Before deep diving into running a docker container into an AWS ECS, let start with basic key concepts:
- Docker and Docker Container
- Docker is a tool that packages software into standardized units called Containers that have everything for a software to run including libraries, code, dependencies, system tools, etc.
- It allows us to deploy and scale applications into any environment and ship it all out as one package.
- Docker gives flexibilities to configure Network policies to access or deny docker container.
- Docker containers can be migrated to any machine that can run docker.
- Docker container is a running instance of a docker image.
- Docker Image
- Docker Images can be considered as a blueprint of an application that comprises all the dependencies required to run the application on Docker.
- Simply, docker image is a read-only template that has instructions for creating a docker container.
- Amazon EC2 Container Registry (Amazon ECR)
- As part of container registry platform, AWS provides ECR which is fully managed private docker container registry where we can upload docker images.
- ECR integrated with Amazon ECS can store, manage and deploy container images.
- It is highly available, redundant and can be encrypted by different encryption mechanisms.
- It can be implemented with granular security permissions with AWS IAM.
After understanding these basic concepts, let’s get start with ECS.
- Amazon EC2 Container Service (Amazon ECS)
- Once docker container images are build and uploaded to registry such as EC2CR, we need a mechanism to make those images running in cloud. ECS is the quickest and easiest service provided by AWS to fulfill this purpose.
- ECS downloads images from ECR and runs and manages docker-enabled applications across a logical group of amazons EC2 instances.
- ECS keeps track of instances and how much resources they have and what they are running.
Now let’s deep dive into ECS. In order to start with ECS, we first need to understand a Cluster.
1.1 Amazon ECS Cluster
- ECS Cluster is a logical group of instances that each run docker containers in a lightweight agent provided by ECS.
- ECS can utilize on-demand, spot, or reserved EC2 instances or it can also include different EC2 instance types specific to different regions.
1.2 Amazon ECS Agent
- Agent reports back to the centralized ECS control plane to tell up the status of any running containers on the machine as a result of received instructions to run more containers.
- ECS agent manages the state of containers on a single EC2 instance
- It is present in every EC2 instance in an ECS cluster.
ECS cluster can be created using:
- AWS console
- Amazon ECS command line interface (CLI)
- Amazon ECS APIS
Once a cluster is running, next thing we need is a task to run on cluster
1.3 Amazon ECS Task
- Deploys container onto EC2 Instances in a cluster
1.4 Amazon ECS Task Definition
- It is a template for running one or more tasks. It is in JSON format that defines how to launch a docker container on an instance.
- Particular version of the docker image that we want to deploy is speciffed in the JSON file.
- Amazon ECS Task Definition is a Metadata about how to launch a single instance for an application container as a task on a machine.
- Tasks just like docker containers can be tagged with multiple versions.
- This allows us to keep a library of consistent dependable application states.
Amazon ECS Task Definition specifies:
- Docker image for each container
- CPU and memory requirements for each container
- Links between containers
- Networking and Port Settings
- Data Storage Volumes
- Security (IAM) roles
- Point in time capture of code and dependencies
- Point in time capture of the configuration for running the image.
Next step is to run the task in ECS. For that all we need to do is to specify the task definition and the number of tasks we want to run. ECS performs below steps for running a task.
- Finds EC2 instance in cluster that meet requirements in the task definition
- Defines how tasks are distributed onto EC2 instance in the cluster
- Communicates with ECS-Agent and docker daemon to run containers on eligible EC2 instances in the cluster
ECS can be run via ECS console, CLI or APIs.
1.6 ECS Service Capabilities
- Manage long-running workloads that needs to be available at all times.
- Automate the ‘Run-Task’ process
- Actively Monitor running tasks
- Event out the load across the cluster.
- Restart tasks if they fail.
- Can view the cloudwatch logs for a runnig task. To view cloudwatch log, either click on Logs located at menu bar or click on task name to view details > then click on expand icon alongside of running task inside Containers > and scrolldown to Details section.
1.7 Points to Remember
- ECS provides the control plane and connective pieces that take docker images and a cluster of instances and turn them into an automated deployment platform for an application.
- Automate the development of docker applications
- Easily manageable for clusters of any scale
- Fully managed service, no software to install, maintain, or update
- Native integrations with other AWS services