Using ECS ​​to run Docker containers on AWS-part 1

You can download this article in PDF format via the link below to support us.
Download the guide in PDF formatturn off

This article is part 1 of part 4 of the guide to running Docker containers on AWS ECS. ECS stands for Elastic Container Service. It is a managed container service that can run docker containers. Although AWS also provides container management through Kubernetes (EKS), it also has its own proprietary solution (ECS). The guide will cover:

  • Create an ECS cluster.
  • Set up the image registry (ECR) and push the docker image to the registry.
  • Use task and service definitions to deploy containers to the cluster.
  • Create a pipeline to update the services running on the ECS cluster.

This guide will introduce how to create an ECS cluster.

Requirements/prerequisites

Before continuing to read this guide, the reader/user must have:

  • An AWS account.
  • A user is created on the account, and the user has permission to provision resources on the account.
  • An EC2 SSH key pair is generated.
  • Created a VPC and subnet (optional).

Guidelines for creating VPC and subnets (AWS network architecture) can be found on the link below:

  • Create AWS VPC with CloudFormation

Create AWS ECS cluster

We can create two types of ECS clusters.

  • ECS with Fargate cluster: This is a cluster that allows users to run containers without worrying about provisioning and managing EC2 instances/servers. It is basically a serverless architecture.
  • ECS with EC2 instance cluster: The cluster allows users to run containers on pre-configured EC2 instances. Therefore, a management server is required.

Use the Fargate option to create an AWS ECS cluster

To create a cluster, we can use CloudFormation or Terraform to do it manually or automatically. For this article, I will use CloudFormation to manually create a cluster.

CloudFormation:

The following CloudFormation template creates an ECS cluster with a capacity provider and enables Fargate and Container Insights. Readers should modify the template settings to customize their specific requirements. The key aspects of the changes will be:

  • label.
  • Cluster settings.
AWSTemplateFormatVersion: "2010-09-09"
Description: "Create ECS fargate cluster"
Parameters:
    Name:
        Type: String
        Description: The name of the ECS Cluster

Resources:
    ECSCluster:
        Type: 'AWS::ECS::Cluster'
        Properties:
           ClusterName: !Ref Name
           ClusterSettings:
             - Name: containerInsights
               Value: enabled
           CapacityProviders:
             - FARGATE
           Tags: 
              - 
                Key: "Name"
                Value: "test-ecs"
              - 
                Key: "CreatedBy"
                Value: "Maureen Barasa"
              - 
                Key: "Environment"
                Value: "test"

Outputs:        
    ECS:
        Description: The created ECS Cluster
        Value: !Ref ECSCluster

Manual:

To manually create a cluster, perform the following steps.

On the Elastic Container Services console, click Create Cluster.Create a cluster

Then, for the cluster template, select Powered by Fargate as an option. Click Next.Using ECS ​​to run Docker containers on AWS-part 1Choose a cluster template (supported by Fargate)

Finally, configure the cluster settings and click Create Cluster. N/B: You can create a new VPC for the cluster. But this is optional. Using ECS ​​to run Docker containers on AWS-part 1Configure cluster settings

Now your ECS Fargate cluster is running.

Create AWS ECS cluster with EC2 option

We can also use CloudFormation, Terraform or do this manually.

CloudFormation:

For CloudFormation, please use the following template.

AWSTemplateFormatVersion: "2010-09-09"
Description: "Create ECS fargate cluster"

Parameters:
    Name:
        Type: String
        Description: The name of the ECS Cluster

    VPC:
        Type: String
        Description: The vpc to launch the service
        Default: vpc-ID

    PrivateSubnet01:
        Type: String
        Description: The subnet where to launch the ecs instances
        Default: subnet-ID

    PrivateSubnet02:
        Type: String
        Description: The subnet where to launch the ecs instances
        Default: subnet-ID

    InstanceType:
        Type: String
        Description: The EC2 instance type
        Default: "t2.micro"

    MinSize:
        Type: String
        Description: The subnet where to launch the ec2
        Default: 1

    MaxSize:
        Type: String
        Description: The subnet where to launch the ec2
        Default: 2

    DesiredSize:
        Type: String
        Description: The subnet where to launch the ec2
        Default: 1

Resources:
    IAMInstanceRole:
        Type: 'AWS::IAM::Role'
        Properties:
          Description: The ECS Instance Role
          RoleName: ecsInstanceRole2
          AssumeRolePolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Principal:
                  Service:
                  - ec2.amazonaws.com
                Action:
                  - 'sts:AssumeRole'
          ManagedPolicyArns:
            - arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role
            - arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy
            - arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess
          Tags: 
            - 
              Key: "Environment"
              Value: "test"
            - 
              Key: "createdBy"
              Value: "Maureen Barasa"
            - 
              Key: "Name"
              Value: "ecsInstanceRole2"

    IAMInstanceProfile:
        Type: AWS::IAM::InstanceProfile
        Properties: 
            InstanceProfileName: ecsInstanceRole2
            Roles: 
             - !Ref IAMInstanceRole

    ECSSecurityGroup:
        Type: "AWS::EC2::SecurityGroup"
        Properties:
            GroupDescription: "Security Group to control access to the ECS cluster"
            GroupName: "test-ECS-SG"
            VpcId: !Ref VPC
            SecurityGroupIngress: 
              - 
                CidrIp: 0.0.0.0/0
                FromPort: 80
                IpProtocol: "tcp"
                ToPort: 80
              - 
                CidrIp: 0.0.0.0/0
                FromPort: 443
                IpProtocol: "tcp"
                ToPort: 443 
            Tags: 
              - 
                Key: "Name"
                Value: "test-ECS-SG"
              - 
                Key: "CreatedBy"
                Value: "Maureen Barasa"
              - 
                Key: "Environment"
                Value: "test"        

