Amazon-ecs-agent: Service:AmazonECS, Code:ClientException, Message:Actual length: '34432'. Max allowed length is '32768' bytes., Class:com.amazonaws.services.ecs.model.ClientException

Created on 11 Nov 2016 · 3Comments · Source: aws/amazon-ecs-agent

This error is thrown when the Environment variables passed in to elastic beanstalk seems to be more than what ECS can handle.

This limit seems arbitrary as i need to be able to add Environment variables or how else can we pass in secret keys

Source

devotox

👍1

Most helpful comment

Will there ever be a time this will be increased to 64k? We use the secrets parameter on the container definition for fargate, in conjunction with ssm params and are hitting the 32k limit.

Moving it over to use something like S3 and KMS is not feasible for us now and will require deviating from standard functionality supplied by ECS fargate, and most properly have to redo our whole secrets approach, which is not something we feel like repeating again.

banchee on 25 Feb 2019

👍8

All 3 comments

@devotox Currently ECS has a hard 32 kb limit on the size of task definition which is why this error occurred. Here is the document that record the limits of ECS service: ECS Service limits.
In general, we do not recommend passing in secrets as environments variables to your containers, as they do not provide a high level of security on the instance. However you can use the S3 and AWS KMS to manage the secrets for EC2 Container Service, which is more secure than passing directly in environment variable. See How to Manage Secrets for Amazon EC2 Container Service–Based Applications by Using Amazon S3 and Docker for the instructions.

Thanks.

richardpen on 11 Nov 2016

thank you for the links and the explanation

devotox on 14 Nov 2016

Will there ever be a time this will be increased to 64k? We use the secrets parameter on the container definition for fargate, in conjunction with ssm params and are hitting the 32k limit.

banchee on 25 Feb 2019

👍8

Was this page helpful?

0 / 5 - 0 ratings