SlideShare a Scribd company logo

ECS and ECR deep dive

Shiva Narayanaswamy
Shiva Narayanaswamy

This document provides an overview and instructions for setting up and managing infrastructure and applications on Amazon EC2 Container Service (ECS). It covers the key components of ECS including tasks, containers, clusters and container instances. It also discusses setting up ECS infrastructure with CloudFormation, monitoring with CloudWatch, service discovery with Route 53 and Weaveworks, security with IAM roles and policies and image scanning. The document demonstrates deploying applications to ECS including scheduling containers for batch jobs and long-running apps. It shows automating deployments with Jenkins and Shippable and using platform as a service options like Elastic Beanstalk, Convox and Remind Empire. Finally, it provides instructions for using the ECS CLI

1 of 77
Downloaded 88 times
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Apr 21 2016 Amazon EC2 Container Service Deep Dive Shiva N, Solution Architect, AWS
Agenda The Basics Infrastructure Setup Infrastructure Management Deploying Applications PaaS on ECS Using the CLI
TaskDefinitions Containers Clusters Container Instances Key Components
Amazon ECS Infrastructure Setup
Amazon ECS Infrastructure Setup Amazon ECS Cluster Setup Amazon ECR Setup
Amazon ECS Cluster Setup
Amazon ECS Cluster Setup There are many ways to provision cluster infrastructure v AWS – CloudFormation, Simple Systems Manager, Autoscale Groups, OpsWorks, ECS-CLI v Others - Terraform, PaaS, Partners Let’s talk about CloudFormation
Cluster Setup with AWS CloudFormation CloudFormation supports ECS cluster, service and task definition resources Use AWS::IAM::Role to create ECS service role and container instances role Launch container instances using AWS:AutoScaling::LaunchConfiguation and AWS:AutoScaling::AutoScalingGroup
Cluster Setup with AWS CloudFormation "Resources" : { "ECSCluster": { "Type": "AWS::ECS::Cluster" }, "ECSAutoScalingGroup" : { "Type" : "AWS::AutoScaling::AutoScalingGroup", "Properties" : { "VPCZoneIdentifier" : { "Ref" : "SubnetID" }, "LaunchConfigurationName" : { "Ref" : "ContainerInstances" }, "MinSize" : "1", "MaxSize" : { "Ref" : "MaxSize" }, "DesiredCapacity" : { "Ref" : "DesiredCapacity" } }, […] },
Cluster Setup with AWS CloudFormation "ContainerInstances": { "Type": "AWS::AutoScaling::LaunchConfiguration", "Metadata" : { "AWS::CloudFormation::Init" : { "config" : { "commands" : { "01_add_instance_to_cluster" : { "command" : { "Fn::Join": [ "", [ "#!/bin/bashn", "echo ECS_CLUSTER=", { "Ref": "ECSCluster" }, " >> /etc/ecs/ecs.config" ] ] } } }, […] } } }
Amazon ECR Setup
Amazon ECR Setup You have read and write access to the repositories you create in your default registry, i.e. <aws_account_id>.dkr.ecr.us-east-1.amazonaws.com Repository names can support namespaces, e.g. team- a/web-app. Repositories can be controlled with both IAM user access policies and repository policies.
Amazon ECR Setup # Authenticate Docker to your Amazon ECR registry > aws ecr get-login docker login -u AWS -p <password> -e none https://<aws_account_id>.dkr.ecr.us-east- 1.amazonaws.com > docker login -u AWS -p <password> -e none https://<aws_account_id>.dkr.ecr.us-east- 1.amazonaws.com # Create a repository called ecr-demo > aws ecr create-repository --repository-name ecr-demo # Push an image to your repository > docker push <aws_account_id>.dkr.ecr.us-east-1.amazonaws.com/ecr-demo:v1
Amazon ECS Infrastructure Management
Amazon ECS Infrastructure Management Monitoring & Logging Scaling ECS Service Discovery & Configuration Management Security
Monitoring & Logging
Monitoring and Logging on Amazon ECS Monitoring with Amazon CloudWatch Configuring logging in Task Definition Amazon CloudTrail Monitoring Amazon ECS with Datadog Monitoring Amazon ECS with Sysdig Cloud
Monitoring with Amazon CloudWatch Metric data sent to CloudWatch in 1-minute periods and recorded for a period of two weeks Available metrics: CPUReservation, MemoryReservation, CPUUtilization, MemoryUtilization Available dimensions: ClusterName, ServiceName
Monitoring with Amazon CloudWatch
Monitoring with Amazon CloudWatch Use the Amazon CloudWatch Monitoring Scripts to monitor additional metrics, e.g. disk space: # Edit crontab > crontab -e # Add command to report disk space utilization to CloudWatch every five minutes */5 * * * * <path_to>/mon-put-instance-data.pl --disk-space-util --disk-space-used --disk- space-avail --disk-path=/ --from-cron
Configuring Logging in Task Definition logConfiguration task definition parameter Requires version 1.18 or greater of the Docker Remote API Maps to docker run --log-driver option Log drivers: json-file, syslog, journald, gelf, fluentd
Logging with Amazon CloudWatch Logs • Logging container with syslogd and CloudWatch Logs Agent • Attach /var/log Volume to Logging container (Sidecar pattern) • Link other containers syslogd CloudWatch Logs Agent CloudWatch Logs Container instance ECS Cluster ECS Agent Logs Docker Logs
Logging Amazon ECS API with AWS CloudTrail { "eventVersion": "1.03", "userIdentity": {…}, "eventTime": "2015-10-12T13:57:33Z", "eventSource": "ecs.amazonaws.com", "eventName": "CreateCluster", "awsRegion": "eu-west-1", "sourceIPAddress": "54.240.197.227", "userAgent": "console.amazonaws.com", "requestParameters": { "clusterName": "ecs-cli" },
Logging Amazon ECS API with AWS CloudTrail "responseElements": { "cluster": { "clusterArn": "arn:aws:ecs:eu-west- 1:560846014933:cluster/ecs-cli", "pendingTasksCount": 0, "registeredContainerInstancesCount": 0, "status": "ACTIVE", "runningTasksCount": 0, "clusterName": "ecs-cli", "activeServicesCount": 0 } }, […]
Monitoring Amazon ECS with Datadog
Monitoring Amazon ECS with Sysdig Cloud
Scaling Amazon ECS
Scaling Amazon ECS AutoScaling your Amazon ECS cluster Scaling your Services with Lambda
Setup ECS Cluster with AutoScaling Create LaunchConfiguration • Pick instance type depending on resource requirements, e.g. memory or CPU • Use latest Amazon Linux ECS-optimized AMI, other distros available Create AutoScaling group and set to cluster initial size
AutoScaling your Amazon ECS Cluster • Create CloudWatch alarm on a metric, e.g. MemoryReservation • Configure scaling policies to increase and decrease the size of your cluster
Scaling your Services with Lambda • Cloudwatch metrics tied to SNS • SNS triggers Lambda Container Scaling function • Lambda scales task count on cluster • Bonus - Extensible ‘cluster intelligence’ layer
Service Discovery & Configuration Management
Service Discovery on Amazon ECS Service Discovery with ECS Services & Route 53 Service Discovery with Weaveworks Service Discovery and Configuration Management with Consul Service Discovery and Configuration Management with etcd
Service Discovery with ECS Services & Route 53 • Route 53 private hosted zone • Set search path on hosts with DHCP option sets • Define ECS services with ELB • Create CNAMEs for each ELB
Service Discovery with ECS Services & Route 53 Task Task TaskTask ECS Service Application router, e.g. nginx Internal ELB with CNAME, e.g. api.example.com Route 53 private zone, e.g. example.com
Service Discovery with Weaveworks DNS interface for cross-host container communication Gossip protocol to share grouped updates Overlay network between hosts
Service Discovery and Configuration Management with Consul Three main components: • Consul agent - Runs on each node, responsible for checking the health of the services and of the node itself. • One or more Consul servers - Store and replicate data, leader elected using the Raft consensus algorithm • Registrator agent - Automatically register/deregisters services based on published ports and metadata from the container environment variables defined in the ECS task definition
