ExecuteCommand - Amazon Elastic Container Service


Runs a command remotely on a container within a task.

If you use a condition key in your IAM policy to refine the conditions for the policy statement, for example limit the actions to a specific cluster, you recevie an AccessDeniedException when there is a mismatch between the condition key value and the corresponding parameter value.

Request Syntax

{ "cluster": "string", "command": "string", "container": "string", "interactive": boolean, "task": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.


The Amazon Resource Name (ARN) or short name of the cluster the task is running in. If you do not specify a cluster, the default cluster is assumed.

Type: String

Required: No


The command to run on the container.

Type: String

Required: Yes


The name of the container to execute the command on. A container name only needs to be specified for tasks containing multiple containers.

Type: String

Required: No


Use this flag to run your command in interactive mode.

Type: Boolean

Required: Yes


The Amazon Resource Name (ARN) or ID of the task the container is part of.

Type: String

Required: Yes

Response Syntax

{ "clusterArn": "string", "containerArn": "string", "containerName": "string", "interactive": boolean, "session": { "sessionId": "string", "streamUrl": "string", "tokenValue": "string" }, "taskArn": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


The Amazon Resource Name (ARN) of the cluster.

Type: String


The Amazon Resource Name (ARN) of the container.

Type: String


The name of the container.

Type: String


Determines whether the execute command session is running in interactive mode. Amazon ECS only supports initiating interactive sessions, so you must specify true for this value.

Type: Boolean


The details of the SSM session that was created for this instance of execute-command.

Type: Session object


The Amazon Resource Name (ARN) of the task.

Type: String


For information about the errors that are common to all actions, see Common Errors.


You don't have authorization to perform the requested action.

HTTP Status Code: 400


These errors are usually caused by a client action. This client action might be using an action or resource on behalf of a user that doesn't have permissions to use the action or resource,. Or, it might be specifying an identifier that isn't valid.

HTTP Status Code: 400


The specified cluster wasn't found. You can view your available clusters with ListClusters. Amazon ECS clusters are Region specific.

HTTP Status Code: 400


The specified parameter isn't valid. Review the available parameters for the API request.

HTTP Status Code: 400


These errors are usually caused by a server issue.

HTTP Status Code: 500


The execute command cannot run. This error can be caused by any of the following configuration issues:

  • Incorrect IAM permissions

  • The SSM agent is not installed or is not running

  • There is an interface Amazon VPC endpoint for Amazon ECS, but there is not one for for Systems Manager Session Manager

For information about how to troubleshoot the issues, see Troubleshooting issues with ECS Exec in the Amazon Elastic Container Service Developer Guide.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: