ecs and ecr deep dive
TRANSCRIPT
![Page 1: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/1.jpg)
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Apr 21 2016
Amazon EC2 Container Service Deep Dive
Shiva N, Solution Architect, AWS
![Page 2: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/2.jpg)
Agenda
The BasicsInfrastructure SetupInfrastructure ManagementDeploying ApplicationsPaaS on ECSUsing the CLI
![Page 3: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/3.jpg)
TaskDefinitionsContainers
ClustersContainer Instances
Key Components
![Page 4: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/4.jpg)
Amazon ECS Infrastructure Setup
![Page 5: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/5.jpg)
Amazon ECS Infrastructure Setup
Amazon ECS Cluster SetupAmazon ECR Setup
![Page 6: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/6.jpg)
Amazon ECS Cluster Setup
![Page 7: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/7.jpg)
Amazon ECS Cluster Setup
There are many ways to provision cluster infrastructure
v AWS – CloudFormation, Simple Systems Manager, Autoscale Groups, OpsWorks, ECS-CLI
v Others - Terraform, PaaS, Partners
Let’s talk about CloudFormation
![Page 8: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/8.jpg)
Cluster Setup with AWS CloudFormation
CloudFormation supports ECS cluster, service and task definition resourcesUse AWS::IAM::Role to create ECS service role and container instances roleLaunch container instances using AWS:AutoScaling::LaunchConfiguation and AWS:AutoScaling::AutoScalingGroup
![Page 9: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/9.jpg)
Cluster Setup with AWS CloudFormation
"Resources" : {
"ECSCluster": {
"Type": "AWS::ECS::Cluster"
},
"ECSAutoScalingGroup" : {
"Type" : "AWS::AutoScaling::AutoScalingGroup",
"Properties" : {
"VPCZoneIdentifier" : { "Ref" : "SubnetID" },
"LaunchConfigurationName" : { "Ref" : "ContainerInstances" },
"MinSize" : "1",
"MaxSize" : { "Ref" : "MaxSize" },
"DesiredCapacity" : { "Ref" : "DesiredCapacity" }
},
[…]
},
![Page 10: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/10.jpg)
Cluster Setup with AWS CloudFormation
"ContainerInstances": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Metadata" : {
"AWS::CloudFormation::Init" : {
"config" : {
"commands" : {
"01_add_instance_to_cluster" : {
"command" : { "Fn::Join": [ "", [ "#!/bin/bash\n", "echo ECS_CLUSTER=", { "Ref": "ECSCluster" }, " >> /etc/ecs/ecs.config" ] ] }
}
},
[…]
}
}
}
![Page 11: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/11.jpg)
Amazon ECR Setup
![Page 12: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/12.jpg)
Amazon ECR Setup
You have read and write access to the repositories you create in your default registry, i.e. <aws_account_id>.dkr.ecr.us-east-1.amazonaws.comRepository names can support namespaces, e.g. team-a/web-app.Repositories can be controlled with both IAM user access policies and repository policies.
![Page 13: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/13.jpg)
Amazon ECR Setup
# Authenticate Docker to your Amazon ECR registry
> aws ecr get-login
docker login -u AWS -p <password> -e none https://<aws_account_id>.dkr.ecr.us-east-1.amazonaws.com
> docker login -u AWS -p <password> -e none https://<aws_account_id>.dkr.ecr.us-east-1.amazonaws.com
# Create a repository called ecr-demo
> aws ecr create-repository --repository-name ecr-demo
# Push an image to your repository
> docker push <aws_account_id>.dkr.ecr.us-east-1.amazonaws.com/ecr-demo:v1
![Page 14: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/14.jpg)
Amazon ECS Infrastructure Management
![Page 15: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/15.jpg)
Amazon ECS Infrastructure Management
Monitoring & LoggingScaling ECSService Discovery & Configuration ManagementSecurity
![Page 16: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/16.jpg)
Monitoring & Logging
![Page 17: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/17.jpg)
Monitoring and Logging on Amazon ECS
Monitoring with Amazon CloudWatchConfiguring logging in Task DefinitionAmazon CloudTrailMonitoring Amazon ECS with DatadogMonitoring Amazon ECS with Sysdig Cloud
![Page 18: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/18.jpg)
Monitoring with Amazon CloudWatch
Metric data sent to CloudWatch in 1-minute periods and recorded for a period of two weeksAvailable metrics: CPUReservation, MemoryReservation, CPUUtilization, MemoryUtilizationAvailable dimensions: ClusterName, ServiceName
![Page 19: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/19.jpg)
Monitoring with Amazon CloudWatch
