How we implemented container shell access on ECS

At Simply Business, our developers often need terminal emulation access to production-like environments. In the DevOps team, we’re keen to support this but also need to cater for the security implications, as well as the need to audit activity on interactive container sessions. In this post, we share how in the DevOps team, we’ve addressed these needs by creating a custom solution for container shell access on ECS Exec, integrated with our in-house CI/CD system built with Github Actions and Codebuild.

Recently the Simply Business DevOps team has been looking into replacing our existing solution – butlerx/wetty, which we use to grant shell access for developers to Docker containers running in our ECS cluster. Just to make it clear, this post is not a philosophical discussion on shell access to Docker containers. There’s plenty of material out there if you’re looking to forge an opinion on that. Rather, it’s about how we’re handling very legitimate use cases for granting shell access to containers, given that turning off our existing solution isn’t really an option.

This block is configured using JavaScript. A preview is not available in the editor.