Service Discovery and Configuration Management with Consul ECSCluster consul-server ECS Instance consul-agent registrator ECS Instance Back end 1 Back end 2 consul-agent registrator ECS Instance Front end ECSCluster
Service Discovery and Configuration Management with etcd etcd registrator ECS Instance Container 1 Container 2 confd etcd registrator ECS Instance Container 1 Container 2 confd etcd registrator ECS Instance Container 1 Container 2 confd
Security
Security ECS IAM Policies and Roles ECR IAM Policies and Roles Image Vulnerability Scanning with Twistlock
ECS IAM Policies and Roles The ECS agent calls the ECS APIs on your behalf, so container instances require an IAM policy and role that allows these calls. The ECS service scheduler calls the EC2 and ELB APIs on your behalf to register and deregister container instances with your load balancers. Use AmazonEC2ContainerServiceforEC2Role and AmazonEC2ContainerServiceRole managed policies (respectively)
ECR IAM Policies and Roles ECR uses resource-based permissions to control access. By default, only the repository owner has access to a repository. You can apply a policy document that allows others to access your repository. Use managed policies for IAM users or roles that allow differing levels of control: AmazonEC2ContainerRegistryFullAccess, AmazonEC2ContainerRegistryPowerUser or AmazonEC2ContainerRegistryReadOnly
Image Vulnerability Scanning with Twistlock
Deploying Applications
Deploying Applications Scheduling Containers Automating Deployments
Scheduling Containers
Scheduling Containers on ECS Batch Jobs ECS Task scheduler Run tasks once Batch jobs RunTask (random) StartTask (placed) Long-Running Apps ECS Service scheduler Health management Scale-up and scale-down AZ aware Grouped Containers
Scheduling Containers: Long-running App Optionally run your service behind a load balancer. One load balancer per service. ELB currently supports a fixed relationship between the load balancer port and the container instance port. If a task fails the ELB health check, the task is killed and restarted (until service reaches desired capacity).
Scheduling Containers: Long-running App Update service’s task definition (rolling update) Specify a deployment configuration for your service: • minimumHealthyPercent: lower limit (as a percentage of the service's desiredCount) of the number of running tasks that must remain running in a service during a deployment. • maximumPercent: upper limit (as a percentage of the service's desiredCount) of the number of running tasks that can be running in a service during a deployment.
Scheduling Containers: Long-running app Deploy using the least space: minimumHealthyPercent = 50%, maximumPercent = 100%
Scheduling Containers: Long-running App Deploy quickly without reducing service capacity: minimumHealthyPercent = 100%, maximumPercent = 200%
Scheduling Containers: Long-running App Blue-Green Deployments • Define two ECS services • Each service is associated w/ ELB • Both ELBs in Route 53 record set with weighted routing policy, 100% Primary, 0% Secondary • Deploy to Blue or Green service and switch weights TaskTask Route 53 record set with weighted routing policy 0% 100%
Automating Deployments
Automating Deployments Continuous Delivery to ECS with Jenkins Continuous Delivery to ECS with Shippable
Continuous Delivery to ECS with Jenkins 4. Push image to Docker registry 2. Build image from sources 3. Run test on image 1. Code push triggers build 5. Update Service 6. Pull image
Continuous Delivery to ECS with Jenkins Easy Deployment Developers – Merge into master, done! Jenkins Build Steps Trigger via Webhooks, Monitoring, Lambda Build Docker image via Build and Publish plugin Push Docker image into Registry Register Updated Job with ECS API
Continuous Delivery to ECS with Shippable
ECS CI/CD Partners
PaaS on ECS
PaaS on ECS AWS Elastic Beanstalk Convox Remind Empire
AWS Elastic Beanstalk Uses Amazon ECS to coordinate deployments to multicontainer Docker environments Takes care of tasks including cluster creation, task definition and execution
AWS Elastic Beanstalk Elastic Beanstalk uses a Dockerrun.aws.json file that describes how to deploy containers. The Dockerrun.aws.json file includes three sections: • AWSEBDockerrunVersion: Set to "2" for multicontainer Docker environments. • containerDefinitions: An array of container definitions. • volumes: Creates mount points in the container instance that a container can use.
Convox
Convox # Initialize your app and create default manifest > convox init # Locally build and run your app as declared in the manifest > convox start # Create app > convox apps create my_app # Deploy app, output ELB DNS name > convox deploy [...] web: http://my_app-1234567890.us-east-1.elb.amazonaws.com
Remind Empire Control layer on top of Amazon ECS that provides a Heroku like workflow Any tagged Docker image can be deployed to Empire as an app • When you deploy a Docker image to Empire, it will extract a Procfile from the WORKDIR • Each process type in the Procfile maps directly to an ECS Service
Remind Empire Routing layer backed by internal ELBs • An application that specifies a web process will get an internal ELB attached to its ECS Service • When a new internal ELB is created, an associated CNAME record is created in Route53 under the internal TLD, enabling service discovery via DNS
Using the CLI
Using the CLI Configuring the ECS CLI Cluster Setup with the ECS CLI Deploy Compose App with ECS CLI Scaling with ECS CLI
Configuring the ECS CLI Easily create Amazon ECS clusters & supporting resources such as EC2 instances Run Docker Compose configuration files on Amazon ECS Available today – http://amzn.to/1jBf45a
Configuring the ECS CLI # Configure the CLI using environment variables > export AWS_ACCESS_KEY_ID=<my_access_key> > export AWS_SECRET_ACCESS_KEY=<my_secret_key> > ecs-cli configure --region us-east-1 --access-key $AWS_ACCESS_KEY_ID --secret-key $AWS_SECRET_ACCESS_KEY --cluster ecs-cli-demo # Configure the CLI using an existing AWS CLI profile > ecs-cli configure --region us-west-2 --profile ecs-profile -- cluster ecs-cli-demo
Cluster Setup with the ECS CLI # Creates a new ECS cluster with two container instances in an existing VPC > ecs-cli up --capability-iam --keypair my_ecs_keypair --size 2 - -security-group sg-a12bc34d --vpc vpc-0e9dc8b7 --subnets subnet- 12ab34cd,subnet-56ef78ab --instance-type t2.medium # Creates a new ECS cluster with one container instance in a new VPC > ecs-cli up --capability-iam --keypair my_ecs_keypair --azs us- east-1a,us-east-1c --cidr 192.169.0.0/24 --port 22 --instance- type t2.medium
Deploy Compose App with ECS CLI Docker Compose lets you define and run multi-container applications: 1. Define app environment with Dockerfile 2. Define services that make up your app in docker- compose.yml 3. Run docker-compose up to start and run entire app
Deploy Compose App with ECS CLI proxy: build: ./proxy ports: - "80:80" links: - web web: build: ./web command: bundle exec rails server -b 0.0.0.0 environment: - SECRET_KEY_BASE=secretkey expose: - "3000"
Deploy Compose App with ECS CLI > ecs-cli compose up > ecs-cli compose ps > ecs-cli compose service create > ecs-cli compose service start
Scaling with ECS CLI > ecs-cli scale n > ecs-cli compose scale n > ecs-cli compose service scale n
Thank you!
Ad

Recommended

Amazon Web Services EC2 Container Service (ECS)
Amazon Web Services EC2 Container Service (ECS)Amazon Web Services EC2 Container Service (ECS)
Amazon Web Services EC2 Container Service (ECS)
Mayank Patel
 
[AWS Dev Day] 앱 현대화 | AWS Fargate를 사용한 서버리스 컨테이너 활용 하기 - 삼성전자 개발자 포털 사례 - 정영준...
[AWS Dev Day] 앱 현대화 | AWS Fargate를 사용한 서버리스 컨테이너 활용 하기 - 삼성전자 개발자 포털 사례 - 정영준...[AWS Dev Day] 앱 현대화 | AWS Fargate를 사용한 서버리스 컨테이너 활용 하기 - 삼성전자 개발자 포털 사례 - 정영준...
[AWS Dev Day] 앱 현대화 | AWS Fargate를 사용한 서버리스 컨테이너 활용 하기 - 삼성전자 개발자 포털 사례 - 정영준...
Amazon Web Services Korea
 
Your APIs can be soft and fluffy
Your APIs can be soft and fluffyYour APIs can be soft and fluffy
Your APIs can be soft and fluffy
Shiva Narayanaswamy
 
Leveraging Elastic Web Scale Computing with AWS
Leveraging Elastic Web Scale Computing with AWS Leveraging Elastic Web Scale Computing with AWS
Leveraging Elastic Web Scale Computing with AWS
Shiva Narayanaswamy
 
Application Delivery Patterns
Application Delivery PatternsApplication Delivery Patterns
Application Delivery Patterns
Shiva Narayanaswamy
 
AWS ECS Quick Introduction
AWS ECS Quick IntroductionAWS ECS Quick Introduction
AWS ECS Quick Introduction
Vinothini Raju
 
Build high performing mobile apps, faster with AWS
Build high performing mobile apps, faster with AWSBuild high performing mobile apps, faster with AWS
Build high performing mobile apps, faster with AWS
Shiva Narayanaswamy
 
Platform for Innovation - AWS
Platform for Innovation - AWSPlatform for Innovation - AWS
Platform for Innovation - AWS
Shiva Narayanaswamy
 
Deep Dive into AWS ECS and Spot Instances at Scale
Deep Dive into AWS ECS and Spot Instances at ScaleDeep Dive into AWS ECS and Spot Instances at Scale
Deep Dive into AWS ECS and Spot Instances at Scale
Pahud Hsieh
 
Event driven infrastructure
Event driven infrastructureEvent driven infrastructure
Event driven infrastructure
Shiva Narayanaswamy
 
Innovation at Scale - Top 10 AWS questions when you start
Innovation at Scale - Top 10 AWS questions when you startInnovation at Scale - Top 10 AWS questions when you start
Innovation at Scale - Top 10 AWS questions when you start
Shiva Narayanaswamy
 
AWS Tagging Strategy
AWS Tagging StrategyAWS Tagging Strategy
AWS Tagging Strategy
Shiva Narayanaswamy
 
TerraformでECS+ECRする話
TerraformでECS+ECRする話TerraformでECS+ECRする話
TerraformでECS+ECRする話
Satoshi Hirayama
 
The standard container securing
The standard container securingThe standard container securing
The standard container securing
Luis Vitiritti
 
AWS Security and SecOps
AWS Security and SecOpsAWS Security and SecOps
AWS Security and SecOps
Shiva Narayanaswamy
 
DevOps, Common use cases, Architectures, Best Practices
DevOps, Common use cases, Architectures, Best PracticesDevOps, Common use cases, Architectures, Best Practices
DevOps, Common use cases, Architectures, Best Practices
Shiva Narayanaswamy
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security Overview
Sreenivas Makam
 
DevOps and AWS
DevOps and AWSDevOps and AWS
DevOps and AWS
Shiva Narayanaswamy
 
Implementing Secure Docker Environments At Scale by Ben Bernstein, Twistlock
Implementing Secure Docker Environments At Scale by Ben Bernstein, TwistlockImplementing Secure Docker Environments At Scale by Ben Bernstein, Twistlock
Implementing Secure Docker Environments At Scale by Ben Bernstein, Twistlock
Docker, Inc.
 
