AWS ECS Fundamentals for Newbies: A Comprehensive Guide
Amazon Elastic Container Service (ECS) is a highly scalable container orchestration service that makes it easy to run, stop, and manage Docker containers on a cluster of virtual machines. Whether you're building a microservices architecture or just want to manage containerized applications, ECS offers a robust solution. This guide will introduce you to the basics of ECS, walk you through setting up your environment, and provide practical labs to help you get hands-on experience.
What is AWS ECS?
AWS ECS is a managed container service that enables you to run and manage Docker containers on a cluster of EC2 instances or with AWS Fargate, a serverless compute engine for containers. ECS handles the scheduling and running of containers, scaling, and load balancing, making it easier to deploy and manage applications in containers.
Why Use ECS?
- Managed Service: Simplifies the management of containerized applications.
- Scalability: Easily scale your applications up or down based on demand.
- Integration: Seamlessly integrates with other AWS services like IAM, CloudWatch, and ALB.
- Flexibility: Choose between managing your own EC2 instances or using Fargate for a serverless experience.
Getting Started with AWS ECS
1. Understanding ECS Components
- Cluster: A logical grouping of EC2 instances or Fargate tasks.
- Task Definition: A blueprint for your application specifying Docker images, CPU, memory, and other configurations.
- Service: Ensures that a specified number of task instances are running and provides load balancing.
- Task: A single running instance of a task definition.
2. Setting Up Your Environment
Before you start working with ECS, make sure you have:
- An AWS Account: Sign up if you don’t have one already.
- AWS CLI Installed: For interacting with AWS services from the command line.
- Docker Installed: To build and manage Docker containers.
Creating Your First ECS Application
1. Prepare a Docker Image
Create a simple Docker container image. For this example, we'll use a basic Nginx container.
- Create a Dockerfile
Create a directory named nginx-app and inside it, create a file named Dockerfile with the following content:
FROM nginx:latest
COPY index.html /usr/share/nginx/html/index.html
2. Create an index.html File
In the same directory, create a file named index.html with the following content:
<html>
<body>
<h1>Hello, ECS!</h1>
</body>
</html>
3. Build the Docker Image
Run the following command to build the Docker image:
docker build -t my-nginx-app .
4. Push the Docker Image to Amazon ECR
To push an image to ECR, we need to create the repo in the management console and then use the CLI commands to push the image to the registry.
- Create a Repository: Open the ECR console from the AWS management console and create a new repository named
my-nginx-app.
- Prepare the image and push it using the following 3 steps. Do this from the CLI.
- Tag the Image:
- replace
<account-id> with your account ID
- replace
<region> with your region
docker tag my-nginx-app:latest <account-id>.dkr.ecr.<region>.amazonaws.com/my-nginx-app:latest
-
- Authenticate Docker to ECR:
- replace
<account-id> with your account ID
- replace
<region> with your region
aws ecr get-login-password --region <region> | docker login --username AWS --password-stdin <account-id>.dkr.ecr.<region>.amazonaws.com
-
- Push the Image:
- replace
<account-id> with your account ID
- replace
<region> with your region
docker push <account-id>.dkr.ecr.<region>.amazonaws.com/my-nginx-app:latest
Alternatively, a more straightforward way is to get the commands from the ECR registry.
- Click on the image repo that you created earlier
- Click View push commands indicated in orange. The screen will look like below. You can just copy and paste the commands without making any changes:
Deploy the Image to ECS Cluster
- Create a Cluster
- Open the ECS console and click Create Cluster.
- Give it a name like devcluster
- Ensure AWS Fargate (serverless) is selected. (This is the default value)
- Click Create
- wait for the cluster to be ready
2. Create a Task Definition
- On the ECS navigation panel (to the left), click Task Definitions.
- Click Create new Task Definition.
- Give it a name like taskdefinition1
- Ensure AWS Fargate is selected
- Specify task details such as task role and task execution role. Leave the rest as default.
- Under Container-1, specify container definitions (use the image URL from ECR), and resource requirements.
Example container definition:
{
"name": "nginx",
"image": "<account-id>.dkr.ecr.<region>.amazonaws.com/my-nginx-app:latest",
"essential": true,
"memory": 512,
"cpu": 256,
}
Leave the rest as default and then click Create.
Wait for the service to be ready.
3. Create a Service
Note:
- To create a service, we need to create a load balancer.
- To create a load balancer, we need to create a target group
- Follow the steps below to create a Target Group and then an Application Load Balancer, and then connect the load balancer to the ECS Service.
Create a target group
Complete the following steps:
- Open the Amazon Elastic Compute Cloud (Amazon EC2) console.
- In the navigation pane, choose Target groups.
- Choose Create target group.
- For Choose a target type, choose Instances or IP addresses.
Important: If your service's task definition uses the awsvpc network mode for the AWS Fargate launch type, then you must choose IP addresses. Tasks that use awsvpc are associated with an elastic network interface, not an EC2 instance.
- For Target group name, enter a name.
- For Protocol : Port, choose a protocol and port combination.
- For VPC, choose the virtual private cloud (VPC) that you want to attach to your target group.
- (Optional) For Health checks, specify a health check protocol and path.
- Choose Next.
- On the Register targets page, choose Create target group.
Create an Application Load Balancer and associate your target group with it
Complete the following steps:
- Open the Amazon EC2 console.
- In the navigation pane, choose Load Balancers.
- Choose Create Load Balancer.
- On the Compare and select load balancer type page, under Application Load Balancer, choose Create.
- For Load balancer name, enter a name for your load balancer.
- For Network mapping, specify your VPC and Availability Zones or subnets.
Note: Choose subnets from at least two different Availability Zones.
- For Security groups, choose the security group that you want to associate with the load balancer.
- For Listeners and routing, choose a protocol and port. For Default action, select your target group.
- Choose Create load balancer.
Use the previous Application Load Balancer to create an Amazon ECS service
Complete the following steps:
- Open the Amazon Elastic Container Store (Amazon ECS) console.
- In the navigation pane, choose Clusters, and then select your cluster.
- In the Services section, choose Create.
- In the Environment section, choose a LaunchType or CapacityProvider strategy.
- In the Deployment configuration section, enter the following information:
For Application type, choose Service.
For Task definition, choose a task definition family and revision. If you don't have a task definition, then create one.
Important: To use a load balancer, you must use containerPort in your task definition.
For Service name, enter a service name.
For Desired tasks, enter the number of tasks.
- In the Load balancing section, enter the following information:
For Load balancer type, choose Application Load Balancer.
For Container, select the container in the task definition that you want to register as Target in the target group.
For Application Load Balancer, select Use an existing load balancer.
From the Load balancer dropdown list, select the your Application Load Balancer.
For Listener, select the Use an existing listener, and then choose the listener that you pointed to the target group.
For Target group, select the Use an existing target group.
For Target group name, choose your target group.
- Choose Create.
- Choose View Service, and then choose the Tasks tab.
- Choose the refresh icon, and then verify that your tasks are in the RUNNING state.
View your tasks registered in the target group
Complete the following steps:
- Open the Amazon EC2 console.
- Choose Target Groups, and then choose your target group.
- To view the registered targets in the target group, choose the Targets tab.
Practical Labs
Lab 1: Launch a Simple Web Application
- Follow the steps above to create an ECS Cluster, Task Definition, and Service using the Nginx Docker image.
- Verify Deployment: Check the ECS Console to see if your service is running and the desired number of tasks are active.
- Access Your Application: If you used an Application Load Balancer (ALB), find the ALB DNS name in the EC2 console and visit it in your browser to see your "Hello, ECS!" page.
Lab 2: Update and Roll Back Your Application
- Update the Docker Image
- Modify
index.html to display a new message.
- Rebuild and push the Docker image to ECR.
- Update the Task Definition
- Create a new revision of your task definition with the updated image.
- Update the ECS service to use the new task definition revision.
- Verify the Update: Check the application in your browser to see the new message.
- Rollback (if necessary): If something goes wrong, you can update the ECS service to use a previous revision of the task definition.
Conclusion
AWS ECS simplifies the deployment and management of containerized applications, offering flexibility and scalability. By understanding the core components of ECS and following practical labs, you can start building and managing containerized applications efficiently.
As you become more comfortable with ECS, explore advanced features such as service auto-scaling.
