ECS
1. Introduction to Amazon ECS¶
Amazon Elastic Container Service (ECS) is a fully managed container orchestration service that allows you to run and manage Docker containers on a cluster of virtual machines or in a serverless environment using AWS Fargate.
Key Features:
-
Launch Types: Choose between EC2 (self-managed instances) and Fargate (serverless).
-
Integration: Seamlessly integrates with AWS services like IAM, CloudWatch, and ELB.
-
Scalability: Automatically scales your applications based on demand.
-
Security: Utilize IAM roles and security groups for fine-grained access control.
2. Prerequisites¶
Before you begin, ensure you have the following:
-
AWS Account: Active AWS account with appropriate permissions.
-
AWS CLI: Installed and configured with
aws configure. -
Docker: Installed and running on your local machine.
-
IAM Permissions: Access to create and manage ECS, ECR, EC2, and related resources.
3. Core Concepts¶
Understanding ECS's core components is crucial
┌────────────────────────┐
│ Cluster │
│ (Group of Services) │
└────────────┬───────────┘
│
┌──────────────▼──────────────┐
│ Service │
│ (Manages long-running │
│ Tasks & Scaling) │
└──────────────┬──────────────┘
│
┌──────────────▼──────────────┐
│ Task │
│ (Instance of Task Definition) │
└──────────────┬──────────────┘
│
┌────────────────────┴────────────────────┐
│ Task Definition │
│ (Blueprint for container behavior) │
└────────────────────┬────────────────────┘
│
┌──────────────▼──────────────┐
│ Container Definition │
│ (Specifies image, ports, etc.) │
└─────────────────────────────┘
-
Cluster: Logical grouping of tasks or services.
-
Task Definition: Blueprint describing how Docker containers should run.
-
Task: Instantiation of a task definition.
-
Service: Manages long-running tasks and maintains desired count.
-
Container Definition: Part of task definition specifying container configurations.
4. Setting Up ECS with Fargate¶
4.1. Create an ECR Repository¶
4.2. Build and Push Docker Image¶
# Authenticate Docker to ECR
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin <aws_account_id>.dkr.ecr.us-east-1.amazonaws.com
# Build Docker image
docker build -t my-app .
# Tag the image
docker tag my-app:latest <aws_account_id>.dkr.ecr.us-east-1.amazonaws.com/my-app:latest
# Push the image to ECR
docker push <aws_account_id>.dkr.ecr.us-east-1.amazonaws.com/my-app:latest
4.3. Create ECS Cluster¶
4.4. Define Task Definition¶
Create a task-definition.json file:
{
"family": "my-fargate-task",
"networkMode": "awsvpc",
"requiresCompatibilities": ["FARGATE"],
"cpu": "256",
"memory": "512",
"executionRoleArn": "arn:aws:iam::<aws_account_id>:role/ecsTaskExecutionRole",
"containerDefinitions": [
{
"name": "my-app",
"image": "<aws_account_id>.dkr.ecr.us-east-1.amazonaws.com/my-app:latest",
"portMappings": [
{
"containerPort": 80,
"protocol": "tcp"
}
]
}
]
}
Register the task definition:
4.5. Run the Service¶
aws ecs create-service \
--cluster my-fargate-cluster \
--service-name my-fargate-service \
--task-definition my-fargate-task \
--launch-type FARGATE \
--desired-count 1 \
--network-configuration 'awsvpcConfiguration={subnets=[subnet-xxxxxxxx],securityGroups=[sg-xxxxxxxx],assignPublicIp="ENABLED"}'
Replace subnet-xxxxxxxx and sg-xxxxxxxx with your subnet and security group IDs.
5. Setting Up ECS with EC2¶
5.1. Launch EC2 Instances¶
-
Launch EC2 instances with the Amazon ECS-optimized AMI.
-
Ensure instances are in the same VPC and subnet.
-
Install and configure the ECS agent if not using the optimized AMI.
5.2. Create ECS Cluster¶
5.3. Register EC2 Instances to Cluster¶
Ensure the ECS agent is configured to register the instance to your cluster by setting the ECS_CLUSTER variable in /etc/ecs/ecs.config:
Restart the ECS agent:
5.4. Define Task Definition¶
Create a task-definition-ec2.json file:
{
"family": "my-ec2-task",
"networkMode": "bridge",
"containerDefinitions": [
{
"name": "my-app",
"image": "<aws_account_id>.dkr.ecr.us-east-1.amazonaws.com/my-app:latest",
"memory": 512,
"cpu": 256,
"essential": true,
"portMappings": [
{
"containerPort": 80,
"hostPort": 80
}
]
}
]
}
Register the task definition:
5.5. Run the Service¶
aws ecs create-service \
--cluster my-ec2-cluster \
--service-name my-ec2-service \
--task-definition my-ec2-task \
--desired-count 1 \
--launch-type EC2
6. Advanced Configurations¶
6.1. Load Balancer Integration¶
-
Create an Application Load Balancer (ALB).
-
Configure target groups and listeners.
-
Update your ECS service to use the load balancer.
6.2. Auto Scaling¶
Set up auto scaling for your ECS service:
aws application-autoscaling register-scalable-target \
--service-namespace ecs \
--scalable-dimension ecs:service:DesiredCount \
--resource-id service/my-cluster/my-service \
--min-capacity 1 \
--max-capacity 10
Define scaling policies based on CloudWatch alarms.
6.3. Blue/Green Deployments¶
Utilize AWS CodeDeploy for blue/green deployments:
-
Create a deployment group.
-
Configure traffic shifting policies.
-
Integrate with your ECS service.
7. Monitoring and Logging¶
7.1. CloudWatch Logs¶
Enable logging in your task definition:
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/my-app",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "ecs"
}
}
7.2. CloudWatch Metrics¶
Monitor ECS metrics such as CPU and memory utilization:
-
Navigate to CloudWatch > Metrics > ECS.
-
Set up dashboards and alarms as needed.
8. Cleanup¶
To avoid incurring charges, clean up resources:
# Delete ECS service
aws ecs delete-service --cluster my-cluster --service my-service --force
# Delete ECS cluster
aws ecs delete-cluster --cluster my-cluster
# Delete ECR repository
aws ecr delete-repository --repository-name my-app --force
9. Best Practices¶
-
Use IAM Roles: Assign least privilege roles to ECS tasks.
-
Secure Networking: Place services in private subnets when possible.
-
Monitor Resources: Set up CloudWatch alarms for critical metrics.
-
Automate Deployments: Use CI/CD pipelines for consistent deployments.
-
Regularly Update Images: Keep container images up to date with security patches.