEndpoints} " = " x" ; then
476475 printf " ${COLOR_GREEN} SKIPPED ${COLOR_DEFAULT} (${taskVpcId} - No additional VPC endpoints required)\n"
477476else
478- # Check if a ssmmessages VPC endpoint already exists, if there is any existing VPC endpoints found
477+ # Check whether an ssmmessages VPC endpoint exists
479478 vpcEndpoints=$( echo " ${vpcEndpointsJson} " | tr -d ' \n' | jq -r " .VpcEndpoints[].ServiceName" )
480479 printf " \n"
481480 ssmsessionVpcEndpointExists=false
0 commit comments