The AWS ECS Environment
To run containers there must be an ECS cluster that is built up from EC2 instances. There are some components needed for this:
- the ECS cluster itself,
- compute instances that are joined into the cluster as docker hosts,
- the task definition that defines how to start the containers.
Some additional things have to be in place for this to work:
- a VPC with network,
- a loadbalancer.
All code examples to provision these components can be found at this github repository.
The ECS cluster relies on the ECS agent that runs on the compute instances as a container. The agent connects the compute instance to the ECS cluster and schedules everything.
The base layer of our setup consists of ordinary EC2 instances. On selecting the AMI there are two options: either use a Linux basis AMI (e.g. Ubuntu) and build the host from scratch or use an ECS-optimized AMI from amazon (e.g ami-10e6c8fb). These ECS-optimized images come with all the necessary stuff such as an adequate Docker version, the ECS agent and separate volumes so Docker images will be kept apart from the root partition.
All components can be seen in the big picture:
Spinning up containers on top of ECS
Let us assume we want to start an nginx container right on top of this. First we create an ECS service and add a task description. The task definition is for the docker daemon, the ECS service handles the scheduler settings.
The ECS service encapsulates settings such as the number of tasks, how to spread tasks across the cluster and interconnection to the loadbalancer. In the task we define the container we want to run.
In order to make this nginx container accessible for the outside world we use AWS loadbalancing:
- create a lb target group
- register the ECS service within this target group
- add this target group to a listener
ECS itself is easy to use—no hidden trapdoors, no deep-dive into container technologies whatsoever. Nevertheless, there are some components that need to be there to get a production-ready solution:
- AWS VPC including networks
- AWS EC2 instance with ECS Agent
- AWS Loadbalancer with a listener and a target group
- AWS IAM roles
- Proper security groups for the interconnection in the VPC
- AWS ECS cluster
- AWS ECS service