How do i run a containers in ecs cluster?
-
This assumes you have followed: https://www.lightnetics.com/post/9404 first.
First a role has to be created to decide what ECS can do, a ECS Task Execution Role.
Create a file and put the following code into it. Filename: task_execution_role.json
{ "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": "ecs-tasks.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }Create the role from the file above.
$ aws iam --region us-east-1 create-role --role-name ecsExecutionRole --assume-role-policy-document file://task_execution_role.jsonAttach the task execution
$ aws iam --region us-east-1 attach-role-policy --role-name ecsExecutionRole --policy-arn arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicyCreate a security group. Using the vpc id from the ECS cluster creation.
$ aws ec2 create-security-group --group-name "wordpress" --description "Wordpress fronend" --vpc-id "VPC_ID"Allow port 80 in from anywhere on the security group, from anywhere only used here as example, restrict to your cidr range. Use the security group id from previous command.
$ aws ec2 authorize-security-group-ingress --group-id "sg-xxxxx" --protocol tcp --port 80 --cidr 0.0.0.0/0There are two things you need to run containers in ECS. A ECS parameter file and a docker compose file, only version 1 & 2 of docker compose file are support with ECS.
The ECS parameter file, ecs-param.yml, defines the iam role, memory, cpu limit, network & security information.
version: 1 task_definition: task_execution_role: ecsExecutionRole ecs_network_mode: awsvpc task_size: mem_limit: 0.5GB cpu_limit: 256 run_params: network_configuration: awsvpc_configuration: subnets: - "subnet-x" - "subnet-x" security_groups: - "security group ID-x" assign_public_ip: ENABLEDThe docker-compose.yml file. This defines your container
NOTE
The assign_public_ip and task_size parameters are only valid for a Fargate task. This task definition will fail if the launch type is changed to EC2.version: '2' services: wordpress: image: wordpress ports: - "80:80" logging: driver: awslogs options: awslogs-group: tutorial awslogs-region: us-east-1 awslogs-stream-prefix: wordpressDeploy the container. The two files above have to be in the same directory if specific ecs-cli option location are not specified.
$ ecs-cli compose --project-name ecs_frontend service up --create-log-groups --cluster-config ecs_frontend_config INFO[0000] Using ECS task definition TaskDefinition="ecs_frontend:1" WARN[0000] Failed to create log group tutorial in eu-west-1: The specified log group already exists INFO[0000] Created an ECS service service=ecs_frontend taskDefinition="ecs_frontend:1" INFO[0001] Created log group tutorial in eu-west-1 INFO[0001] Updated ECS service successfully desiredCount=1 serviceName=ecs_frontend INFO[0016] (service ecs_frontend) has started 1 tasks: (task 21abdcdd-2622-4b82-b3e2-bafeb221e95d). timestamp="2018-05-12 15:53:57 +0000 UTC" INFO[0076] Service status desiredCount=1 runningCount=1 serviceName=ecs_frontend INFO[0076] (service ecs_frontend) has reached a steady state. timestamp="2018-05-12 15:54:57 +0000 UTC" INFO[0076] ECS Service has reached a stable state desiredCount=1 runningCount=1 serviceName=ecs_frontendCheck the container is running.
$ ecs-cli compose --project-name ecs_frontend service ps --cluster-config ecs_frontend_config Name State Ports TaskDefinition 21abdcdd-2622-4b82-b3e2-bafeb221e95d/wordpress RUNNING 10.105.1.163:80->80/tcp ecs_frontend:1
© Lightnetics 2024