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECSWeaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks
 
Amazon EC2 container service
Amazon EC2 container serviceAmazon EC2 container service
Amazon EC2 container service
Aleksandr Maklakov
 
Docker clusters on AWS with Amazon ECS and Kubernetes
Docker clusters on AWS with Amazon ECS and KubernetesDocker clusters on AWS with Amazon ECS and Kubernetes
Docker clusters on AWS with Amazon ECS and Kubernetes
Julien SIMON
 
Amazon ECS.pptx tasks conatiner ecs new car
Amazon ECS.pptx tasks conatiner ecs new carAmazon ECS.pptx tasks conatiner ecs new car
Amazon ECS.pptx tasks conatiner ecs new car
zineblahib2
 
Advanced Task Scheduling with Amazon ECS
Advanced Task Scheduling with Amazon ECSAdvanced Task Scheduling with Amazon ECS
Advanced Task Scheduling with Amazon ECS
Julien SIMON
 
intro elastic container service amazon aws
intro elastic container service amazon awsintro elastic container service amazon aws
intro elastic container service amazon aws
DanielJara92
 
ECS - from 0 to 100
ECS - from 0 to 100ECS - from 0 to 100
ECS - from 0 to 100
Vitaliy Kuznetsov
 
AWS Elastic Container Service (ECS) with a CI Pipeline Overview
AWS Elastic Container Service (ECS) with a CI Pipeline OverviewAWS Elastic Container Service (ECS) with a CI Pipeline Overview
AWS Elastic Container Service (ECS) with a CI Pipeline Overview
Wyn B. Van Devanter
 
AWS ECS Meetup Talentica
AWS ECS Meetup TalenticaAWS ECS Meetup Talentica
AWS ECS Meetup Talentica
Anshul Patel
 
Amazon EKS Deep Dive
Amazon EKS Deep DiveAmazon EKS Deep Dive
Amazon EKS Deep Dive
Andrzej Komarnicki
 
ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day
ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container DayECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day
ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day
Amazon Web Services Korea
 
Ad

More Related Content

Viewers also liked (11)

Deep Dive into AWS ECS and Spot Instances at Scale
Deep Dive into AWS ECS and Spot Instances at ScaleDeep Dive into AWS ECS and Spot Instances at Scale
Deep Dive into AWS ECS and Spot Instances at Scale
Pahud Hsieh
 
Event driven infrastructure
Event driven infrastructureEvent driven infrastructure
Event driven infrastructure
Shiva Narayanaswamy
 
Innovation at Scale - Top 10 AWS questions when you start
Innovation at Scale - Top 10 AWS questions when you startInnovation at Scale - Top 10 AWS questions when you start
Innovation at Scale - Top 10 AWS questions when you start
Shiva Narayanaswamy
 
AWS Tagging Strategy
AWS Tagging StrategyAWS Tagging Strategy
AWS Tagging Strategy
Shiva Narayanaswamy
 
TerraformでECS+ECRする話
TerraformでECS+ECRする話TerraformでECS+ECRする話
TerraformでECS+ECRする話
Satoshi Hirayama
 
The standard container securing
The standard container securingThe standard container securing
The standard container securing
Luis Vitiritti
 
AWS Security and SecOps
AWS Security and SecOpsAWS Security and SecOps
AWS Security and SecOps
Shiva Narayanaswamy
 
DevOps, Common use cases, Architectures, Best Practices
DevOps, Common use cases, Architectures, Best PracticesDevOps, Common use cases, Architectures, Best Practices
DevOps, Common use cases, Architectures, Best Practices
Shiva Narayanaswamy
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security Overview
Sreenivas Makam
 
DevOps and AWS
DevOps and AWSDevOps and AWS
DevOps and AWS
Shiva Narayanaswamy
 
Implementing Secure Docker Environments At Scale by Ben Bernstein, Twistlock
Implementing Secure Docker Environments At Scale by Ben Bernstein, TwistlockImplementing Secure Docker Environments At Scale by Ben Bernstein, Twistlock
Implementing Secure Docker Environments At Scale by Ben Bernstein, Twistlock
Docker, Inc.
 
Deep Dive into AWS ECS and Spot Instances at Scale
Deep Dive into AWS ECS and Spot Instances at ScaleDeep Dive into AWS ECS and Spot Instances at Scale
Deep Dive into AWS ECS and Spot Instances at Scale
Pahud Hsieh
 
Event driven infrastructure
Event driven infrastructureEvent driven infrastructure
Event driven infrastructure
Shiva Narayanaswamy
 
Innovation at Scale - Top 10 AWS questions when you start
Innovation at Scale - Top 10 AWS questions when you startInnovation at Scale - Top 10 AWS questions when you start
Innovation at Scale - Top 10 AWS questions when you start
Shiva Narayanaswamy
 
AWS Tagging Strategy
AWS Tagging StrategyAWS Tagging Strategy
AWS Tagging Strategy
Shiva Narayanaswamy
 
TerraformでECS+ECRする話
TerraformでECS+ECRする話TerraformでECS+ECRする話
TerraformでECS+ECRする話
Satoshi Hirayama
 
The standard container securing
The standard container securingThe standard container securing
The standard container securing
Luis Vitiritti
 
AWS Security and SecOps
AWS Security and SecOpsAWS Security and SecOps
AWS Security and SecOps
Shiva Narayanaswamy
 
DevOps, Common use cases, Architectures, Best Practices
DevOps, Common use cases, Architectures, Best PracticesDevOps, Common use cases, Architectures, Best Practices
DevOps, Common use cases, Architectures, Best Practices
Shiva Narayanaswamy
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security Overview
Sreenivas Makam
 
DevOps and AWS
DevOps and AWSDevOps and AWS
DevOps and AWS
Shiva Narayanaswamy
 
Implementing Secure Docker Environments At Scale by Ben Bernstein, Twistlock
Implementing Secure Docker Environments At Scale by Ben Bernstein, TwistlockImplementing Secure Docker Environments At Scale by Ben Bernstein, Twistlock
Implementing Secure Docker Environments At Scale by Ben Bernstein, Twistlock
Docker, Inc.
 

