Aws - Elastic Container Service (Ecs)
About
Amazon Elastic Container Service (Amazon ECS) is a container orchestration service that supports Docker containers.
Articles Related
Concept
Task
A task in ECS is a set of container images that should be scheduled together. A task definition declares that set of containers and the resources and configuration those containers require. (ie how container image should be scheduled to the ECS cluster)
Configuration
Before using ECS, a service linked role must be created in IAM that grants the ECS service itself permissions to make ECS API requests.
This is required because when a service in ECS is created, the service will call APIs within your account to perform actions like:
- pulling Docker images,
- creating new tasks, etc.
aws iam create-service-linked-role --aws-service-name ecs.amazonaws.com
{
"Role": {
"Path": "/aws-service-role/ecs.amazonaws.com/",
"RoleName": "AWSServiceRoleForECS",
"RoleId": "AROARNNNEEOPS7SRUJ57",
"Arn": "arn:aws:iam::094473452225148:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS",
"CreateDate": "2019-04-10T10:49:50Z",
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"sts:AssumeRole"
],
"Effect": "Allow",
"Principal": {
"Service": [
"ecs.amazonaws.com"
]
}
}
]
}
}
}
Management
register-task-definition
with the cli
aws ecs register-task-definition --cli-input-json file://pathTo/task-definition.json
Example:
{
"family": "mythicalmysfitsservice",
"cpu": "256",
"memory": "512",
"networkMode": "awsvpc",
"requiresCompatibilities": [
"FARGATE"
],
"executionRoleArn": "REPLACE_ME_ECS_SERVICE_ROLE_ARN",
"taskRoleArn": "REPLACE_ME_ECS_TASK_ROLE_ARN",
"containerDefinitions": [
{
"name": "MythicalMysfits-Service",
"image": "REPLACE_ME_IMAGE_TAG_USED_IN_ECR_PUSH",
"portMappings": [
{
"containerPort": 8080,
"protocol": "http"
}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "mythicalmysfits-logs",
"awslogs-region": "REPLACE_ME_REGION",
"awslogs-stream-prefix": "awslogs-mythicalmysfits-service"
}
},
"essential": true
}
]
}