Light Introduction to How AWS ECS Works with Instance Tutorial | by Tung Nguyen | BoltOps

Tung Nguyen

ECS is the AWS Docker container service that handles the orchestration and provisioning of Docker containers. It is a newbie degree introduction to AWS ECS. I’ve seen some nightmare posts and a few glowing critiques in regards to the ECS service so I knew it was going to attention-grabbing to get my fingers soiled and see what ECS was all about.

First we have to cowl ECS terminology:

I keep in mind once I first obtained launched to the all of the phrases, I shortly obtained confused. AWS offers good detailed diagrams to assist clarify the phrases. Here’s a simplified diagram to assist visualize and clarify the phrases.

ECS Phrases

On this diagram you may see that there are 4 working Duties or Docker containers. They’re a part of an ECS Service. The Service and Duties span 2 Container Situations. The Container Situations are a part of a logical group known as an ECS Cluster.

I didn’t present a Activity Definition within the diagram as a result of a Activity is just an “instance” of Activity Definition.

On this tutorial instance I’ll create a small Sinatra net service that prints the which means of life: 42.

The ECS First Run Wizard offered within the Getting Began with Amazon ECS documentation performs the same above with a CloudFormation template and ECS API calls. I’m doing it out step-by-step as a result of I imagine it higher helped me perceive the ECS elements.

1. Create ECS Cluster with 1 Container Occasion

Earlier than making a cluster, let’s create a safety group known as my-ecs-sg that we’ll use.

aws ec2 create-security-group --group-name my-ecs-sg --description my-ecs-sg

Now create an ECS Cluster known as my-cluster and the ec2 occasion that belongs to the ECS Cluster. Use the my-ecs-sg safety group that was created. You may get the id of the safety group from the EC2 Console / Community & Safety / Safety Teams. You will need to choose a Key pair so you may ssh into the occasion later to confirm issues are working.

For the Networking VPC settings, I used the default VPC and all of the Subnets related to the account to maintain this tutorial easy. For the IAM Position use ecsInstanceRole. If ecsInstanceRole doesn’t but exist, create it per AWS docs. All of the my settings are offered within the screenshot. You will want to vary the settings in keeping with your individual account and default VPC and Subnets.

Wait a couple of minutes and the affirm that the Container Occasion has efficiently registered to the my-cluster ECS cluster. You’ll be able to affirm it by clicking on the ECS Situations tab below Clusters / my-cluster.

2. Create a job definition that shall be blueprint to start out a Sinatra app

Earlier than creating the duty definition, discover a sinatra docker picture to make use of and check that it’s working. I’m utilizing the tongueroo/sinatra picture.

$ docker run -d -p 4567:4567 --name hello tongueroo/sinatra
$ docker ps
6df556e1df02 tongueroo/sinatra "ruby hi.rb" 2 seconds in the past Up 1 seconds>4567/tcp hello
$ curl localhost:4567 ; echo
$ docker cease hello ; docker rm hello

Above, I’ve began a container with the sinatra picture and curl localhost:4657. Port 4567 is the default port that sinatra listens on and it’s uncovered within the Dockerfile. It returns “42” as anticipated. Now that I’ve examined the sinatra picture and confirm that it really works, let’s create the duty definition. Create a task-definition.json and add:

"family": "sinatra-hi",
"containerDefinitions": [
"name": "web",
"image": "tongueroo/sinatra:latest",
"cpu": 128,
"memoryReservation": 128,
"portMappings": [
"containerPort": 4567,
"protocol": "tcp"
"command": [
"ruby", "hi.rb"
"essential": true

The duty definition can also be out there on GitHub: task-definition.json. To register the duty definition:

$ aws ecs register-task-definition --cli-input-json file://task-definition.json

Affirm that the duty definition efficiently registered with the ECS Console:

3. Create an ELB and Goal Group to later affiliate with the ECS Service

Now let’s create an ELB and a goal group with it. We’re creating an ELB as a result of we ultimately wish to load steadiness requests throughout a number of containers and in addition wish to expose the sinatra app to the web for testing. The best solution to create an ELB is with the EC2 Console.

Go the EC2 Console / Load Balancing / Load Balancers, click on “Create Load Balancer” and choose Utility Load Balancer.

Wizard Step 1 — Configure Load Balancer

Wizard Step 2 — Configure Safety Settings

Wizard Step 3 — Configure Safety Teams

Wizard Step 4 — Configure Routing

Wizard Step 5 — Register Targets

Wizard Step 6 — Overview

After we created the ELB with the wizard we opened it’s my-elb-sg group port 80 to the world. We additionally must guarantee that the my-ecs-sg safety group related to the occasion we launched in step 1 permits site visitors from the ELB. We created the my-ecs-sg group in step 1 on the very starting of this tutorial. To permit all ELB site visitors to hit the container occasion run the next:

$ aws ec2 authorize-security-group-ingress --group-name my-ecs-sg --protocol tcp --port 1-65535 --source-group my-elb-sg

Affirm the principles had been added to the safety teams through the EC2 Console:

With these safety group guidelines, solely port 80 on the ELB is uncovered to the surface world and any site visitors from the ELB going to a container occasion with the my-ecs-group group is allowed. This a pleasant easy setup.

4. Create a Service that runs the Activity Definition

The command to create the ECS service takes a couple of parameters so it’s simpler to make use of a json file because it’s enter. Let’s create a ecs-service.json file with the next:

"cluster": "my-cluster",
"serviceName": "my-service",
"taskDefinition": "sinatra-hi",
"loadBalancers": [
"targetGroupArn": "FILL-IN-YOUR-TARGET-GROUP",
"containerName": "web",
"containerPort": 4567
"desiredCount": 1,
"role": "ecsServiceRole"

You’ll have to discover your targetGroupArn created in step 3 once we created the ELB. To seek out the targetGroupArn you may go to the EC2 Console / Load Balancing / Goal Teams and click on on the my-target-group.

Now create the ECS service: my-service.

$ aws ecs create-service --cli-input-json file://ecs-service.json

You’ll be able to affirm that the container is working on the ECS Console. Go to Clusters / my-cluster / my-service and think about the Duties tab.

5. Affirm Every part is Working

Affirm that the service is working correctly. You wish to be thorough about confirming that each one is working by checking a couple of issues.

Examine that my-target-group is exhibiting and sustaining wholesome targets. Below Load Balancing / Goal Teams, click on on my-target-group and test the Targets tab. You need to see a Goal that’s reporting wholesome.

If the goal is just not wholesome, test these probably points:

Let additionally ssh into the occasion and see the working docker course of is returning an excellent response. Below Clusters / ECS Situations, click on on the Container Occasion and seize the general public dns document so you may ssh into the occasion.

$ ssh [email protected]
$ docker ps
9e9a55399589 tongueroo/sinatra:newest "ruby hi.rb" 16 minutes in the past Up 16 minutes 8080/tcp,>4567/tcp ecs-sinatra-hi-1-web-d8efaad38dd7c3c63a00
4fea55231363 amazon/amazon-ecs-agent:newest "/agent" 41 minutes in the past Up 41 minutes ecs-agent
$ curl ; echo

Above, I’ve verified that the docker container working on the occasion by curling the app and seeing a profitable response with the “42” textual content.

Lastly, let’s additionally confirm by hitting the exterior DNS deal with of the ELB. Yow will discover the DNS deal with within the EC2 Console below Load Balancing / Load Balancers and clicking on my-elb.

Confirm the ELB publicly out there dns endpoint with curl:

$ curl ; echo

6. Scale Up the Service to 4 Duties

That is the simplest half. To scale up and add extra containers merely go to Clusters / my-cluster / my-service and click on on “Update Service”. You’ll be able to change “Number of tasks” from 1 to 4 there. After just a few moments you must see 4 working duties. That’s it!

7. Clear It All Up

It’s quickest to make use of the EC2 Console to delete the next assets:

On this publish I lined the ECS terminology and went via a easy instance to create a sinatra app behind a ELB.

General, I feel that ECS is a fairly wonderful service and it has taken the trouble of managing docker orchestration and provisioning duty away.

Thanks for studying this far. If you happen to discovered this publish helpful, I’d actually recognize it should you suggest this publish (by clicking the clap button) so others can discover it too! Additionally, join with me on LinkedIn.

P.S. Be sure you be a part of the BoltOps publication to obtain free DevOps ideas and updates.

Leave a Reply

Your email address will not be published. Required fields are marked *