Similar to ECS and ECR deep dive (17)

Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECSWeaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks
 
Amazon EC2 container service
Amazon EC2 container serviceAmazon EC2 container service
Amazon EC2 container service
Aleksandr Maklakov
 
Docker clusters on AWS with Amazon ECS and Kubernetes
Docker clusters on AWS with Amazon ECS and KubernetesDocker clusters on AWS with Amazon ECS and Kubernetes
Docker clusters on AWS with Amazon ECS and Kubernetes
Julien SIMON
 
Amazon ECS.pptx tasks conatiner ecs new car
Amazon ECS.pptx tasks conatiner ecs new carAmazon ECS.pptx tasks conatiner ecs new car
Amazon ECS.pptx tasks conatiner ecs new car
zineblahib2
 
Advanced Task Scheduling with Amazon ECS
Advanced Task Scheduling with Amazon ECSAdvanced Task Scheduling with Amazon ECS
Advanced Task Scheduling with Amazon ECS
Julien SIMON
 
intro elastic container service amazon aws
intro elastic container service amazon awsintro elastic container service amazon aws
intro elastic container service amazon aws
DanielJara92
 
ECS - from 0 to 100
ECS - from 0 to 100ECS - from 0 to 100
ECS - from 0 to 100
Vitaliy Kuznetsov
 
AWS Elastic Container Service (ECS) with a CI Pipeline Overview
AWS Elastic Container Service (ECS) with a CI Pipeline OverviewAWS Elastic Container Service (ECS) with a CI Pipeline Overview
AWS Elastic Container Service (ECS) with a CI Pipeline Overview
Wyn B. Van Devanter
 
AWS ECS Meetup Talentica
AWS ECS Meetup TalenticaAWS ECS Meetup Talentica
AWS ECS Meetup Talentica
Anshul Patel
 
Amazon EKS Deep Dive
Amazon EKS Deep DiveAmazon EKS Deep Dive
Amazon EKS Deep Dive
Andrzej Komarnicki
 
ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day
ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container DayECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day
ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day
Amazon Web Services Korea
 
Advanced Scheduling with Amazon ECS (September 2017)
Advanced Scheduling with Amazon ECS (September 2017)Advanced Scheduling with Amazon ECS (September 2017)
Advanced Scheduling with Amazon ECS (September 2017)
Julien SIMON
 
AWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul Maddox
AWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul MaddoxAWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul Maddox
AWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul Maddox
AWS Riyadh User Group
 
From Docker Straight to AWS
From Docker Straight to AWSFrom Docker Straight to AWS
From Docker Straight to AWS
DevOps.com
 
Amazon ECS (March 2016)
Amazon ECS (March 2016)Amazon ECS (March 2016)
Amazon ECS (March 2016)
Julien SIMON
 
Securing Containerized Workloads on Amazon ECs
Securing Containerized Workloads on Amazon ECsSecuring Containerized Workloads on Amazon ECs
Securing Containerized Workloads on Amazon ECs
Ravindu Fernando
 
Walk-through: Amazon ECS
Walk-through: Amazon ECSWalk-through: Amazon ECS
Walk-through: Amazon ECS
Knoldus Inc.
 
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECSWeaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks
 
Amazon EC2 container service
Amazon EC2 container serviceAmazon EC2 container service
Amazon EC2 container service
Aleksandr Maklakov
 
Docker clusters on AWS with Amazon ECS and Kubernetes
Docker clusters on AWS with Amazon ECS and KubernetesDocker clusters on AWS with Amazon ECS and Kubernetes
Docker clusters on AWS with Amazon ECS and Kubernetes
Julien SIMON
 
Amazon ECS.pptx tasks conatiner ecs new car
Amazon ECS.pptx tasks conatiner ecs new carAmazon ECS.pptx tasks conatiner ecs new car
Amazon ECS.pptx tasks conatiner ecs new car
zineblahib2
 
Advanced Task Scheduling with Amazon ECS
Advanced Task Scheduling with Amazon ECSAdvanced Task Scheduling with Amazon ECS
Advanced Task Scheduling with Amazon ECS
Julien SIMON
 
intro elastic container service amazon aws
intro elastic container service amazon awsintro elastic container service amazon aws
intro elastic container service amazon aws
DanielJara92
 
ECS - from 0 to 100
ECS - from 0 to 100ECS - from 0 to 100
ECS - from 0 to 100
Vitaliy Kuznetsov
 
AWS Elastic Container Service (ECS) with a CI Pipeline Overview
AWS Elastic Container Service (ECS) with a CI Pipeline OverviewAWS Elastic Container Service (ECS) with a CI Pipeline Overview
AWS Elastic Container Service (ECS) with a CI Pipeline Overview
Wyn B. Van Devanter
 
AWS ECS Meetup Talentica
AWS ECS Meetup TalenticaAWS ECS Meetup Talentica
AWS ECS Meetup Talentica
Anshul Patel
 
Amazon EKS Deep Dive
Amazon EKS Deep DiveAmazon EKS Deep Dive
Amazon EKS Deep Dive
Andrzej Komarnicki
 
ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day
ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container DayECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day
ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day
Amazon Web Services Korea
 
Advanced Scheduling with Amazon ECS (September 2017)
Advanced Scheduling with Amazon ECS (September 2017)Advanced Scheduling with Amazon ECS (September 2017)
Advanced Scheduling with Amazon ECS (September 2017)
Julien SIMON
 
AWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul Maddox
AWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul MaddoxAWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul Maddox
AWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul Maddox
AWS Riyadh User Group
 
From Docker Straight to AWS
From Docker Straight to AWSFrom Docker Straight to AWS
From Docker Straight to AWS
DevOps.com
 
Amazon ECS (March 2016)
Amazon ECS (March 2016)Amazon ECS (March 2016)
Amazon ECS (March 2016)
Julien SIMON
 
Securing Containerized Workloads on Amazon ECs
Securing Containerized Workloads on Amazon ECsSecuring Containerized Workloads on Amazon ECs
Securing Containerized Workloads on Amazon ECs
Ravindu Fernando
 
Walk-through: Amazon ECS
Walk-through: Amazon ECSWalk-through: Amazon ECS
Walk-through: Amazon ECS
Knoldus Inc.
 
Ad

More from Shiva Narayanaswamy (11)

State of Union - Containerz
State of Union - ContainerzState of Union - Containerz
State of Union - Containerz
Shiva Narayanaswamy
 
Pets, Cattle, Rabbits and Microbes
Pets, Cattle, Rabbits and Microbes Pets, Cattle, Rabbits and Microbes
Pets, Cattle, Rabbits and Microbes
Shiva Narayanaswamy
 
AWS + Puppet = Dynamic Scale
AWS + Puppet = Dynamic ScaleAWS + Puppet = Dynamic Scale
AWS + Puppet = Dynamic Scale
Shiva Narayanaswamy
 
AWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro TipsAWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro Tips
Shiva Narayanaswamy
 
Dev/Test Environment Provisioning and Management on AWS
Dev/Test Environment Provisioning and Management on AWSDev/Test Environment Provisioning and Management on AWS
Dev/Test Environment Provisioning and Management on AWS
Shiva Narayanaswamy
 
Application Lifecycle Management and Event Driven Programming on AWS
Application Lifecycle Management and Event Driven Programming on AWSApplication Lifecycle Management and Event Driven Programming on AWS
Application Lifecycle Management and Event Driven Programming on AWS
Shiva Narayanaswamy
 
