ECS migrating to new ARN format

stefano · January 30, 2019, 10:03am

In November I received a notification from Amazon (see below) regarding a plan to migrate to a new ARN format.

Do I need to be concerned about this, or will Convox automatically take care of that under the hood?
Do I need to opt in? Can I?

Thanks

– Amazon announcement -----------

Amazon Elastic Container Service (Amazon ECS) is migrating to a new format for its Amazon Resource Names (ARN) and resource identifiers (ID) for tasks, container instances, and services. These new ARN and ID formats are necessary to introduce new functionality such as tagging of Amazon ECS resources and cost-allocation. Opt-in to the new ARN and ID format to avoid disruption on December 31, 2019.

Since the structure and length of the new ARN and ID formats are different, existing automation tools that parse or store the ARN or the ID may no longer function correctly. If you have tools or software that interact with your Amazon ECS resources, we recommend that you test the impact of the new formats by opting in for a specific IAM user, IAM role, or Account. We strongly recommend that you opt in to the new formats on all your accounts as soon as possible. […]

ali · January 30, 2019, 10:09am

Stefano, JFYI: I’ve got a reply from ddollar sometime ago on GitHub about this:

Should be fine. Give it a shot and report back.

— via https://github.com/convox/rack/issues/3037#issuecomment-445468472

ddollar · January 30, 2019, 4:32pm

Yes, I have done this update for my own Racks already and there are no issues.

ali · April 8, 2020, 5:16pm

Today I’ve tried this, but got stuck in the process.

I’ve tried to opt in for this for specific IAM roles first, because we have more than one rack, and we wanted to try this on our staging rack first.

First off, seems like, after having opted-in, you need to create new instances so that they have new ARN format (we did this by convox instances terminate our existing instances one by one, and wait for new instances to come up). It simply wasn’t possible to convox apps params set TaskTags=Yes for any given app, because CloudFormation was failing and rollbacking with the following error:

The new ARN and resource ID format must be enabled to work with ECS managed tags. Opt in to the new format and try again. (Service: AmazonECS; Status Code: 400; Error Code: InvalidParameterException; Request ID: x-x-x-x-x)

After having created new instances, and confirmed that they have the new ARN formatted ids, it still wasn’t possible to set TaskTags due to the same error.

This leaves me with this question in mind: How could I re-create an ECS service, so that it has the new format as well?! I am not aware of any convox CLI command that does that… As far as I know an ECS service is created once, and never re-created again?

@ddollar how did you manage to update your own racks please? Thank you.

ed_convox · October 16, 2020, 9:05pm

It sounds like you didn’t opt in on the correct IAM roles for this to take effect. It would be better and easier to opt in as the default setting for your account, either through the root user in your AWS console or via the CLI:

aws ecs put-account-setting-default --name serviceLongArnFormat --value enabled
aws ecs put-account-setting-default --name taskLongArnFormat --value enabled
aws ecs put-account-setting-default --name containerInstanceLongArnFormat --value enabled

Topic		Replies	Views
All apps will break after April 1, 2021 due to ECS migration to the new ARN and resource ID format Rack (Version 2)	4	747	November 10, 2020
[20160502194942] Amazon Linux 2016.03 Releases	0	408	May 2, 2016
AWS notice: Recommendation to not use launch configurations Rack (Version 2)	2	250	December 1, 2022
Migration from V2 Rack (Version 3)	3	812	August 10, 2020
[20181211140404] Amazon Linux 2 Releases	0	365	December 11, 2018

ECS migrating to new ARN format

Related Topics