This blog guide you to push any basic images from docker hub to ECR and use that images in ECS using AWS Fargate for building containerize application.
- AWS ECS
- AWS ECR
- AWS Fargate
What is ECS(Elastic Container Service)?
Amazon Elastic Container Service (Amazon ECS) is a highly scalable, high-performance container orchestration service that supports Docker containers and allows you to easily run and scale containerized applications on AWS. Amazon ECS eliminates the need for you to install and operate your own container orchestration software, manage and scale a cluster of virtual machines, or schedule containers on those virtual machines.
With simple API calls, you can launch and stop Docker-enabled applications, query the complete state of your application, and access many familiar features such as IAM roles, security groups, load balancers, Amazon CloudWatch Events, AWS CloudFormation templates, and AWS CloudTrail logs.
What is ECR(Elastic Container Registry)?
Amazon Elastic Container Registry (ECR) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images. Amazon ECR is integrated with Amazon Elastic Container Service (ECS), simplifying your development to production workflow. Amazon ECR eliminates the need to operate your own container repositories or worry about scaling the underlying infrastructure. Amazon ECR hosts your images in a highly available and scalable architecture, allowing you to reliably deploy containers for your applications. Integration with AWS Identity and Access Management (IAM) provides resource-level control of each repository. With Amazon ECR, there are no upfront fees or commitments. You pay only for the amount of data you store in your repositories and data transferred to the Internet.
What is AWS Fargate?
AWS Fargate is a compute engine for Amazon ECS that allows you to run containers without having to manage servers or clusters. With AWS Fargate, you no longer have to provision, configure, and scale clusters of virtual machines to run containers. This removes the need to choose server types, decide when to scale your clusters, or optimize cluster packing. AWS Fargate removes the need for you to interact with or think about servers or clusters. Fargate lets you focus on designing and building your applications instead of managing the infrastructure that runs them.
Summary of the ECS Terms
First we need to cover ECS terminology:
- Task Definition — This a blueprint that describes how a docker container should launch. If you are already familiar with AWS, it is like a LaunchConfig except instead it is for a docker container instead of a instance. It contains settings like exposed port, docker image, cpu shares, memory requirement, command to run and environmental variables.
- Task — This is a running container with the settings defined in the Task Definition. It can be thought of as an “instance” of a Task Definition.
- Service — Defines long running tasks of the same Task Definition. This can be 1 running container or multiple running containers all using the same Task Definition.
- Cluster — A logic group of EC2 instances. When an instance launches the ecs-agent software on the server registers the instance to an ECS Cluster. This is easily configurable by setting the ECS_CLUSTER variable in /etc/ecs/ecs.config described here.
- Container Instance — This is just an EC2 instance that is part of an ECS Cluster and has docker and the ecs-agent running on it.
I remember when I first got introduced to the all the terms, I quickly got confused. AWS provides nice detailed diagrams to help explain the terms. Here is a simplified diagram to help visualize and explain the terms.
In this diagram you can see that there are 4 running Tasks or Docker containers. They are part of an ECS Service. The Service and Tasks span 2 Container Instances. The Container Instances are part of a logical group called an ECS Cluster.
I did not show a Task Definition in the diagram because a Task is simply an “instance” of Task Definition.
Step by step guide of ECS Configuration using ECR
- Create repository in ECR
2. Get login access to push docker image in ECR using AWS CLI
Run the aws ecr get-login command. The example below is for the default registry associated with the account making the request. To access other account registries, use the
--registry-ids aws_account_id option. For more information, see get-login in the AWS CLI Command Reference.
aws ecr get-login --region region --no-include-email
Copy and paste the docker login command into a terminal to authenticate your Docker CLI to the registry. This command provides an authorization token that is valid for the specified registry for 12 hours.
3. Get a Docker Image
Before you can push an image to Amazon ECR, you must have one to push. If you do not already have an image to use, you can create one by following the steps in Docker Basics for Amazon ECR. Or, pull an image from Docker Hub that you would like to have in your Amazon ECR registry. To pull the wordpress image from Docker Hub to your local system, run the following command:
4. Push an Image to Amazon ECR
Now you can push your image to the Amazon ECR repository you created in the previous section. You use the docker CLI to push images, but there are a few prerequisites that must be satisfied for this to work properly:
- The minimum version of docker is installed: 1.7
- The Amazon ECR authorization token has been configured with docker login.
- The Amazon ECR repository exists and the user has access to push to the repository.
After those prerequisites are met, you can push your image to your newly created repository in the default registry for your account.
To tag and push an image to Amazon ECR
List the images you have stored locally to identify the image to tag and push. Tag the image to push to your repository.
docker tag ubuntu:trusty aws_account_id.dkr.ecr.us-east-1.amazonaws.com/wordpress:latest
push the image
docker push aws_account_id.dkr.ecr.us-east-1.amazonaws.com/wordpress:latest
5. Create custom cluster in ECS
Select custom cluster using manually configuration by providing ECR repository.
Create container from ECR repository
Task Definition provide task to cluster to launch docker image in cluster
Open wordpress site using public DNS of load balance
It is quickest to use the AWS Console to delete the following resources:
- ECS Cluster
- CloudFormation stack
You can scale cluster by updating task and changing running version of task.
Overall, I think that ECS is a pretty amazing service and it has taken the hassle of managing docker orchestration and provisioning responsibility away.