Aws - Elastic Container Service (Ecs)

About

Amazon Elastic Container Service (Amazon ECS) is a container orchestration service that supports Docker containers.

Concept

Task

A task in ECS is a set of container images that should be scheduled together. A task definition declares that set of containers and the resources and configuration those containers require. (ie how container image should be scheduled to the ECS cluster)

Configuration

Before using ECS, a service linked role must be created in IAM that grants the ECS service itself permissions to make ECS API requests.

This is required because when a service in ECS is created, the service will call APIs within your account to perform actions like:

  • pulling Docker images,
  • creating new tasks, etc.
aws iam create-service-linked-role --aws-service-name ecs.amazonaws.com
{
    "Role": {
        "Path": "/aws-service-role/ecs.amazonaws.com/",
        "RoleName": "AWSServiceRoleForECS",
        "RoleId": "AROARNNNEEOPS7SRUJ57",
        "Arn": "arn:aws:iam::094473452225148:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS",
        "CreateDate": "2019-04-10T10:49:50Z",
        "AssumeRolePolicyDocument": {
            "Version": "2012-10-17",
            "Statement": [
                {
                    "Action": [
                        "sts:AssumeRole"
                    ],
                    "Effect": "Allow",
                    "Principal": {
                        "Service": [
                            "ecs.amazonaws.com"
                        ]
                    }
                }
            ]
        }
    }
}

Management

register-task-definition

with the cli

aws ecs register-task-definition --cli-input-json file://pathTo/task-definition.json

Example:

{
  "family": "mythicalmysfitsservice",
  "cpu": "256",
  "memory": "512",
  "networkMode": "awsvpc",
  "requiresCompatibilities": [
    "FARGATE"
  ],
  "executionRoleArn": "REPLACE_ME_ECS_SERVICE_ROLE_ARN",
  "taskRoleArn": "REPLACE_ME_ECS_TASK_ROLE_ARN",
  "containerDefinitions": [
    {
      "name": "MythicalMysfits-Service",
      "image": "REPLACE_ME_IMAGE_TAG_USED_IN_ECR_PUSH",
      "portMappings": [
        {
          "containerPort": 8080,
          "protocol": "http"
        }
      ],
      "logConfiguration": {
        "logDriver": "awslogs",
        "options": {
          "awslogs-group": "mythicalmysfits-logs",
          "awslogs-region": "REPLACE_ME_REGION",
          "awslogs-stream-prefix": "awslogs-mythicalmysfits-service"
        }
      },
      "essential": true
    }
  ]
}

Task Runner