https://dev.to/aws-builders/how-to-run-a-shell-on-ecs-fargate-containers-eo1
Install session manager plugin locally
NOTE: It looks like the task default policy ALSO needs the ssm permissions as well. This CDK construct appears to copy those in; pulumi or other providers may not do the same.
Be sure that exec-command is set in the service definition. Via CDK: