ECS is the AWS Docker container service that handles the orchestration and provisioning of Docker containers. It is a newbie degree introduction to AWS ECS. I’ve seen some nightmare posts and a few glowing critiques in regards to the ECS service so I knew it was going to attention-grabbing to get my fingers soiled and see what ECS was all about.
First we have to cowl ECS terminology:
- Activity Definition — This a blueprint that describes how a docker container ought to launch. If you’re already aware of AWS, it is sort of a LaunchConfig besides as an alternative it’s for a docker container as an alternative of a occasion. It accommodates settings like uncovered port, docker picture, cpu shares, reminiscence requirement, command to run and environmental variables.
- Activity — It is a working container with the settings outlined within the Activity Definition. It may be regarded as an “instance” of a Activity Definition.
- Service — Defines lengthy working duties of the identical Activity Definition. This may be 1 working container or a number of working containers all utilizing the identical Activity Definition.
- Cluster — A logic group of EC2 cases. When an occasion launches the ecs-agent software program on the server registers the occasion to an ECS Cluster. That is simply configurable by setting the ECS_CLUSTER variable in /and so forth/ecs/ecs.config described right here.
- Container Occasion — That is simply an EC2 occasion that’s a part of an ECS Cluster and has docker and the ecs-agent working on it.
I keep in mind once I first obtained launched to the all of the phrases, I shortly obtained confused. AWS offers good detailed diagrams to assist clarify the phrases. Here’s a simplified diagram to assist visualize and clarify the phrases.
On this diagram you may see that there are 4 working Duties or Docker containers. They’re a part of an ECS Service. The Service and Duties span 2 Container Situations. The Container Situations are a part of a logical group known as an ECS Cluster.
I didn’t present a Activity Definition within the diagram as a result of a Activity is just an “instance” of Activity Definition.
On this tutorial instance I’ll create a small Sinatra net service that prints the which means of life: 42.
- Create ECS Cluster with 1 Container Occasion
- Create a Activity Definition
- Create an ELB and Goal Group to later affiliate with the ECS Service
- Create a Service that runs the Activity Definition
- Affirm Every part is Working
- Scale Up the Service to 4 Duties.
- Clear It All Up
The ECS First Run Wizard offered within the Getting Began with Amazon ECS documentation performs the same above with a CloudFormation template and ECS API calls. I’m doing it out step-by-step as a result of I imagine it higher helped me perceive the ECS elements.
1. Create ECS Cluster with 1 Container Occasion
Earlier than making a cluster, let’s create a safety group known as
my-ecs-sg that we’ll use.
aws ec2 create-security-group --group-name my-ecs-sg --description my-ecs-sg
Now create an ECS Cluster known as
my-cluster and the ec2 occasion that belongs to the ECS Cluster. Use the
my-ecs-sg safety group that was created. You may get the id of the safety group from the EC2 Console / Community & Safety / Safety Teams. You will need to choose a Key pair so you may ssh into the occasion later to confirm issues are working.
For the Networking VPC settings, I used the default VPC and all of the Subnets related to the account to maintain this tutorial easy. For the IAM Position use ecsInstanceRole. If ecsInstanceRole doesn’t but exist, create it per AWS docs. All of the my settings are offered within the screenshot. You will want to vary the settings in keeping with your individual account and default VPC and Subnets.
Wait a couple of minutes and the affirm that the Container Occasion has efficiently registered to the
my-cluster ECS cluster. You’ll be able to affirm it by clicking on the ECS Situations tab below Clusters / my-cluster.
2. Create a job definition that shall be blueprint to start out a Sinatra app
Earlier than creating the duty definition, discover a sinatra docker picture to make use of and check that it’s working. I’m utilizing the
$ docker run -d -p 4567:4567 --name hello tongueroo/sinatra
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6df556e1df02 tongueroo/sinatra "ruby hi.rb" 2 seconds in the past Up 1 seconds 0.0.0.0:4567->4567/tcp hello
$ curl localhost:4567 ; echo
$ docker cease hello ; docker rm hello
Above, I’ve began a container with the sinatra picture and curl localhost:4657. Port 4567 is the default port that sinatra listens on and it’s uncovered within the Dockerfile. It returns “42” as anticipated. Now that I’ve examined the sinatra picture and confirm that it really works, let’s create the duty definition. Create a
task-definition.json and add:
The duty definition can also be out there on GitHub: task-definition.json. To register the duty definition:
$ aws ecs register-task-definition --cli-input-json file://task-definition.json
Affirm that the duty definition efficiently registered with the ECS Console:
3. Create an ELB and Goal Group to later affiliate with the ECS Service
Now let’s create an ELB and a goal group with it. We’re creating an ELB as a result of we ultimately wish to load steadiness requests throughout a number of containers and in addition wish to expose the sinatra app to the web for testing. The best solution to create an ELB is with the EC2 Console.
Go the EC2 Console / Load Balancing / Load Balancers, click on “Create Load Balancer” and choose Utility Load Balancer.
Wizard Step 1 — Configure Load Balancer
- Title it
my-elband choose internet-facing.
- Use the default Listener with a HTTP protocol and Port 80.
