Deploy Docker Image with AWS ECS (Part 2)
In Part 1 we uploaded a Docker image to AWS ECR. In this post, we will complete building the ECS Cluster and deploy the container image onto the cluster.
Note: The lab I worked on was recreated. The container image was renamed from webfront to testweb.
Before we start, you need to understand some ECS basic concepts.
A task definition describes one or more containers, their relationships, how they should be launched etc. It’s basically a JSON file contains the configuration details of the container(s).
A task is the instantiation of a task definition. They are created based on the task definitions you provided.
In short, the service or service scheduler controls the tasks running across the ECS cluster.
Cluster is the mothership of those tasks. It hosts the containers launched from the tasks.
By now, AWS ECS offers two types of ECS Cluster: Fargate and EC2. With Fargate, AWS manages the cluster resources for you. With EC2, ECS provisions EC2 instances based on your specification and you are in charge of maintaining those EC2 instances. Those EC2 instances are “Container Instances” as they are the ones host containers.
For a EC2 ECS cluster, container agent runs on each Container Instance. It is the key component that controls ECS tasks and resource utilization.
To learn more about ECS basic concepts, you can refer to this AWS document.
1. Create Task Definition
The first step we take is to create a new Task Definition.
Choose EC2 as the launch type.
Name the Task Definition as testweb-task.
Leave Network Mode as <default>, which will be Bridged for Linux instance.
Set Task size as below.
Click Add container to add the container image from ECR.
Name the container as testweb.
Under Image, put in the ECR repo URL with tag, below is an example.
For memory limits, set hard limit as “512” and soft limit as “256”.
Set Port mappings as 80 to 80 tcp.
Click Add to add the container configuration.
Click Create to create the Task Definition.
The Task Definition can also be created with JSON. Below is the code.
2. Create ECS Cluster
Under Amazon ECS click Clusters and click Create Cluster.
Select EC2 Linux + Networking and click Next step.
Name the cluster. I named it as testweb-clu, which is a bad name, you never want to name your cluster with a single image name, as the container suppose to present a micro service of your application.
Choose the EC2 instance type. For testing we will use t2.micro and 1 for Number of instances. Select a keypair so we can log into the Container Instances for some troubleshooting if needed.
Under Networking, Create a new VPC, along with two new subnets.
Create a new security group and add rule to allow public access to TCP port 80.
To allow the EC2 Container Instance to access ECS, we ill need to assign an IAM role to it. The IAM role contains 2 Amazon policies.
Click Create to create the Cluster. Interestingly, you can see the cluster provision is actually done through a CloudFormation template.
From the CloudFormation stack details, we can see all the script did was to provision a Launch Configuration and a AutoScaling Group.
Here is the CloudFormation Template code.
Here is the parameters for the template
UserData: #!/bin/bash echo ECS_CLUSTER=testweb-clu >> /etc/ecs/ecs.config;echo ECS_BACKEND_HOST= >> /etc/ecs/ecs.config;
3. Create Service
Back in ECS, click the Cluster name.
Under Services tab, click Create.
Choose EC2 as the Launch Type, select the Task Definition we created in step1, select the cluster we created in step 2. Set Number of tasks to 1.
Use AZ Balanced Spread for Task Placement.
Leave everything unchanged in Configure network.
Leave AutoScaling as “Do not adjust…”.
Click Create Service to create the service.
Once the service is successfully created, The cluster will then start to provision the Container Instance and deploy the container image onto it. This process does seem to take time. In my case, it took around 55 minutes for the container to be started! So you definitely want to warm up your cluster in production.
Under Tasks, you should see a running task there.
Go to EC2 and find the public IP of the Container Instance.
In browser, type http://publicIP and you should see the boring but exciting Hello World message!
In case you run into any issues, like the task refuse to launch, one place to look is the ECS Agent log on the Container Instance. The log can be found at /var/logs.