Leveraging elastic web scale computing with AWS
Leveraging elastic web scale computing with AWS Leveraging elastic web scale computing with AWS
Leveraging elastic web scale computing with AWS
Shiva Narayanaswamy
 
Running Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWSRunning Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWS
Shiva Narayanaswamy
 
AWS EC2 and ELB troubleshooting
AWS EC2 and ELB troubleshootingAWS EC2 and ELB troubleshooting
AWS EC2 and ELB troubleshooting
Shiva Narayanaswamy
 
Continuous delivery and deployment on AWS
Continuous delivery and deployment on AWSContinuous delivery and deployment on AWS
Continuous delivery and deployment on AWS
Shiva Narayanaswamy
 
Introduction to DevOps on AWS
Introduction to DevOps on AWSIntroduction to DevOps on AWS
Introduction to DevOps on AWS
Shiva Narayanaswamy
 
State of Union - Containerz
State of Union - ContainerzState of Union - Containerz
State of Union - Containerz
Shiva Narayanaswamy
 
Pets, Cattle, Rabbits and Microbes
Pets, Cattle, Rabbits and Microbes Pets, Cattle, Rabbits and Microbes
Pets, Cattle, Rabbits and Microbes
Shiva Narayanaswamy
 
AWS + Puppet = Dynamic Scale
AWS + Puppet = Dynamic ScaleAWS + Puppet = Dynamic Scale
AWS + Puppet = Dynamic Scale
Shiva Narayanaswamy
 
AWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro TipsAWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro Tips
Shiva Narayanaswamy
 
Dev/Test Environment Provisioning and Management on AWS
Dev/Test Environment Provisioning and Management on AWSDev/Test Environment Provisioning and Management on AWS
Dev/Test Environment Provisioning and Management on AWS
Shiva Narayanaswamy
 
Application Lifecycle Management and Event Driven Programming on AWS
Application Lifecycle Management and Event Driven Programming on AWSApplication Lifecycle Management and Event Driven Programming on AWS
Application Lifecycle Management and Event Driven Programming on AWS
Shiva Narayanaswamy
 
Leveraging elastic web scale computing with AWS
Leveraging elastic web scale computing with AWS Leveraging elastic web scale computing with AWS
Leveraging elastic web scale computing with AWS
Shiva Narayanaswamy
 
Running Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWSRunning Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWS
Shiva Narayanaswamy
 
AWS EC2 and ELB troubleshooting
AWS EC2 and ELB troubleshootingAWS EC2 and ELB troubleshooting
AWS EC2 and ELB troubleshooting
Shiva Narayanaswamy
 
Continuous delivery and deployment on AWS
Continuous delivery and deployment on AWSContinuous delivery and deployment on AWS
Continuous delivery and deployment on AWS
Shiva Narayanaswamy
 
Introduction to DevOps on AWS
Introduction to DevOps on AWSIntroduction to DevOps on AWS
Introduction to DevOps on AWS
Shiva Narayanaswamy
 
Ad

Recently uploaded (19)

project_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptxproject_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptx
redzuriel13
 
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation TemplateSmart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
yojeari421237
 
DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)
APNIC
 
White and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptxWhite and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptx
canumatown
 
Perguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolhaPerguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolha
socaslev
 
Best web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you businessBest web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you business
steve198109
 
5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx
andani26
 
Computers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers NetworksComputers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers Networks
Tito208863
 
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
DataProvider1
 
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC
 
Understanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep WebUnderstanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep Web
nabilajabin35
 
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 SupportReliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
steve198109
 
OSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description fOSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description f
cbr49917
 
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHostingTop Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
steve198109
 
highend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptxhighend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptx
elhadjcheikhdiop
 
Determining Glass is mechanical textile
Determining Glass is mechanical textileDetermining Glass is mechanical textile
Determining Glass is mechanical textile
Azizul Hakim
 
IT Services Workflow From Request to Resolution
IT Services Workflow From Request to ResolutionIT Services Workflow From Request to Resolution
IT Services Workflow From Request to Resolution
mzmziiskd
 
(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security
aluacharya169
 
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry SweetserAPNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC
 
project_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptxproject_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptx
redzuriel13
 
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation TemplateSmart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
yojeari421237
 
DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)
APNIC
 
White and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptxWhite and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptx
canumatown
 
Perguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolhaPerguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolha
socaslev
 
Best web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you businessBest web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you business
steve198109
 
5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx
andani26
 
Computers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers NetworksComputers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers Networks
Tito208863
 
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
DataProvider1
 
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC
 
Understanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep WebUnderstanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep Web
nabilajabin35
 
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 SupportReliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
steve198109
 
OSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description fOSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description f
cbr49917
 
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHostingTop Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
steve198109
 
highend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptxhighend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptx
elhadjcheikhdiop
 
Determining Glass is mechanical textile
Determining Glass is mechanical textileDetermining Glass is mechanical textile
Determining Glass is mechanical textile
Azizul Hakim
 
IT Services Workflow From Request to Resolution
IT Services Workflow From Request to ResolutionIT Services Workflow From Request to Resolution
IT Services Workflow From Request to Resolution
mzmziiskd
 
(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security
aluacharya169
 
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry SweetserAPNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC
 