    ECSCluster:
        Type: 'AWS::ECS::Cluster'
        Properties:
           ClusterName: !Ref Name
           ClusterSettings:
             - Name: containerInsights
               Value: enabled
           Tags: 
              - 
                Key: "Name"
                Value: "test-ecs"
              - 
                Key: "CreatedBy"
                Value: "Maureen Barasa"
              - 
                Key: "Environment"
                Value: "test"

    ECSAutoScalingGroup:
        Type: AWS::AutoScaling::AutoScalingGroup
        Properties:
            VPCZoneIdentifier: 
              - !Ref PrivateSubnet01
              - !Ref PrivateSubnet02
            LaunchConfigurationName: !Ref LaunchConfiguration
            MinSize: !Ref MinSize
            MaxSize: !Ref MaxSize
            DesiredCapacity: !Ref DesiredSize
            HealthCheckGracePeriod: 300
            Tags: 
              - 
                Key: "Name"
                Value: "test-ecs"
                PropagateAtLaunch: true
              - 
                Key: "CreatedBy"
                Value: "MaureenBarasa"
                PropagateAtLaunch: true
              - 
                Key: "Environment"
                Value: "test"
                PropagateAtLaunch: true

    LaunchConfiguration:
        Type: AWS::AutoScaling::LaunchConfiguration
        Properties:
            ImageId: "ami-ID"
            SecurityGroups: 
              - !Ref ECSSecurityGroup
            InstanceType: !Ref InstanceType
            IamInstanceProfile: !Ref IAMInstanceProfile
            KeyName: "test-key"
            UserData:
              Fn::Base64: !Sub |
                #!/bin/bash
                echo ECS_CLUSTER=test-ecs >> /etc/ecs/ecs.config;echo ECS_BACKEND_HOST= >> /etc/ecs/ecs.config;
            BlockDeviceMappings: 
              - 
                DeviceName: "/dev/xvda"
                Ebs: 
                    Encrypted: false
                    VolumeSize: 20
                    VolumeType: "gp2"
                    DeleteOnTermination: true
            
            
Outputs:
    IAMProfile:
        Description: The created EC2 Instance Role
        Value: !Ref IAMInstanceProfile

    AutoScalingGroup:
        Description: The ECS Autoscaling Group
        Value: !Ref ECSAutoScalingGroup    

    ECS:
        Description: The created ECS Cluster
        Value: !Ref ECSCluster

In the parameter section of the template, enter the cluster-specific custom input. This includes:

  • VPC and subnet.
  • Instance type and expansion requirements of Auto Scaling group.

Under the resources section. Note the customization:

  • Resource name and label.
  • The key name of the EC2 startup configuration (use the generated key pair).
  • The AMI-ID of your EC2 instance. (Use the Amazon ECS optimized AMI on your account.)

After CloudFormation completes the execution stack, you should now have an ECS cluster with registered active EC2 container instances. as follows:Using ECS ​​to run Docker containers on AWS-part 1ECS cluster with container instances

Manual:

To manually create a cluster, perform the following steps:

Create an ECS instance role using the following AWS managed strategy:

  • AmazonS3ReadOnlyAccess
  • CloudWatchAgentServerPolicy
  • Amazon EC2ContainerServiceforEC2Role

Edit the role trust relationship and add the following JSON trust policy.

{
  "Version": "2008-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

Then, on the Elastic Container Service console, click Create Cluster. This time, on the Select Cluster Template window, instead of choosing Powered by Fargate, choose the EC2 Linux + Networking option. Click Next.Using ECS ​​to run Docker containers on AWS-part 1Choose a cluster template

Next, you need to configure the cluster. Regarding the cluster configuration, we have 3 main parts:

  • Cluster name
  • Example configuration
  • networking

Cluster name:Using ECS ​​to run Docker containers on AWS-part 1Cluster name

Example configuration:

Using ECS ​​to run Docker containers on AWS-part 1Example configuration

Make sure to select the correct instance configuration according to your requirements.

networking:Using ECS ​​to run Docker containers on AWS-part 1Network Configuration

Here, there is an option to create a new VPC. If the user has not created his own subnet, he can create a subnet. If they have already created the network architecture, the reader can use the existing settings. The same is true for cluster security groups. You can create a new one or choose an existing one.

Then, for the container instance IAM role, select the role you created above. Enable container insights by checking the box next to Enable container insights. Using ECS ​​to run Docker containers on AWS-part 1Configure IAM roles and container insights

Finally click to create a cluster. You will start the cluster and start running in a few minutes.

Below is a link to Part 2 of this series, where I discussed the use of “task and service definitions” to deploy containers into a cluster.

Run Docker container on AWS ECS-upload Docker image to ECR-part 2

label:

  • How to manually create an AWS ECS cluster
  • How to create an AWS ECS cluster using CloudFormation
  • How to use ECS to run Docker containers on AWS-part 1

More guidance on AWS:

Mount AWS EFS file system on EC2 instance

How to create an AWS EFS file system using CloudFormation

Happy Building! ! !

You can download this article in PDF format via the link below to support us.
Download the guide in PDF formatturn off

Sidebar