Deploy with AWS ECS

Deploying with AWS ECS requires provisioning AWS resources on which the service is run and configuring the service itself. These are abbreviated notes taken during my attempt to deploy three services with AWS ECS. Important to note these notes for EC2 and not Fargate.

AWS EC2 Provisioning

Auto Scaling Groups

Auto Scaling Groups are a group of EC2 instances that are scaled out and scaled in response to some events and according to scaling policies, if one is configured. The number of instances is controlled by three variables

Desired Capacity: The number of instances running when Auto Scaling Group is launched

Minimum Capacity: The minimum number of instances running. EC2 Auto Scaling will keep this number of instances regardless of what the scale in event indicated.

Maximum Capacity: The maximum number of instances running. EC2 Auto Scaling will keep this number of instances regardless of what the scale out event indicated.

Launch Templates

The template that AWS EC2 Auto Scaling uses to launch instances. For the instances to be usable the configuration parameters below must be assigned appropriately.

Amazon Machine Image (AMI): The image from which the AWS EC2 instance is launched. The AMI must be AWS ECS optimized, i.e. have the AWS ECS agent.

User Data: The script run when an AWS EC2 is launched. This script must register the name of the AWS ECS cluster to which the instance must belong. In the example below the instance will be resigtered with the cluster acme.

#!/bin/bash
echo ECS_CLUSTER=acme >> /etc/ecs/ecs.config

AWS ECS

Cluster

An ECS cluster is what provides the infrastructure on which the containers are deployed.Every AWS ECS resource is deployed in a cluster.

Tasks

A task is the lowest level of abstraction in AWS ECS, it is where containers are deployed.AWS ECS deploys a task according to parameters defined in a configuration file, called task definition.

The following parameters were important in deploying spaced reps

Container Definitions: An array of JSON documents in which one defines how Docker should run containers, it's effectively a list of dockerfiles.

Execution Role ARN: The Amazon Resource Number(ARN) of the role that Docker daemon and AWS ECS agent use to a deploy a container. Docker uses this role to pull the docker image and run a container while the AWS ECS agent uses it to send logs to CloudWatch.

There is an AWS managed policy, AmazonECSTaskExecutionRolePolicy, with permissions to read from ECR and write to CloudWatch, so it is a matter of attaching that policy to a role and use the ARN of that role.

Network Mode: The network mode that AWS ECS assigns to the network interface of the container.

AWS recommends awsvpc network mode, but in that mode container network interfaces are not assigned public IP addresses so the containers will not have access to the internet without a NAT gateway.

Services

An AWS ECS service is a group of tasks deployed using a given task definition. It is the abstraction that makes the tasks, and in turn the containers, scaleable.

Desired Tasks: The number of tasks to run.

Deployment Type: The service deployment type, either Rolling or Blue/Green.

The Rolling type has two sub configuration values, minimum running tasks % and maximum running tasks %. These values must be set such that there are enough resource for a deployment to be successful. For example a minimum running tasks % of 100 and maximum running tasks % of 150 requires that there are enough resources for 150% of number of tasks to be deployed.

While Blue/Green requires enough resources to deploy double the number of desired tasks to be run.

Network Configuration: The configuration assigned to the network interfaces of the containers launched. This is required only when the network mode in the task definition is set to awsvpc. For the other modes, the containers share the network interface of their host so the network configuration assigned to their hosts' interface applies to them.

Load Balancer: Load balancer to distribute traffic between containers

Capacity Provider: This is the abstraction that ensures the availability of the EC2 instances on which the tasks, i.e. containers, are deployed. It sends the scaling events to the auto scaling groups according to the needs of the AWS ECS service to which it is assigned.