ECS and ECR deep dive

  • 1. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Apr 21 2016 Amazon EC2 Container Service Deep Dive Shiva N, Solution Architect, AWS
  • 2. Agenda The Basics Infrastructure Setup Infrastructure Management Deploying Applications PaaS on ECS Using the CLI
  • 5. Amazon ECS Infrastructure Setup Amazon ECS Cluster Setup Amazon ECR Setup
  • 7. Amazon ECS Cluster Setup There are many ways to provision cluster infrastructure v AWS – CloudFormation, Simple Systems Manager, Autoscale Groups, OpsWorks, ECS-CLI v Others - Terraform, PaaS, Partners Let’s talk about CloudFormation
  • 8. Cluster Setup with AWS CloudFormation CloudFormation supports ECS cluster, service and task definition resources Use AWS::IAM::Role to create ECS service role and container instances role Launch container instances using AWS:AutoScaling::LaunchConfiguation and AWS:AutoScaling::AutoScalingGroup
  • 9. Cluster Setup with AWS CloudFormation "Resources" : { "ECSCluster": { "Type": "AWS::ECS::Cluster" }, "ECSAutoScalingGroup" : { "Type" : "AWS::AutoScaling::AutoScalingGroup", "Properties" : { "VPCZoneIdentifier" : { "Ref" : "SubnetID" }, "LaunchConfigurationName" : { "Ref" : "ContainerInstances" }, "MinSize" : "1", "MaxSize" : { "Ref" : "MaxSize" }, "DesiredCapacity" : { "Ref" : "DesiredCapacity" } }, […] },
  • 10. Cluster Setup with AWS CloudFormation "ContainerInstances": { "Type": "AWS::AutoScaling::LaunchConfiguration", "Metadata" : { "AWS::CloudFormation::Init" : { "config" : { "commands" : { "01_add_instance_to_cluster" : { "command" : { "Fn::Join": [ "", [ "#!/bin/bashn", "echo ECS_CLUSTER=", { "Ref": "ECSCluster" }, " >> /etc/ecs/ecs.config" ] ] } } }, […] } } }
  • 12. Amazon ECR Setup You have read and write access to the repositories you create in your default registry, i.e. <aws_account_id>.dkr.ecr.us-east-1.amazonaws.com Repository names can support namespaces, e.g. team- a/web-app. Repositories can be controlled with both IAM user access policies and repository policies.
  • 13. Amazon ECR Setup # Authenticate Docker to your Amazon ECR registry > aws ecr get-login docker login -u AWS -p <password> -e none https://<aws_account_id>.dkr.ecr.us-east- 1.amazonaws.com > docker login -u AWS -p <password> -e none https://<aws_account_id>.dkr.ecr.us-east- 1.amazonaws.com # Create a repository called ecr-demo > aws ecr create-repository --repository-name ecr-demo # Push an image to your repository > docker push <aws_account_id>.dkr.ecr.us-east-1.amazonaws.com/ecr-demo:v1
  • 15. Amazon ECS Infrastructure Management Monitoring & Logging Scaling ECS Service Discovery & Configuration Management Security
  • 17. Monitoring and Logging on Amazon ECS Monitoring with Amazon CloudWatch Configuring logging in Task Definition Amazon CloudTrail Monitoring Amazon ECS with Datadog Monitoring Amazon ECS with Sysdig Cloud
  • 18. Monitoring with Amazon CloudWatch Metric data sent to CloudWatch in 1-minute periods and recorded for a period of two weeks Available metrics: CPUReservation, MemoryReservation, CPUUtilization, MemoryUtilization Available dimensions: ClusterName, ServiceName
  • 20. Monitoring with Amazon CloudWatch Use the Amazon CloudWatch Monitoring Scripts to monitor additional metrics, e.g. disk space: # Edit crontab > crontab -e # Add command to report disk space utilization to CloudWatch every five minutes */5 * * * * <path_to>/mon-put-instance-data.pl --disk-space-util --disk-space-used --disk- space-avail --disk-path=/ --from-cron
  • 21. Configuring Logging in Task Definition logConfiguration task definition parameter Requires version 1.18 or greater of the Docker Remote API Maps to docker run --log-driver option Log drivers: json-file, syslog, journald, gelf, fluentd
  • 22. Logging with Amazon CloudWatch Logs • Logging container with syslogd and CloudWatch Logs Agent • Attach /var/log Volume to Logging container (Sidecar pattern) • Link other containers syslogd CloudWatch Logs Agent CloudWatch Logs Container instance ECS Cluster ECS Agent Logs Docker Logs
  • 23. Logging Amazon ECS API with AWS CloudTrail { "eventVersion": "1.03", "userIdentity": {…}, "eventTime": "2015-10-12T13:57:33Z", "eventSource": "ecs.amazonaws.com", "eventName": "CreateCluster", "awsRegion": "eu-west-1", "sourceIPAddress": "54.240.197.227", "userAgent": "console.amazonaws.com", "requestParameters": { "clusterName": "ecs-cli" },
  • 24. Logging Amazon ECS API with AWS CloudTrail "responseElements": { "cluster": { "clusterArn": "arn:aws:ecs:eu-west- 1:560846014933:cluster/ecs-cli", "pendingTasksCount": 0, "registeredContainerInstancesCount": 0, "status": "ACTIVE", "runningTasksCount": 0, "clusterName": "ecs-cli", "activeServicesCount": 0 } }, […]
  • 25. Monitoring Amazon ECS with Datadog
  • 26. Monitoring Amazon ECS with Sysdig Cloud
  • 28. Scaling Amazon ECS AutoScaling your Amazon ECS cluster Scaling your Services with Lambda
  • 29. Setup ECS Cluster with AutoScaling Create LaunchConfiguration • Pick instance type depending on resource requirements, e.g. memory or CPU • Use latest Amazon Linux ECS-optimized AMI, other distros available Create AutoScaling group and set to cluster initial size
  • 30. AutoScaling your Amazon ECS Cluster • Create CloudWatch alarm on a metric, e.g. MemoryReservation • Configure scaling policies to increase and decrease the size of your cluster
  • 31. Scaling your Services with Lambda • Cloudwatch metrics tied to SNS • SNS triggers Lambda Container Scaling function • Lambda scales task count on cluster • Bonus - Extensible ‘cluster intelligence’ layer
  • 33. Service Discovery on Amazon ECS Service Discovery with ECS Services & Route 53 Service Discovery with Weaveworks Service Discovery and Configuration Management with Consul Service Discovery and Configuration Management with etcd
  • 34. Service Discovery with ECS Services & Route 53 • Route 53 private hosted zone • Set search path on hosts with DHCP option sets • Define ECS services with ELB • Create CNAMEs for each ELB
  • 35. Service Discovery with ECS Services & Route 53 Task Task TaskTask ECS Service Application router, e.g. nginx Internal ELB with CNAME, e.g. api.example.com Route 53 private zone, e.g. example.com
  • 36. Service Discovery with Weaveworks DNS interface for cross-host container communication Gossip protocol to share grouped updates Overlay network between hosts
  • 37. Service Discovery and Configuration Management with Consul Three main components: • Consul agent - Runs on each node, responsible for checking the health of the services and of the node itself. • One or more Consul servers - Store and replicate data, leader elected using the Raft consensus algorithm • Registrator agent - Automatically register/deregisters services based on published ports and metadata from the container environment variables defined in the ECS task definition
  • 38. Service Discovery and Configuration Management with Consul ECSCluster consul-server ECS Instance consul-agent registrator ECS Instance Back end 1 Back end 2 consul-agent registrator ECS Instance Front end ECSCluster
