Convox Community

Potential break in Rack v2 due to ECS API request validation improvements

Hi there,

Got this email:

Your action is required to avoid potential service interruption once Amazon ECS API request validation improvements take effect on September 24, 2021. We have identified the following API requests to Amazon ECS from your account that could be impacted by these changes:
DescribeTasks

With these improvements, Amazon ECS APIs will validate that the Service and Cluster name parameters in the API match the Cluster and Service name in the ARN.

For Example:

Incorrect usage, will return an error:
aws ecs describe-tasks --cluster one --tasks arn:aws:ecs:us-east-1:123456789012:task/two/48d8e8a0ccf54d969a05099a269b7528

Correct usage, clusters match:
aws ecs describe-tasks --cluster one --tasks arn:aws:ecs:us-east-1:123456789012:task/one/48d8e8a0ccf54d969a05099a269b7528

The following APIs will include request validation improvements for the following parameters:

Cluster Name Consistency Validation Only:
DeregisterContainerInstance, RegisterContainerInstance, UpdateContainerAgent, DeleteAttributes, DescribeContainerInstances, DescribeTasks, ExecuteCommand, ListTasks, PutAttributes, StartTask, StopTask, UpdateContainerInstancesState, CreateTaskSet, DeleteService, DescribeServices, UpdateService

Cluster and Service Name Consistency Validation:
DeleteTaskSet, DescribeTaskSets, UpdateServicePrimaryTaskSet, UpdateTaskSet

To avoid any service interruption from upcoming Amazon ECS API request validation improvements, please update the API requests identified above to ensure that cluster and service parameters in the API request match those in the ARN. Please refer to this page for details on these APIs. [1]

If you have any questions, please contact AWS Premium Support[2].

[1] Actions - Amazon Elastic Container Service
[2] https://aws.amazon.com/support

Will this affect Rack v2? We’re still using 20200529011310 and are a bit wary about upgrading to latest Rack v2 version, as even with the latest version we still might run into issues.
Is it time to migrate to Rack v3?

3 Likes

We received the same notification and are on 20210701111905, so it seems to still impact later rack releases.

I’m also curious if there’s any action needed on our part.

@ddollar I have the same question. Does this impact current rack versions?

@alon - As a side-note, in May, I did get assurances that v2 rack support will continue for some time and that there’s no urgency/need to upgrade to v3. This spring we upgraded our v2 racks from 20191216210003 to 20210521142829 without any issues.

1 Like

@nolson Thanks, I appreciate you letting me know about this. Good to know. I guess we won’t go v3 just yet, then, and I’ll be more optimistic about upgrading to the latest v2. :slight_smile:

We also received the same notification and are on 20210319134118. Upgrading to latest v2 didn’t show any issue for us in the past.
By the way, how to know what is the latest v2 available?
And yes, @ddollar we really need to know if this impacts the latest v2 version.

Also received the same notice from AWS.
Will this be supported?

@ddollar any update?
@Brian-G ?

It appears these emails were sent to anyone making the ECS API calls mentioned regardless of wether the requests will pass the future validation checks. We are still in the process of reviewing our code to confirm but I don’t think this will have any impact on v2 racks.

1 Like

@eravelo Regarding what is the latest v2 available? This is what we do for before upgrading…

I may be conflating two different changes, but it seems like we did need to worry?

Since today we’re also experiencing the following issue:

convox ps --app <ourAPP> --rack <dev-rack>
ERROR: InvalidParameterException: Invalid identifier: Identifier is for cluster dev-rack-Cluster-123123. Your cluster is dev-rack-BuildCluster-456456
	status code: 400, request id: e2a2d3f3-fb70-4aa6-84c9-b60b392eab30

Same, we are experiencing similar issues on our V2 racks.

This change did break some of the ECS API calls. We did a release this week to mitigate the problem.

We have a test release out to address some further issues and should have it released publicly after further testing.