Today, I was reading about the AWS container orchestration tool which is ECS. I have one question about this. If we place an Ec2 instance on a private subnet, then we require a NAT gateway so that ECS agent can provide info to the ECS service. But how does the ECS service manage the orchestration task if ECS seats on the public network and ec2(container instance) in private.
Related
I have a ECS fargate cluster up and running and it has 1 service and 1 task definition attached to it.
The task definition already has 2 container images described.This cluster is up and running.
Can I create a new service and for another application and configure it with this Existing ECS cluster.
If yes, will both the service run simultaneously.
From the AWS Documentation in regards Amazon ECS Clusters
An Amazon ECS cluster is a logical grouping of tasks or services. Your
tasks and services are run on infrastructure that is registered to a
cluster.
So I believe, you should be able to run multiple services in a cluster that is attached to its related task definition in the ECS.
Source Documentation - https://docs.aws.amazon.com/AmazonECS/latest/developerguide/clusters.html
I am working on a complicated structure on AWS, which includes an API gateway for users connecting the website located inside a VPC. In this VPC, I have planned to use ALB to load balancing the traffic from outside to different ECS Fargate tasks.
For own purpose, I have planned to use Blue/Green Deployment in CodeDeploy session for deploying the services located in ECS fargate. From the documentations of AWS, I understand the listener port of production and test environment can be set up at load balancer.
I would like to know whether the listener port can be set up at API gateway. As I hope to use CloudFormation for this approach, it would be better related to it. Thanks!
Please confirm if these are true, or please point to the official AWS documentations that describes how to use dynamic port mapping with NLB and run multiple same tasks in an ECS ES2 instance. I am not using Fargate.
ECS+NLB does NOT support dynamic port mapping, hence
ECS+NLB can only allow 1 task (docker container) per EC2 instance in an ECS service
This is because:
AWS ECS Developer Guide - Creating a Load Balancer only mentions ALB that can use dynamic port, and not mention on NLB.
Application Load Balancers offer several features that make them attractive for use with Amazon ECS services:
* Application Load Balancers allow containers to use dynamic host port mapping (so that multiple tasks from the same service are allowed per container instance).
ECS task creation page clearly states that dynamic port is for ALB.
Network Load Balancer for inter-service communication quotes a response from the AWS support:
"However, I would like to point out that there is currently an ongoing issue with the NLB functionality with ECS, mostly seen with dynamic port mapping where the container is not able to stabilize due to health check errors, I believe the error you're seeing is related to that issue. I can only recommend that you use the ALB for now, as the NLB is still quite new so it's not fully compatible with ECS yet."
Updates
Found a document stating NLB supports dynamic port. However, if I switch ALB to NLB, ECS service does not work. When I log into an EC2 instance, an ECS agent is running but no docker container is running.
If someone managed to make ECS(EC2 type)+NLB work, please provide the step by step how it has been done.
Amazon ECS Developer Guide - Service Load Balancing - Load Balancer Types - NLB
Network Load Balancers support dynamic host port mapping. For example, if your task's container definition specifies port 80 for an NGINX container port, and port 0 for the host port, then the host port is dynamically chosen from the ephemeral port range of the container instance (such as 32768 to 61000 on the latest Amazon ECS-optimized AMI). When the task is launched, the NGINX container is registered with the Network Load Balancer as an instance ID and port combination, and traffic is distributed to the instance ID and port corresponding to that container. This dynamic mapping allows you to have multiple tasks from a single service on the same container instance.
I have deployed an AWS batch job which creates an ECS Fargate task in the background. This is all deployed in a public subnet with internet access. I have verified that running the docker container in a standalone EC2 instance in the same subnet has internet connectivity and everything works fine. After reading the AWS documentation I cannot determine why my ECS docker container is not able to access the internet. Is there some special configuration needed for this to work?
I have a task running a container in AWS ECS. There doesn't seam to be any ECS CLI commands to access that container. Is is possible to log directly into a container running in ECS?
Yes, you can access the ECS container if you deployed using AWS - ECS - EC2 option. You can get the container IP from the ECS - ECS instances tab and SSH into the instance to see it there. Make sure the Security Group of this instance allows SSH access. Let me know if this helps!