Getting Started with AWS

Deploy a .NET Web Application on Amazon ECS powered by Graviton2

Module 4: Create an Amazon ECS Cluster

In this module, you will deploy a docker container into Amazon Elastic Container Service (ECS)


In previous modules, you created a Graviton2 Build Platform, created and published a Docker container into an Amazon ECR Repository. In this module, you’ll deploy the newly published container into Amazon Elastic Container Service (ECS).

What You Will Learn

  • In this module you’ll learn how to create an Amazon ECS Cluster.
  • You’ll be using EC2 Launch type, that allows us to choose the underlying EC2 instance type, which is Graviton2, and networking details in your cluster settings.
  • Then you’ll create a Task Definition, where you choose the Launch type as EC2 and provide container details like image to use, CPU and memory requirements, and application specific details like port number, environment variables and configure Amazon CloudWatch for logs.
  • This module will be using a resource constructs created via the AWS CloudFormation Stack, for example VPC, Subnets, Security Groups etc.

Key Concepts

  • Amazon ECS - Amazon Elastic Container Service (Amazon ECS) is the Amazon Web Service you use to run Docker applications on a scalable cluster.
  • Task Definition - A task definition is like a blueprint for your application. Each time that you launch a task in Amazon ECS, you specify a task definition. For more information about task definitions, see Amazon ECS task definitions.
  • Amazon ECS Cluster - An Amazon ECS cluster is a logical grouping of tasks, services, and container instances. When creating a cluster using the console, Amazon ECS creates a AWS CloudFormation stack that takes care of the Amazon EC2 instance creation, networking and IAM configuration for you. For more information about clusters, see Amazon ECS clusters.

 Time to Complete

15 minutes

 Services Used


  • From the AWS Management Console go to Amazon Elastic Container Service, either via search function or from the Services drop down button, and looking under the category - Containers.

    The screenshots in this section may look different for those using old ECS Experience, ensure that where applicable, in left hand navigation pane New ECS Experience is enabled. If navigation pane is not visible for some services, it may require clicking the hamburger button, to expand the navigation pane.

    ECS new experience
  • In this step, you’ll create a new ECS Cluster. 

    1. Click on Clusters menu in the navigation pane, and click on Create Cluster button.

    2. In Step 1: Select cluster template, choose “EC2 Linux + Networking.....” option and click Next step button.

    ECS select cluster template

    3. In Step 2 : Configure cluster, use following values for the specified labels, and leave the rest with default values.

    • Cluster name: Graviton2ECSCluster
    • EC2 Instance type: t4g.medium
    • Number of instances: 1
    ECS configure cluster

    4. In the Networking section, enter following values for the specified labels:

    • VPC: select TargetVPC from the dropdown
    • Subnets: select 2 private subnets TargetVPC-private-a-web and TargetVPC-private-b-web, one after another
    • Security Group: select ECSServiceSG from the dropdown. You can click on the Security group selected to see the inbound and outbound rules
    ECS networking configurations

    5. Leave rest of the settings as default, which means:

    • Container instance IAM role: a new IAM role will be created which allows the instances provisioned to be able to access other AWS services
    • Ensure the Enable Container Insights Checkbox is ticked.
    ECS container instance IAM role

    6. Now click Create button, on the next screen it should show you the progress of the cluster being created. Once successful, click View Cluster to see the details.

    ECS view cluster

    At this stage, you have an ECS Cluster created, with private subnets, however you don’t have any service/tasks running. For that you need to create a Task Definition.

  • 1. Under the left hand side navigation pane on Amazon ECS page, you'll find an option for Task Definitions, click Create new Task Definition. This is the stage where you'll specify the details of the container to be deployed, CPU and memory requirements, for simplicity, you'll keep the changes to minimum. So leave the options default, unless specified.

    2. In Step 1: Select launch type compatibility, Select EC2 for Launch type compatibility, hit Next step.

    ECS select launch type compatibility

    3. In Step 2: Configure task and container definitions, enter following values for the specified labels:

    • Task Definition Name: Graviton2ECSTask
    • Task Role: None
    • Task execution IAM role: choose the role available in the dropdown - <CloudFormation-Stack-Name>-ECSTaskExecutionRole. If you used the name suggested in Module 1, it should start with ContainerizeDotNetOnECSGraviton2-ECSTaskExecutionRole. This allows tasks to pull container images and publish container logs to Amazon CloudWatch on your behalf, as well as enables it to read secrets from AWS Secrets manager
    • Task memory (MiB): 512
    • Task CPU (unit): 1024

    It should look like below:

    ECS configure task and container definitions

    4. Next step is to define the container to be used. Click Add Container under Container Definitions. It should open a new window, and then enter following values for the specified labels:

    • Container name: Graviton2Container
    • Image: paste the IMAGE_REPO_URI, that you copied earlier from Cloud9 console, make sure it ends with the tag: latest, unless you used a specific tag. It should be <AWS_ACCOUNT_ID>.dkr.ecr.<AWS_REGION>
    • Port mapping: 0, 80 i.e. container to make port accessible for the underlying host port 80. Note: When you omit the Host Port (or set it to 0) while specifying a Container Port, your container automatically receives a port in the ephemeral port range for your container instance operating system and Docker version
    ECS add container

    5. Next you have to add environment variables for the container, to be able to access the Database instance, deployed by the CloudFormation template in Module 1. 

    Also refer the value of the key RDSSecretARN, you copied and pasted for later reference in the Module 1, You’ll need it now.

    In the Environment Section section under Environment variables, Add following environment variables. 

    Note: Where applicable values end with double colon symbols "::".

    Key Value/ValueFrom Value
    DBHOST ValueFrom <RDSSecretARN from CloudFormation Outputs>:host::
    DBNAME ValueFrom <RDSSecretARN from CloudFormation Outputs>:dbname::
    DBUSER ValueFrom <RDSSecretARN from CloudFormation Outputs>:username::
    DBPASS ValueFrom <RDSSecretARN from CloudFormation Outputs>:password::
    DBSSLMODE Value none
    • Key: name of the env variable for your application, e.g. DBHOST
    • Value/ValueFrom dropdown value: value for hard coded values, and ValueFrom for the values retrieved from AWS Systems manager Parameter Store/AWS Secrets Manager
    • Value: this guide demonstrates using AWS Secrets manager to store database credentials securely, so the value will be in the format as arn:aws:secretsmanager:region:<aws_account_id>:secret:secret-name:json-key:version-stage:version-id specified by the ECS documentation here


    ECS add environment variables

    6. Under STORAGE AND LOGGING section select checkbox for Log Configuration - Auto-configure CloudWatch Logs, as below:

    ECS enable Auto-configure CloudWatch Logs

    Leave rest of the settings as is and press Add button at the bottom of the screen.

    7. Back on the Task Definitions page, you should see the container definition, just created. Hit Create button to create the Task definition.

    ECS create task definition

    8. Click on Clusters on the left side navigation pane, and then click on Graviton2ECSCluster from the list of Clusters.

    ECS review service

    Review the Service and Tasks, and you’ll see no records. This means that although your Task Definition is complete, no Tasks are running yet, so in the next section you’ll create Amazon ECS Service, which will launch a Load balanced Amazon ECS Service and runs tasks using the task definition you created in this module.

Application Architecture

Here is what your architecture looks like right now:

Architecture module 4


You now have created an Amazon ECS Cluster, Task definition, an empty Target Group and an Application Load Balancer that will be used to deploy the sample application in the next section.

Was this module helpful?

Deploy Application