ECS - Manual Deploy
More rough notes from my app (mis)adventures. These notes are for Linux, because... life is short, and even if you're on windows you have WSL. Use it.
Process 2, the automated process as part of CI, will follow shortly. I'll update the link here when it's up.
- Basic AWS concepts
- Basic Docker concepts
There are better articles kicking about on those than I can write but feel free to browse through my tags. I write summaries that are quite annoying in their brevity, be warned.
The core concepts for ECS (Elastic Container Service) are basically:
- A Container Registry for your images, floating up there in the AWS clouds.
- Task Definitions, reminiscent of fancy docker compose files that aren't.
- In AWS, navigate ECS > ECR (Elastic Container Registry)
create a new new container repository and give it a name. The important thing here is the repository URI that AWS yields at the end. Take a note of it.
I found the term "repository" very misleading, because it suggests a holding space for a variety of different images. But the registry is actually going to hold several repositories, each of which represents a single image. Remember that when naming your repos. I.e. it's best to think of a repository as a home for all the evolutions of a particular container image. It muffed me up during the push steps.
- Under Images for your new registry, you'll have nothing. But click the View Push Commands button: this gives you the docker and aws-cli commands for pushing your images. In my case, I'll be needing these things to happen inside my git workflow instead (i.e. automated), but one can only really automate that which one can do manually. Hence the two processes below.
Ability to push your image(s) requires that you:
- have the AWS CLI installed locally and aws is configured
- Your container images are ready/built.
Docker and ECR have become friends, so that docker has the authorization to push images to ECR, i.e you've ran:
aws ecr get-login-password --region <region> | docker login --username AWS --password-stdin <ecr uri>
...substituting your AWS region and your ECR uri with the registry /name lopped off the end, as needed.
Push your image(s)! Essentially:
docker tag localImageName:latest <your ECR uri>/<repositoryName>:latest
docker push <your ECR uri>/<repositoryName>:latest
Now use those push commands AWS gave you, to push your images to your spiffy new container registry:
- Once your images are pushed, got to ECS > Clusters:
A basic config:
- EC2 linux
- on-demand provisioning
- t2 micro
- 1 or 2 instances to start with (don't go crazy!)
- EBS block storage usu 20 to 30Gb.
- provide a keypair if you'll want to be able to nip into your running containers (can create a pair in AWS::Network & Sec > Key Pairs) otherwise omit.
For Networking: main things are to:
- Attach your VPC
- you can let it create a new role for the instances
- use the right subnet (eg if these containers are public facing, pick your public subnet)
- attach the appropriate Security Group. "Appropriate" meaning ensure it has the right access controls decorating it and you're not about to shoot yourself in the foot security-wise.
- click CREATE !! :D :D :D
Once the cluster is active, goto ECS > Task Definitions and create a new one. I selected an EC2 launch type, not Fargate, which sounds fancy and pricey. Then:
- click Add Container, and then set the image to
<your ECS container repository uri>/image:tag. Told you that URI would come in handy.
- set the mem limit for the running container. A tutorial I followed recommended sthg like 300mb to 500mb for the sort of webby things that newbs like moi (and I guess toi) would try to run in the cloud. Remember a container is doing just one job. It's not an all-purpose machine like your laptop, so don't go crazy with mem specs (not to mention that Amazon enjoys getting $paid).
- under Advanced Container Configuration, you can set things like ENV vars, entry points etc (tho, rem ur dockerfile likely already specified an entry point).
- Click ADD !!
- (psst... you can actually click 'Add Container' again, at this point. Told you task definitions felt a lot like docker compose files).
- If you've no more containers to add, click CREATE to finish.
Now go back to ECS > Clusters
- Select the cluster you created and click on the 'Tasks' tab.
- click Run New Task and ensure your launch type is EC2.
- select the Task Definition You just created
- set # of tasks to 1 (at least for now)
- click Run Task and wait for the status to go green.
You might want to do some research on "scan on push",
ECS_IMAGE_PULL_BEHAVIOR and other env keys that were entirely skipped, never mind glossed over.
If you're doing all this inside an EC2 instance, you'll have to add
ec2_user (which should be familiar if you've tried out EC2 instances) to docker with the command
sudo usermod -a -G docker ec2-user. I didn't follow this path, so can't say more about it.
Found this on EC2 vs Fargate launch types, if you're interested.