Description of the Amazon Elastic Container Service (ECS) and how it can be used in conjunction with other AWS service to create a continuous delivery (CD) environment.
Andrew Dixon
Work for a digital agency call mso founded in 1997 and I’ve worked there since 2000
Technical Director
We work across multiple sector, but for the last 5 years or so are main focus has been education.
Going to explain AWS’s Docker service and associated services that allow you to create a CI environment on AWS using Docker for your application.
Going to explain AWS’s Docker service and associated services that allow you to create a CD environment on AWS using Docker for your application.
Your ECS cluster will need one or more EC2 instances on which to run your containers.
Amazon ECS container agent
Amazon ECS container agent
The agents needs to be running on EC2 instance that are in the cluster
Use the Amazon EC2 ECS AMI
Use the Amazon EC2 ECS AMI
It is pre-configured and you don’t need to worry about setting anything up
Updating the agent can be done directly either via the AWS console or API
A task is a running instance of a container
The task definition is the parameters used to start the container
For example, the image to use, CPU and memory for the container, networking modes, port mappings, environment variables, etc...
Services run and maintain a specified number of instances of a task definition simultaneously in an Amazon ECS cluster
If any tasks should fail or stop for any reason, the Amazon ECS service scheduler launches another instance of your task to replace it
Services maintain a desired count of tasks
The basic component of ECS is a cluster.
Within a cluster you have services, tasks and (optionally) EC2 instances
Auto-scaling for ECS is in two types
Auto scaling of the EC2 instance in your cluster can be done automatically based on a variety of metric and monitoring types.
Auto-scaling is set up at the service level and scales the number of tasks within that service that are maintained.
You set a minimum, desired and maximum number of tasks to run.
You can use certain metrics to scale the service up and down automatically as required.
You can also manually scale both the EC2 instances and tasks in the cluster manually either via the AWS Console or API
ECR is a part of ECS and is a repository for your containers that are used with the ECS service.
For people who know Docker Hub, is it similar to that.
Images are tagged and lifecycle policies can be implemented to make sure only a certain number of images are kept.
AWS’s Git repository storage solution, like Github or BitBucket.
CodeCommit emits events to CloudWatch when changes, e.g. a push to a repo occurs.
Can then be used to trigger another AWS service to do something, e.g. CodePipeline to start a build and deploy process.
AWS’s build solution, like Travis
In this case, it is used to build the Docker Image from a Git repo.
Can be used to test the resulting image as well.
Build process can use the AWS CodeBuild managed image or a custom docker image to run the build.
Your buildspec is a YAML file in your project
AWS CodePipeline manages the build and deployment process using other AWS services
It can be run manually or triggered automatically using CloudWatch Events, monitoring another resource, in most case a CodeCommit repository.
Stages - source, build, staging
Source can be CodeCommit, S3 or Github
Build can be CodeBuild, Solano CI or a Jenkins server
Staging can be AWS Service Catalog, AWS Elastic Beanstalk, AWS CodeDeploy, AWS CloudFormation and of course AWS ECS
For ECS, tell it the cluster and service you want to deploy this build to and it will deploy it
AWS has some services to help with runtime, as your container needs to be disposable, e.g. you can’t store anything directly on the container that needs to persist, like data, object, etc…
One of AWS’s most recognised services, S3 allows you store objects (files) in buckets and access them whenever you need.
Objects can also be served directly from S3 via HTTPS.
This is AWS’s fully managed database service, supporting a range of database engines, including MS SQL, Oracle, PostgreSQL, MySQL, MariaDB and Amazon Aurora.
DynamoDB is AWS’s NoSQL service.
This is AWS’s fully managed caching service, either memcached or redis
Used to store secrets required by either the build process and / or for running the container.
Can automatically rotate credentials for RDS.
Used to connect inbound traffic to the Docker containers running in ECS.
Terminates SSL traffic, so no need to manage SSLs on the containers.
Used to manage SSL certificates used by the ALB.
Can be either free certificates issued by Amazon or imported certificates from other providers.
A logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define.
So, all the previously mentioned services (except Secret Manager and Certificate Manager) can be placed within a VPC, isolating it from anything else on AWS.
ECS with Fargate is essentially the same, but you don’t have to manage the underlying EC2 instances.
It gives you the container as a fundamental compute primitive.
Priced based on vCPU and Memory, which can be configured independently.
From 0.25 to 4 vCPU
From 0.5GB to 30GB Memory
ECS managers your containers on AWS
Can be used with various other services to create a CD environment
AWS has all the tools and services you need in one place.
I have AWS Ninja stickers for anyone who wants one.