![Page 20: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/20.jpg)
Monitoring with Amazon CloudWatch
Use the Amazon CloudWatch Monitoring Scripts to monitor additional metrics, e.g. disk space:
# Edit crontab
> crontab -e
# Add command to report disk space utilization to CloudWatch every five minutes
*/5 * * * * <path_to>/mon-put-instance-data.pl --disk-space-util --disk-space-used --disk-space-avail --disk-path=/ --from-cron
![Page 21: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/21.jpg)
Configuring Logging in Task Definition
logConfiguration task definition parameterRequires version 1.18 or greater of the Docker Remote API Maps to docker run --log-driver option Log drivers: json-file, syslog, journald, gelf, fluentd
![Page 22: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/22.jpg)
Logging with Amazon CloudWatch Logs
• Logging container with syslogd and CloudWatch Logs Agent
• Attach /var/log Volume to Logging container (Sidecar pattern)
• Link other containerssyslogd
CloudWatch Logs Agent
CloudWatch Logs
Container instance
ECS Cluster
ECS Agent Logs
Docker Logs
![Page 23: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/23.jpg)
Logging Amazon ECS API with AWS CloudTrail
{
"eventVersion": "1.03",
"userIdentity": {…},
"eventTime": "2015-10-12T13:57:33Z",
"eventSource": "ecs.amazonaws.com",
"eventName": "CreateCluster",
"awsRegion": "eu-west-1",
"sourceIPAddress": "54.240.197.227",
"userAgent": "console.amazonaws.com",
"requestParameters": {
"clusterName": "ecs-cli"
},
![Page 24: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/24.jpg)
Logging Amazon ECS API with AWS CloudTrail
"responseElements": {
"cluster": {
"clusterArn": "arn:aws:ecs:eu-west-1:560846014933:cluster/ecs-cli",
"pendingTasksCount": 0,
"registeredContainerInstancesCount": 0,
"status": "ACTIVE",
"runningTasksCount": 0,
"clusterName": "ecs-cli",
"activeServicesCount": 0
}
},
[…]
![Page 25: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/25.jpg)
Monitoring Amazon ECS with Datadog
![Page 26: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/26.jpg)
Monitoring Amazon ECS with Sysdig Cloud
![Page 27: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/27.jpg)
Scaling Amazon ECS
![Page 28: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/28.jpg)
Scaling Amazon ECS
AutoScaling your Amazon ECS clusterScaling your Services with Lambda
![Page 29: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/29.jpg)
Setup ECS Cluster with AutoScaling
Create LaunchConfiguration• Pick instance type
depending on resource requirements, e.g. memory or CPU
• Use latest Amazon Linux ECS-optimized AMI, other distros available
Create AutoScaling group and set to cluster initial size
![Page 30: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/30.jpg)
AutoScaling your Amazon ECS Cluster
• Create CloudWatch alarm on a metric, e.g. MemoryReservation
• Configure scaling policies to increase and decrease the size of your cluster
![Page 31: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/31.jpg)
Scaling your Services with Lambda
• Cloudwatch metrics tied to SNS
• SNS triggers Lambda Container Scaling function
• Lambda scales task count on cluster
• Bonus - Extensible ‘cluster intelligence’ layer
![Page 32: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/32.jpg)
Service Discovery & Configuration Management
![Page 33: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/33.jpg)
Service Discovery on Amazon ECS
Service Discovery with ECS Services & Route 53Service Discovery with WeaveworksService Discovery and Configuration Management with ConsulService Discovery and Configuration Management with etcd
![Page 34: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/34.jpg)
Service Discovery with ECS Services & Route 53
• Route 53 private hosted zone• Set search path on hosts with DHCP option sets• Define ECS services with ELB• Create CNAMEs for each ELB
![Page 35: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/35.jpg)
Service Discovery with ECS Services & Route 53
Task
Task TaskTask
ECS Service
Application router, e.g.
nginx
Internal ELB with CNAME, e.g.
api.example.com
Route 53 private zone,
e.g. example.com
![Page 36: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/36.jpg)
Service Discovery with Weaveworks
DNS interface for cross-host container communicationGossip protocol to share grouped updatesOverlay network between hosts
![Page 37: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/37.jpg)
Service Discovery and Configuration Management with ConsulThree main components:• Consul agent - Runs on each node, responsible for
checking the health of the services and of the node itself.
• One or more Consul servers - Store and replicate data, leader elected using the Raft consensus algorithm
• Registrator agent - Automatically register/deregisters services based on published ports and metadata from the container environment variables defined in the ECS task definition
![Page 38: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/38.jpg)
Service Discovery and Configuration Management with Consul
ECS
Clus
ter
consul-server
ECS Instance
consul-agent
registrator
ECS Instance
Back end 1
Back end 2
consul-agent
registrator
ECS Instance
Front end
ECS
Clus
ter
![Page 39: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/39.jpg)
Service Discovery and Configuration Management with etcd
etcd
registrator
ECS Instance
Container 1
Container 2
confd etcd
registrator
ECS Instance
Container 1
Container 2
confd etcd
registrator
ECS Instance
Container 1
Container 2
confd
![Page 40: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/40.jpg)
Security
![Page 41: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/41.jpg)
Security
ECS IAM Policies and RolesECR IAM Policies and RolesImage Vulnerability Scanning with Twistlock
![Page 42: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/42.jpg)
ECS IAM Policies and Roles
The ECS agent calls the ECS APIs on your behalf, so container instances require an IAM policy and role that allows these calls.The ECS service scheduler calls the EC2 and ELB APIs on your behalf to register and deregister container instances with your load balancers. Use AmazonEC2ContainerServiceforEC2Role and AmazonEC2ContainerServiceRole managed policies (respectively)
![Page 43: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/43.jpg)
ECR IAM Policies and Roles
ECR uses resource-based permissions to control access.By default, only the repository owner has access to a repository. You can apply a policy document that allows others to access your repository.Use managed policies for IAM users or roles that allow differing levels of control: AmazonEC2ContainerRegistryFullAccess, AmazonEC2ContainerRegistryPowerUser or AmazonEC2ContainerRegistryReadOnly
![Page 44: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/44.jpg)
Image Vulnerability Scanning with Twistlock
![Page 45: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/45.jpg)
Deploying Applications
![Page 46: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/46.jpg)
Deploying Applications
Scheduling ContainersAutomating Deployments
![Page 47: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/47.jpg)
Scheduling Containers
![Page 48: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/48.jpg)
Scheduling Containers on ECS
Batch Jobs
ECS Task schedulerRun tasks once
Batch jobsRunTask (random) StartTask (placed)
Long-Running Apps
ECS Service schedulerHealth managementScale-up and scale-downAZ awareGrouped Containers
![Page 49: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/49.jpg)
Scheduling Containers: Long-running App
Optionally run your service behind a load balancer.One load balancer per service.ELB currently supports a fixed relationship between the load balancer port and the container instance port.If a task fails the ELB health check, the task is killed and restarted (until service reaches desired capacity).
![Page 50: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/50.jpg)
Scheduling Containers: Long-running App
Update service’s task definition (rolling update)Specify a deployment configuration for your service:• minimumHealthyPercent: lower limit (as a percentage of
the service's desiredCount) of the number of running tasks that must remain running in a service during a deployment.
• maximumPercent: upper limit (as a percentage of the service's desiredCount) of the number of running tasks that can be running in a service during a deployment.
![Page 51: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/51.jpg)
Scheduling Containers: Long-running app
Deploy using the least space: minimumHealthyPercent = 50%, maximumPercent = 100%
![Page 52: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/52.jpg)
Scheduling Containers: Long-running App
Deploy quickly without reducing service capacity: minimumHealthyPercent = 100%, maximumPercent = 200%
![Page 53: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/53.jpg)
Scheduling Containers: Long-running App
Blue-Green Deployments
• Define two ECS services• Each service is associated w/ ELB• Both ELBs in Route 53 record set
with weighted routing policy, 100% Primary, 0% Secondary
• Deploy to Blue or Green service and switch weights
TaskTask
Route 53 record set
with weighted routing policy
0%100%
![Page 54: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/54.jpg)
Automating Deployments
![Page 55: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/55.jpg)
Automating Deployments
Continuous Delivery to ECS with JenkinsContinuous Delivery to ECS with Shippable
![Page 56: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/56.jpg)
Continuous Delivery to ECS with Jenkins
4. Push image to Docker registry
2. Build image from sources 3. Run test on image
1. Code push triggers build
5. Update Service
6. Pull image
![Page 57: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/57.jpg)
Continuous Delivery to ECS with Jenkins
Easy DeploymentDevelopers – Merge into master, done!