- Below Availability Zone, selected a VPC and select the subnets you prefer to. I selected all 4 subnets within the default VPC identical to step 1. It is vitally essential to selected the identical subnets that was chosen whenever you created the cluster in step 1. If the subnets are usually not the identical the ELB well being test can fail and the containers will hold getting destroyed and recreated in an infinite loop if the occasion is launched in an AZ that the ELB is just not configured to see.
Wizard Step 2 — Configure Safety Settings
- There shall be a warning about utilizing a safe listener, however for the aim of this train we are able to skip utilizing SSL.
Wizard Step 3 — Configure Safety Teams
- Create a brand new safety group named
my-elb-sgand open up port 80 and supply 0.0.0.0/0 so something from the surface world can entry the ELB port 80.
Wizard Step 4 — Configure Routing
- Create a brand new goal group identify
my-target-groupwith port 80.
Wizard Step 5 — Register Targets
- This step is a little bit odd for ECS. We do really not register any targets right here as a result of ECS will routinely register the targets for us when new duties are launched. So merely skip and click on subsequent.
Wizard Step 6 — Overview
After we created the ELB with the wizard we opened it’s
my-elb-sg group port 80 to the world. We additionally must guarantee that the
my-ecs-sg safety group related to the occasion we launched in step 1 permits site visitors from the ELB. We created the
my-ecs-sg group in step 1 on the very starting of this tutorial. To permit all ELB site visitors to hit the container occasion run the next:
$ aws ec2 authorize-security-group-ingress --group-name my-ecs-sg --protocol tcp --port 1-65535 --source-group my-elb-sg
Affirm the principles had been added to the safety teams through the EC2 Console:
With these safety group guidelines, solely port 80 on the ELB is uncovered to the surface world and any site visitors from the ELB going to a container occasion with the
my-ecs-group group is allowed. This a pleasant easy setup.
4. Create a Service that runs the Activity Definition
The command to create the ECS service takes a couple of parameters so it’s simpler to make use of a json file because it’s enter. Let’s create a
ecs-service.json file with the next:
You’ll have to discover your targetGroupArn created in step 3 once we created the ELB. To seek out the targetGroupArn you may go to the EC2 Console / Load Balancing / Goal Teams and click on on the
Now create the ECS service:
$ aws ecs create-service --cli-input-json file://ecs-service.json
You’ll be able to affirm that the container is working on the ECS Console. Go to Clusters / my-cluster / my-service and think about the Duties tab.
5. Affirm Every part is Working
Affirm that the service is working correctly. You wish to be thorough about confirming that each one is working by checking a couple of issues.
my-target-group is exhibiting and sustaining wholesome targets. Below Load Balancing / Goal Teams, click on on
my-target-group and test the Targets tab. You need to see a Goal that’s reporting wholesome.
If the goal is just not wholesome, test these probably points:
- Examine that the
my-ecs-sgsafety group is permitting all site visitors from the
my-elb-sgsafety group. This was achieved in Step 4 with the
authorized-security-group-ingresscommand after you created the ELB.
- Examine that the safety teams for the ELB, in step 3, is about to the identical safety teams that you just use whenever you created the ECS Cluster and Container Occasion in step 1. Keep in mind the ELB can solely detect wholesome cases in AZs that it’s configure to make use of.
Let additionally ssh into the occasion and see the working docker course of is returning an excellent response. Below Clusters / ECS Situations, click on on the Container Occasion and seize the general public dns document so you may ssh into the occasion.
$ ssh [email protected]
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9e9a55399589 tongueroo/sinatra:newest "ruby hi.rb" 16 minutes in the past Up 16 minutes 8080/tcp, 0.0.0.0:32773->4567/tcp ecs-sinatra-hi-1-web-d8efaad38dd7c3c63a00
4fea55231363 amazon/amazon-ecs-agent:newest "/agent" 41 minutes in the past Up 41 minutes ecs-agent
$ curl 0.0.0.0:32773 ; echo
Above, I’ve verified that the docker container working on the occasion by curling the app and seeing a profitable response with the “42” textual content.
Lastly, let’s additionally confirm by hitting the exterior DNS deal with of the ELB. Yow will discover the DNS deal with within the EC2 Console below Load Balancing / Load Balancers and clicking on
Confirm the ELB publicly out there dns endpoint with curl:
$ curl my-elb-1693572386.us-east-1.elb.amazonaws.com ; echo
6. Scale Up the Service to 4 Duties
That is the simplest half. To scale up and add extra containers merely go to Clusters / my-cluster / my-service and click on on “Update Service”. You’ll be able to change “Number of tasks” from 1 to 4 there. After just a few moments you must see 4 working duties. That’s it!
7. Clear It All Up
It’s quickest to make use of the EC2 Console to delete the next assets:
- ECS Service:
- Safety group:
On this publish I lined the ECS terminology and went via a easy instance to create a sinatra app behind a ELB.
General, I feel that ECS is a fairly wonderful service and it has taken the trouble of managing docker orchestration and provisioning duty away.
Thanks for studying this far. If you happen to discovered this publish helpful, I’d actually recognize it should you suggest this publish (by clicking the clap button) so others can discover it too! Additionally, join with me on LinkedIn.
P.S. Be sure you be a part of the BoltOps publication to obtain free DevOps ideas and updates.