  • 39. Service Discovery and Configuration Management with etcd etcd registrator ECS Instance Container 1 Container 2 confd etcd registrator ECS Instance Container 1 Container 2 confd etcd registrator ECS Instance Container 1 Container 2 confd
  • 41. Security ECS IAM Policies and Roles ECR IAM Policies and Roles Image Vulnerability Scanning with Twistlock
  • 42. ECS IAM Policies and Roles The ECS agent calls the ECS APIs on your behalf, so container instances require an IAM policy and role that allows these calls. The ECS service scheduler calls the EC2 and ELB APIs on your behalf to register and deregister container instances with your load balancers. Use AmazonEC2ContainerServiceforEC2Role and AmazonEC2ContainerServiceRole managed policies (respectively)
  • 43. ECR IAM Policies and Roles ECR uses resource-based permissions to control access. By default, only the repository owner has access to a repository. You can apply a policy document that allows others to access your repository. Use managed policies for IAM users or roles that allow differing levels of control: AmazonEC2ContainerRegistryFullAccess, AmazonEC2ContainerRegistryPowerUser or AmazonEC2ContainerRegistryReadOnly
  • 48. Scheduling Containers on ECS Batch Jobs ECS Task scheduler Run tasks once Batch jobs RunTask (random) StartTask (placed) Long-Running Apps ECS Service scheduler Health management Scale-up and scale-down AZ aware Grouped Containers
  • 49. Scheduling Containers: Long-running App Optionally run your service behind a load balancer. One load balancer per service. ELB currently supports a fixed relationship between the load balancer port and the container instance port. If a task fails the ELB health check, the task is killed and restarted (until service reaches desired capacity).
  • 50. Scheduling Containers: Long-running App Update service’s task definition (rolling update) Specify a deployment configuration for your service: • minimumHealthyPercent: lower limit (as a percentage of the service's desiredCount) of the number of running tasks that must remain running in a service during a deployment. • maximumPercent: upper limit (as a percentage of the service's desiredCount) of the number of running tasks that can be running in a service during a deployment.
  • 51. Scheduling Containers: Long-running app Deploy using the least space: minimumHealthyPercent = 50%, maximumPercent = 100%
  • 52. Scheduling Containers: Long-running App Deploy quickly without reducing service capacity: minimumHealthyPercent = 100%, maximumPercent = 200%
  • 53. Scheduling Containers: Long-running App Blue-Green Deployments • Define two ECS services • Each service is associated w/ ELB • Both ELBs in Route 53 record set with weighted routing policy, 100% Primary, 0% Secondary • Deploy to Blue or Green service and switch weights TaskTask Route 53 record set with weighted routing policy 0% 100%
  • 55. Automating Deployments Continuous Delivery to ECS with Jenkins Continuous Delivery to ECS with Shippable
  • 56. Continuous Delivery to ECS with Jenkins 4. Push image to Docker registry 2. Build image from sources 3. Run test on image 1. Code push triggers build 5. Update Service 6. Pull image
  • 57. Continuous Delivery to ECS with Jenkins Easy Deployment Developers – Merge into master, done! Jenkins Build Steps Trigger via Webhooks, Monitoring, Lambda Build Docker image via Build and Publish plugin Push Docker image into Registry Register Updated Job with ECS API
  • 58. Continuous Delivery to ECS with Shippable
  • 61. PaaS on ECS AWS Elastic Beanstalk Convox Remind Empire
  • 62. AWS Elastic Beanstalk Uses Amazon ECS to coordinate deployments to multicontainer Docker environments Takes care of tasks including cluster creation, task definition and execution
  • 63. AWS Elastic Beanstalk Elastic Beanstalk uses a Dockerrun.aws.json file that describes how to deploy containers. The Dockerrun.aws.json file includes three sections: • AWSEBDockerrunVersion: Set to "2" for multicontainer Docker environments. • containerDefinitions: An array of container definitions. • volumes: Creates mount points in the container instance that a container can use.
  • 65. Convox # Initialize your app and create default manifest > convox init # Locally build and run your app as declared in the manifest > convox start # Create app > convox apps create my_app # Deploy app, output ELB DNS name > convox deploy [...] web: http://my_app-1234567890.us-east-1.elb.amazonaws.com
  • 66. Remind Empire Control layer on top of Amazon ECS that provides a Heroku like workflow Any tagged Docker image can be deployed to Empire as an app • When you deploy a Docker image to Empire, it will extract a Procfile from the WORKDIR • Each process type in the Procfile maps directly to an ECS Service
  • 67. Remind Empire Routing layer backed by internal ELBs • An application that specifies a web process will get an internal ELB attached to its ECS Service • When a new internal ELB is created, an associated CNAME record is created in Route53 under the internal TLD, enabling service discovery via DNS
  • 69. Using the CLI Configuring the ECS CLI Cluster Setup with the ECS CLI Deploy Compose App with ECS CLI Scaling with ECS CLI
  • 70. Configuring the ECS CLI Easily create Amazon ECS clusters & supporting resources such as EC2 instances Run Docker Compose configuration files on Amazon ECS Available today – http://amzn.to/1jBf45a
  • 71. Configuring the ECS CLI # Configure the CLI using environment variables > export AWS_ACCESS_KEY_ID=<my_access_key> > export AWS_SECRET_ACCESS_KEY=<my_secret_key> > ecs-cli configure --region us-east-1 --access-key $AWS_ACCESS_KEY_ID --secret-key $AWS_SECRET_ACCESS_KEY --cluster ecs-cli-demo # Configure the CLI using an existing AWS CLI profile > ecs-cli configure --region us-west-2 --profile ecs-profile -- cluster ecs-cli-demo
  • 72. Cluster Setup with the ECS CLI # Creates a new ECS cluster with two container instances in an existing VPC > ecs-cli up --capability-iam --keypair my_ecs_keypair --size 2 - -security-group sg-a12bc34d --vpc vpc-0e9dc8b7 --subnets subnet- 12ab34cd,subnet-56ef78ab --instance-type t2.medium # Creates a new ECS cluster with one container instance in a new VPC > ecs-cli up --capability-iam --keypair my_ecs_keypair --azs us- east-1a,us-east-1c --cidr 192.169.0.0/24 --port 22 --instance- type t2.medium
  • 73. Deploy Compose App with ECS CLI Docker Compose lets you define and run multi-container applications: 1. Define app environment with Dockerfile 2. Define services that make up your app in docker- compose.yml 3. Run docker-compose up to start and run entire app
  • 74. Deploy Compose App with ECS CLI proxy: build: ./proxy ports: - "80:80" links: - web web: build: ./web command: bundle exec rails server -b 0.0.0.0 environment: - SECRET_KEY_BASE=secretkey expose: - "3000"
  • 75. Deploy Compose App with ECS CLI > ecs-cli compose up > ecs-cli compose ps > ecs-cli compose service create > ecs-cli compose service start
  • 76. Scaling with ECS CLI > ecs-cli scale n > ecs-cli compose scale n > ecs-cli compose service scale n