Jenkins Build StepsTrigger via Webhooks, Monitoring, LambdaBuild Docker image via Build and Publish plugin Push Docker image into RegistryRegister Updated Job with ECS API
![Page 58: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/58.jpg)
Continuous Delivery to ECS with Shippable
![Page 59: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/59.jpg)
ECS CI/CD Partners
![Page 60: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/60.jpg)
PaaS on ECS
![Page 61: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/61.jpg)
PaaS on ECS
AWS Elastic BeanstalkConvoxRemind Empire
![Page 62: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/62.jpg)
AWS Elastic Beanstalk
Uses Amazon ECS to coordinate deployments to multicontainer Docker environmentsTakes care of tasks including cluster creation, task definition and execution
![Page 63: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/63.jpg)
AWS Elastic Beanstalk
Elastic Beanstalk uses a Dockerrun.aws.json file that describes how to deploy containers.The Dockerrun.aws.json file includes three sections:• AWSEBDockerrunVersion: Set to "2" for multicontainer
Docker environments.• containerDefinitions: An array of container definitions.• volumes: Creates mount points in the container instance
that a container can use.
![Page 64: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/64.jpg)
Convox
![Page 65: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/65.jpg)
Convox
# Initialize your app and create default manifest
> convox init
# Locally build and run your app as declared in the manifest
> convox start
# Create app
> convox apps create my_app
# Deploy app, output ELB DNS name
> convox deploy
[...]
web: http://my_app-1234567890.us-east-1.elb.amazonaws.com
![Page 66: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/66.jpg)
Remind Empire
Control layer on top of Amazon ECS that provides a Heroku like workflowAny tagged Docker image can be deployed to Empire as an app • When you deploy a Docker image to Empire, it will
extract a Procfile from the WORKDIR• Each process type in the Procfile maps directly to an
ECS Service
![Page 67: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/67.jpg)
Remind Empire
Routing layer backed by internal ELBs• An application that specifies a web process will get an
internal ELB attached to its ECS Service • When a new internal ELB is created, an associated
CNAME record is created in Route53 under the internal TLD, enabling service discovery via DNS
![Page 68: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/68.jpg)
Using the CLI
![Page 69: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/69.jpg)
Using the CLI
Configuring the ECS CLICluster Setup with the ECS CLIDeploy Compose App with ECS CLIScaling with ECS CLI
![Page 70: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/70.jpg)
Configuring the ECS CLI
Easily create Amazon ECS clusters & supporting resources such as EC2 instancesRun Docker Compose configuration files on Amazon ECSAvailable today – http://amzn.to/1jBf45a
![Page 71: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/71.jpg)
Configuring the ECS CLI
# Configure the CLI using environment variables
> export AWS_ACCESS_KEY_ID=<my_access_key>
> export AWS_SECRET_ACCESS_KEY=<my_secret_key>
> ecs-cli configure --region us-east-1 --access-key $AWS_ACCESS_KEY_ID --secret-key $AWS_SECRET_ACCESS_KEY --cluster ecs-cli-demo
# Configure the CLI using an existing AWS CLI profile
> ecs-cli configure --region us-west-2 --profile ecs-profile --cluster ecs-cli-demo
![Page 72: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/72.jpg)
Cluster Setup with the ECS CLI
# Creates a new ECS cluster with two container instances in an existing VPC
> ecs-cli up --capability-iam --keypair my_ecs_keypair --size 2 --security-group sg-a12bc34d --vpc vpc-0e9dc8b7 --subnets subnet-12ab34cd,subnet-56ef78ab --instance-type t2.medium
# Creates a new ECS cluster with one container instance in a new VPC
> ecs-cli up --capability-iam --keypair my_ecs_keypair --azs us-east-1a,us-east-1c --cidr 192.169.0.0/24 --port 22 --instance-type t2.medium
![Page 73: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/73.jpg)
Deploy Compose App with ECS CLI
Docker Compose lets you define and run multi-container applications:1. Define app environment with Dockerfile2. Define services that make up your app in docker-
compose.yml3. Run docker-compose up to start and run entire app
![Page 74: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/74.jpg)
Deploy Compose App with ECS CLI
proxy:
build: ./proxy
ports:
- "80:80"
links:
- web
web:
build: ./web
command: bundle exec rails server -b 0.0.0.0
environment:
- SECRET_KEY_BASE=secretkey
expose:
- "3000"
![Page 75: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/75.jpg)
Deploy Compose App with ECS CLI
> ecs-cli compose up
> ecs-cli compose ps
> ecs-cli compose service create
> ecs-cli compose service start
![Page 76: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/76.jpg)
Scaling with ECS CLI
> ecs-cli scale n
> ecs-cli compose scale n
> ecs-cli compose service scale n
![Page 77: ECS and ECR deep dive](https://reader034.vdocuments.mx/reader034/viewer/2022042605/586fb4431a28abe57d8b70a7/html5/thumbnails/77.jpg)
Thank you!