Module 4: Create an Amazon ECS Cluster
In this module, you will deploy a docker container into Amazon Elastic Container Service (ECS)
In previous modules, you created a Graviton2 Build Platform, created and published a Docker container into an Amazon ECR Repository. In this module, you’ll deploy the newly published container into Amazon Elastic Container Service (ECS).
What You Will Learn
- In this module you’ll learn how to create an Amazon ECS Cluster.
- You’ll be using EC2 Launch type, that allows us to choose the underlying EC2 instance type, which is Graviton2, and networking details in your cluster settings.
- Then you’ll create a Task Definition, where you choose the Launch type as EC2 and provide container details like image to use, CPU and memory requirements, and application specific details like port number, environment variables and configure Amazon CloudWatch for logs.
- This module will be using a resource constructs created via the AWS CloudFormation Stack, for example VPC, Subnets, Security Groups etc.
- You can always review these resources in the CloudFormation Stack Resources tab.
- Amazon ECS - Amazon Elastic Container Service (Amazon ECS) is the Amazon Web Service you use to run Docker applications on a scalable cluster.
- Task Definition - A task definition is like a blueprint for your application. Each time that you launch a task in Amazon ECS, you specify a task definition. For more information about task definitions, see Amazon ECS task definitions.
- Amazon ECS Cluster - An Amazon ECS cluster is a logical grouping of tasks, services, and container instances. When creating a cluster using the console, Amazon ECS creates a AWS CloudFormation stack that takes care of the Amazon EC2 instance creation, networking and IAM configuration for you. For more information about clusters, see Amazon ECS clusters.
Enable New ECS Experience
From the AWS Management Console go to Amazon Elastic Container Service, either via search function or from the Services drop down button, and looking under the category - Containers.
The screenshots in this section may look different for those using old ECS Experience, ensure that where applicable, in left hand navigation pane New ECS Experience is enabled. If navigation pane is not visible for some services, it may require clicking the hamburger button, to expand the navigation pane.
Create ECS Cluster
In this step, you’ll create a new ECS Cluster.
1. Click on Clusters menu in the navigation pane, and click on Create Cluster button.
2. In Step 1: Select cluster template, choose “EC2 Linux + Networking.....” option and click Next step button.
3. In Step 2 : Configure cluster, use following values for the specified labels, and leave the rest with default values.
- Cluster name: Graviton2ECSCluster
- EC2 Instance type: t4g.medium
- Number of instances: 1
4. In the Networking section, enter following values for the specified labels:
- VPC: select TargetVPC from the dropdown
- Subnets: select 2 private subnets TargetVPC-private-a-web and TargetVPC-private-b-web, one after another
- Security Group: select ECSServiceSG from the dropdown. You can click on the Security group selected to see the inbound and outbound rules
5. Leave rest of the settings as default, which means:
- Container instance IAM role: a new IAM role will be created which allows the instances provisioned to be able to access other AWS services
- Ensure the Enable Container Insights Checkbox is ticked.
6. Now click Create button, on the next screen it should show you the progress of the cluster being created. Once successful, click View Cluster to see the details.
At this stage, you have an ECS Cluster created, with private subnets, however you don’t have any service/tasks running. For that you need to create a Task Definition.
Create ECS Task Definition
1. Under the left hand side navigation pane on Amazon ECS page, you'll find an option for Task Definitions, click Create new Task Definition. This is the stage where you'll specify the details of the container to be deployed, CPU and memory requirements, for simplicity, you'll keep the changes to minimum. So leave the options default, unless specified.
2. In Step 1: Select launch type compatibility, Select EC2 for Launch type compatibility, hit Next step.
3. In Step 2: Configure task and container definitions, enter following values for the specified labels:
- Task Definition Name: Graviton2ECSTask
- Task Role: None
- Task execution IAM role: choose the role available in the dropdown - <CloudFormation-Stack-Name>-ECSTaskExecutionRole. If you used the name suggested in Module 1, it should start with ContainerizeDotNetOnECSGraviton2-ECSTaskExecutionRole. This allows tasks to pull container images and publish container logs to Amazon CloudWatch on your behalf, as well as enables it to read secrets from AWS Secrets manager
- Task memory (MiB): 512
- Task CPU (unit): 1024
It should look like below:
4. Next step is to define the container to be used. Click Add Container under Container Definitions. It should open a new window, and then enter following values for the specified labels:
- Container name: Graviton2Container
- Image: paste the IMAGE_REPO_URI, that you copied earlier from Cloud9 console, make sure it ends with the tag: latest, unless you used a specific tag. It should be <AWS_ACCOUNT_ID>.dkr.ecr.<AWS_REGION>.amazonaws.com/movie-app-repo:latest
- Port mapping: 0, 80 i.e. container to make port accessible for the underlying host port 80. Note: When you omit the Host Port (or set it to 0) while specifying a Container Port, your container automatically receives a port in the ephemeral port range for your container instance operating system and Docker version
5. Next you have to add environment variables for the container, to be able to access the Database instance, deployed by the CloudFormation template in Module 1.
Also refer the value of the key RDSSecretARN, you copied and pasted for later reference in the Module 1, You’ll need it now.
In the Environment Section section under Environment variables, Add following environment variables.
Note: Where applicable values end with double colon symbols "::".
Key Value/ValueFrom Value DBHOST ValueFrom <RDSSecretARN from CloudFormation Outputs>:host:: DBNAME ValueFrom <RDSSecretARN from CloudFormation Outputs>:dbname:: DBUSER ValueFrom <RDSSecretARN from CloudFormation Outputs>:username:: DBPASS ValueFrom <RDSSecretARN from CloudFormation Outputs>:password:: DBSSLMODE Value none
- Key: name of the env variable for your application, e.g. DBHOST
- Value/ValueFrom dropdown value: value for hard coded values, and ValueFrom for the values retrieved from AWS Systems manager Parameter Store/AWS Secrets Manager
- Value: this guide demonstrates using AWS Secrets manager to store database credentials securely, so the value will be in the format as arn:aws:secretsmanager:region:<aws_account_id>:secret:secret-name:json-key:version-stage:version-id specified by the ECS documentation here
6. Under STORAGE AND LOGGING section select checkbox for Log Configuration - Auto-configure CloudWatch Logs, as below:
Leave rest of the settings as is and press Add button at the bottom of the screen.
7. Back on the Task Definitions page, you should see the container definition, just created. Hit Create button to create the Task definition.
8. Click on Clusters on the left side navigation pane, and then click on Graviton2ECSCluster from the list of Clusters.
Review the Service and Tasks, and you’ll see no records. This means that although your Task Definition is complete, no Tasks are running yet, so in the next section you’ll create Amazon ECS Service, which will launch a Load balanced Amazon ECS Service and runs tasks using the task definition you created in this module.
Here is what your architecture looks like right now: