An Introduction to the AWS EC2 Container Service:
Below is a quick introduction to the AWS EC2 Container Service. The most valuable part of this post may be the link to the CloudFormation stack that will build an EC2 Container Service Cluster and all associated resources. Creating this CloudFormation stack was the moment when I really understood ECS at a nuts and bolts level.
How I came to use ECS at all:
On November 13, 2014, Amazon released the “Amazon EC2 Container Service” – the news didn’t excite me much. Containerization, specifically Docker, was a hot technology but my own frustration with the industry’s lack of understanding of Docker’s benefits and costs coupled with the quality and thought behind Docker implementations I’d seen meant I had little interest in EC2 Container Service. My own clients were happy with Docker and didn’t require container packing or docker links – so there was no push to move to ECS or another container management software. I put ECS on the shelf to be revisited. The day when I would revisit ECS came about mid-June, when one of our developers needed to expose a port through an ELB “fronting” and Elastic Beanstalk Environment and also needed to publish multiple ports on each EC2 instance making up the Elastic Beanstalk Environment. Stated simply, the EC2 instances needed to expose port 8080 to a Load Balancer and the EC2 instances also needed to communicate with each other across an array of ports (specifically, we were running a tomcat7 hosted Java application that utilized Apache Ignite with a Replicated Cache).
Setting Up ECS:
My initial work with ECS was a challenge because of the ECS lexicon – “task definitions, tasks, services, container definitions” and the lack of maturity – AWS actually added CloudFormation support during my ECS prototyping. In any case, I’ll describe each of the resources that make up ECS, how they are used and how they relate to each other:
Clusters and Container Instances:
Clusters and Container Instances will make up the basis of your ECS Infrastructure. A quick diagram demonstrates the relationship between Clusters and Container Instances.
- Clusters are a group of Container Instances.
- Container instances run one or more containers
- Container instances must run the “ECS Container Agent” which will register with an ECS Cluster
- the “Container Agent” is really well thought out – for instance, you can set or pass values to the ECS Container Agent during install so that EC2 instances within an Auto Scaling Group are automatically registered with an ECS cluster
Task Definitions, Tasks and Services:
You’ll run your application by creating a Task Definition and then running the Task Definition across one or more Container Instances. I’ll explain the Task Definitions, Tasks and Services resources below.
A task definition contains three parts:
- Container Definitions – this is a list of one or more containers that make up a task. An example would be an nginx container running front-end code and an nginx container running back-end code. An example of two different “Task Definitions” is given below – one of these task definitions utilizing only one container, while a second, different task definition requires two different containers.
- Family – an arbitrary name for the task definition – if you iteratively modify your Task Definitions you can utilize the “Family” to keep these different versions.
- Volumes (optional) – a list of volumes that will be made available to the containers running within a given Container Instance.
- I have not needed to utilize Volumes as I’ve been able to clearly communicate or utilize other services to avoid the requirement for Block Storage.
A task is created when a “Task Definition” is run on a container instance. You can use one “Task Definition” to instantiate containers on multiple hosts – for instance, when you click on “Run new task” and select a task definition you’ll be asked how many “tasks” you want to run. If you have a task definition that contains two “Container Definitions” and you want to run 2 tasks, Amazon will place two containers on one of the Container Instances and two containers on the other Container Instance.
A service is a “superset” of a Task Definition. An example of a “Service” is shown below – note the addition of an Elastic Load Balancer.
When you create a service you define the following:
- the “Task Definition” used to determine which Tasks/Containers will be run
- a desired number of tasks
- a Load Balancer
In return for the bit of extra work, the service will:
- “run and maintain a specified number of tasks.” If you ask for 4 tasks when you instantiate a service, ECS you’ll always have 4 tasks running.
- utilize a Load Balancer for routing traffic to Container Instances instances that are running a given Container.
Services versus Tasks:
- if a task fails, ECS does not return the task to service
- when defining a “Task Definition” you are not allowed to define a Load Balancer
- if a task fails, ECS will return the task to service
- an example would include the loss of a Container Instance that drops the number of running tasks below the number of – when a new Container Instance is brought into the cluster a new task will be started
- when defining a “Service” you are optionally allowed to define a Load Balancer
Auto Scaling with ECS:
- In regards to the “Container Instances” as part of an Auto Scaling Group, here is a real world example of this benefit:
- terminate a Cluster Instance that is a member of an ECS Cluster and an Auto Scaling Group
- the Auto Scaling Group will bring a new EC2 Instance in service
- the new EC2 Instance’s user data contains instructions for configuring and installing the ECS Container Agent
- the ECS Container Agent registers the new EC2 Instance with the cluster
For those who prefer to “learn by doing” – if you navigate to my “Snippets” repository on GitHub you’ll notice the following file – this will create a working ECS Cluster running nginx and all other required resources. The link is here: https://github.com/colinbjohnson/snippets/tree/master/aws/ecs/ecs_introduction.
I’ll be covering some of the following in a future post:
- How to best utilize Security Groups when working with ECS?
- Note: it would seem obvious that Security Groups aren’t sufficient for securing Docker containers within ECS – maybe AWS is working on something?
- Best practices for building clusters – do you build one large cluster for all environments, do you build one cluster per environment?
- Does AWS / ECS distribute services/tasks across Availability Zones correctly?
- Can I utilize ECS to have an unequal number of containers – for instance, can I have a 2 to 1 relationship of front-end to back-end instances?
- Tuning resource usage of Containers.
- How are “tasks” within a service considered healthy?
- How to delete task definitions from AWS?