What does Clerion specialize in?

Clerion specializes in cloud migration, modernization, DevOps, security, AI & ML solutions. We help businesses, especially in startups and gaming, scale efficiently and innovate faster with AWS-powered cloud services.

Why should I choose Clerion over other cloud consultancies?

We combine deep AWS expertise with a tailored, results-driven approach. Unlike generic cloud consultancies, we focus on high-growth industries, providing optimized, scalable, and cost-effective solutions designed for agility and long-term success.

How does Clerion support cloud migrations?

We offer end-to-end migration solutions, from strategy and planning to execution and optimization. Whether you need lift-and-shift, replatforming, or full modernization, we ensure a seamless, low-risk transition to AWS.

Does Clerion provide security and compliance services?

Yes. Security is at the core of everything we do. We implement identity & access management, threat detection, encryption, and compliance best practices to protect your cloud infrastructure and ensure regulatory adherence.

Can Clerion help optimize my AWS costs?

Absolutely. We analyze your AWS usage and apply cost-saving strategies like reserved instances, right-sizing, auto-scaling, and workload optimization to maximize efficiency while reducing unnecessary spend.

How do we get started with Clerion?

Getting started is simple. Reach out to us via our website or LinkedIn, and we’ll schedule a free consultation to assess your needs and design a cloud strategy tailored for your business.

Home

Professional Services

Blogs

AWS for Games

Home

Professional Services

Blogs

AWS for Games

SSH into a Docker Container on AWS Fargate

Apr 16, 2025

6 min read

Introduction

Setting up an SSH-accessible Docker container can be useful for debugging, remote management, and infrastructure prototyping. In this post, we’ll walk through how to:

Build a Docker image with SSH and Python
Push it to Amazon ECR
Deploy it serverlessly on AWS Fargate
Connect to it via SSH

🏢 Step 1: Build the Docker Image

We start by creating a Dockerfile that installs Python and an SSH server on an Ubuntu base image:

FROM ubuntu:22.04
# Install Python and OpenSSH
RUN apt-get update && \
    apt-get install -y python3 openssh-server && \
    apt-get clean
# Prepare SSH
RUN mkdir /var/run/sshd && \
    sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin without-password/' /etc/ssh/sshd_config && \
    mkdir -p /root/.ssh && chmod 700 /root/.ssh
# Set working directory
WORKDIR /app
# Add content for web server
RUN echo "Hello World" > index.html
# Expose necessary ports
EXPOSE 80 22
# Start SSH and HTTP servers
CMD echo "$SSH_PUBLIC_KEY"

Build it locally:

🍎 Note for Apple Silicon Users

If you’re building the image on an ARM-based machine (like a Mac with Apple Silicon), you can choose ARM architecture when deploying to ECS.

However, if you want to deploy your image to an x86 (amd64) environment, you must explicitly specify the platform during the build process:

⚠️ Be aware that images built for amd64 may not run locally on ARM machines unless you’re using emulation. You might encounter errors like exec format error if you try to run them directly.

📤 Step 2: Pushing the Docker Image to Amazon ECR

Now that your Docker image is built and working locally, let’s upload it to Amazon Elastic Container Registry (ECR). This will allow us to later deploy it on AWS Fargate.

🛠 Create a Private Repository

First, create a private repository in the AWS Console.
Go to Amazon ECR → Private Registry → Create repository, give it a name (e.g., ssh-demo-repo), keep the default settings, and hit Create.

🔐 Authenticate Docker with ECR

Use the following command to authenticate your Docker client with ECR:

aws ecr get-login-password --region eu-central-1 | docker login --username AWS --password-stdin <your-account-id>

Replace <your-account-id> with your actual AWS Account ID.

🏷️ Tag the Existing Image

Since your Docker image is already built, you just need to tag it with your ECR repository URI:

docker tag ubuntu-hello-ssh:latest <your-account-id>

🚀 Push the Image to ECR

Push the image using:

docker push <your-account-id>

Once pushed, your image will appear in the ECR console.

🚀 Step 3: Create an ECS ClusterCreate a new cluster in the Amazon ECS Console:

Name: ssh-demo-cluster
Infrastructure: AWS Fargate (serverless)

📊 Step 4: Define the Task DefinitionIn the ECS Console:

Go to Task Definitions
Click Create new task definition with JSON

{
  "family": "ssh-demo-task",
  "networkMode": "awsvpc",
  "requiresCompatibilities": ["FARGATE"],
  "cpu": "256",
  "memory": "512",
  "containerDefinitions": [
    {
      "name": "ssh-demo-container",
      "image": "<your-account-id>.dkr.ecr.eu-central-1.amazonaws.com/ssh-demo-repo:latest",
      "portMappings": [
        {
          "containerPort": 80,
          "protocol": "tcp"
        },
        {
          "containerPort": 22,
          "protocol": "tcp"
        }
      ],
      "environment": [
        {
          "name": "SSH_PUBLIC_KEY",
          "value": "ssh-rsa AAAAB3...your-public-key-here... user@host"
        }
      ],
      "essential": true
    }
  ],
  "executionRoleArn": "arn:aws:iam::<your-account-id>:role/ecsTaskExecutionRole"

Replace <your-account-id> and the SSH_PUBLIC_KEY value with your own.

🔐 For production environments, replace the environment block with secrets to inject sensitive variables securely via AWS Secrets Manager.

🌐 Step 5: Create a Fargate Service

Go to your ECS Cluster, click Services → Create, then:

Launch type: Fargate
Task definition: ssh-demo-task
Service name: ssh-demo-container
Number of tasks: 1

Configure networking:

Select a public subnet
Enable public IP assignment
Use a security group allowing ports 80 and 22 (SSH only from your IP)

🛡️ Step 6: Connect via SSH

Once the task is running:Go to Tasks → ENI → Public IPSSH into your container:You should be inside your Fargate-hosted Ubuntu container!

🔒 Bonus: Use AWS Secrets Manager for Key Injection

Instead of passing your key as an environment variable, use a more secure method:

Store it in AWS Secrets Manager:
Reference it in your Task Definition JSON:

"secrets": [  {    "name": "SSH_PUBLIC_KEY",    "valueFrom": "arn:aws:secretsmanager:eu-central-1:<your-account-id>:secret:ssh-public-key-xxxxxx"

This keeps your secrets encrypted and never exposed in plaintext.

🌟 Summary

✅ Built a Docker image with SSH and Python
✅ Pushed it to Amazon ECR
✅ Deployed it using ECS Fargate
✅ Connected to it securely via SSH
✅ Explored secure ways to inject credentials

Check out our medium page: Clerion Medium

SSH into a Docker Container on AWS Fargate

Introduction

🏢 Step 1: Build the Docker Image

🍎 Note for Apple Silicon Users

📤 Step 2: Pushing the Docker Image to Amazon ECR

🛠 Create a Private Repository

🔐 Authenticate Docker with ECR

🏷️ Tag the Existing Image

🚀 Push the Image to ECR

🚀 Step 3: Create an ECS ClusterCreate a new cluster in the Amazon ECS Console:

📊 Step 4: Define the Task DefinitionIn the ECS Console:

🌐 Step 5: Create a Fargate Service

🛡️ Step 6: Connect via SSH

🔒 Bonus: Use AWS Secrets Manager for Key Injection

🌟 Summary

Start Your Cloud Journey Today

Start Your Cloud Journey Today

Start Your Cloud Journey Today

Start Your Cloud Journey Today