SlideShare a Scribd company logo

Deep Dive into Amazon ECS & Fargate

Amazon Web Services
Amazon Web Services

RISE Conference 2018 - Hong Kong Developer Workshop: Deep Dive into Amazon ECS & Fargate - Donnie Prakoso

1 of 51
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. R I S E – D eve lo p e r Wo r ks h o p Deep Dive into Amazon ECS and AWS Fargate Hong Kong, July 2018 @donnieprakoso
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Application environment components Runtime Engine Code Dependencies Configuration
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Local Laptop Staging / QA UAT Production Different environments
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Local Laptop Staging / QA Production On-Prem It worked on my machine, why not in prod? v6.0.0 v7.0.0 v4.0.0 v7.0.0
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. WHY DO WE LOVE CONTAINERS? Packaging Distribution Immutable infrastructure
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. BUILDING AN ECOSYSTEM
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Elastic Container Registry Fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images.
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Base image Image Image Container
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Elastic Container Service Highly scalable, high-performance container orchestration service that supports Docker containers and allows you to easily run and scale containerized applications on AWS
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Running a single host is easy Server Guest OS Bins/Libs Bins/Libs App2App1
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. A few hosts? Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Many hosts! Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PRODUCTION WORKLOADS ON AWS AWS VPC networking mode Advanced task placement Deep integration with AWS platform ECS CLI…{ } Global footprint Powerful scheduling engines Auto scaling CloudWatch metrics Load balancers Linux & Windows
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Make containers tasks a fundamental compute primitive
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ENABLE FOCUS ON APPLICATIONS
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. INTRODUCING AWS FARGATE!
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. No instances to manage Task native API Resource based pricing Simple, easy to use, powerful – and new consumption model = CHANGING COMPUTE CONSUMPTION MODEL
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scheduling and Orchestration Cluster Manager Placement Engine RUNNING CONTAINERS AT SCALE WITH ECS Availability Zone #1 Availability Zone #2 Availability Zone #3
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scheduling and Orchestration Cluster Manager Placement Engine ECS AMI Docker agent ECS agent EC2 Instance ECS AMI Docker agent ECS agent EC2 Instance ECS AMI Docker agent ECS agent EC2 Instance
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Define application containers: Image URL, CPU & Memory requirements, etc. register Task Definition create Cluster • Infrastructure Isolation boundary • IAM Permissions boundary run Task • A running instantiation of a task definition • Use FARGATE launch type create Service Elastic Load Balancer • Maintain n running copies • Integrated with ELB • Unhealthy tasks automatically replaced CONSTRUCTS
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. TASK DEFINITION { "family": “scorekeep", "containerDefinitions": [ { "name":“scorekeep-frontend", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/fe" }, { "name":“scorekeep-api", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/api" } ] } Immutable, versioned document Identified by family:version Contains a list of up to 10 container definitions All containers are co-located on the same host Each container definition has: • A name • Image URL (Amazon ECR or Public Images) • And more…stay tuned! Task Definition Snippet
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon ECS - Cluster EC2 INSTANCES LOAD BALANCER ECS AGENT TASK Container TASK Container ECS AGENT TASK Container TASK Container AGENT COMMUNICATION SERVICE Amazon ECS API CLUSTER MANAGEMENT ENGINE KEY/VALUE STORE ECS AGENT TASK Container TASK Container LOAD BALANCER
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon ECS - Task EC2 INSTANCES LOAD BALANCER ECS AGENT TASK Container TASK Container ECS AGENT TASK Container TASK Container AGENT COMMUNICATION SERVICE Amazon ECS API CLUSTER MANAGEMENT ENGINE KEY/VALUE STORE ECS AGENT TASK Container TASK Container LOAD BALANCER
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon ECS - Service EC2 INSTANCES LOAD BALANCER ECS AGENT TASK Container TASK Container ECS AGENT TASK Container TASK Container AGENT COMMUNICATION SERVICE API CLUSTER MANAGEMENT ENGINE KEY/VALUE STORE ECS AGENT TASK Container TASK Container LOAD BALANCER Amazon ECS
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CPU & MEMORY SPECIFICATION { "family": "scorekeep", "cpu": "1 vCpu", "memory": "2 gb", "containerDefinitions": [ { "name":“scorekeep-frontend", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/fe“, "cpu": 256, "memoryReservation": 512 }, { "name":“scorekeep-api", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/api", "cpu": 768, "memoryReservation": 512 } ] } Units • CPU : cpu-units. 1 vCPU = 1024 cpu-units • Memory : MB (2^20) Task Level Resources: • Total Cpu/Memory across all containers • Required fields • Billing axis Container Level Resources: • Defines sharing of task resources among containers • Optional fields Task Level Resources Container Level Resources Task Definition Snippet
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CONTAINER CPU SHARING • Task CPU is the total CPU available for all containers in the task definition • Container CPU is optional. By default all containers get an equal share of task CPU time • Specify container CPU to control relative sharing among containers In our example: scorekeep-frontend = 256; scorekeep-api = 768; Task CPU = 1024 scorekeep-api container scorekeep-frontend container Container 1 Container 2 Task CPU = 1024
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CONTAINER MEMORY SHARING • Task memory is the total memory available for all containers • Container level memory settings are optional. By default all task memory is available to all containers • Memory reservation is a soft lower bound. Can kick in when task memory is under contention In our example: scorekeep-frontend = 512 mb; scorekeep-api = 512 mb; • Memory is a hard upper bound. Container will not be allowed to grow beyond this value Task Memory = 2 gb scorekeep-api container scorekeep-frontend container Available for all Container 1 Container 2Available for all Task Memory = 2 gb non-critical container critical container Task Memory = 2gb Memory Reservation Memory Reservation Memory Reservation Hard Memory Limit
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. TASK CPU MEMORY CONFIGURATIONS 50 different CPU/Memory configurations to choose from CPU Memory 256 units (.25 vCPU) 512MB, 1GB, 2GB 512 units (.5 vCPU) Between 1GB & 4GB in 1GB increments 1024 units (1 vCPU) Between 2GB & 8GB in 1GB increments 2048 units (2 vCPU) Between 4GB & 16GB in 1GB increments 4096 units (4 vCPU) Between 8GB & 30GB in 1GB increments
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PLATFORM VERSION What is it? • It refers to a specific runtime environment around your task • Combination of Kernel version & container runtime version • Available today: 1.1.0 • New versions will be released as the runtime environment evolves: Kernel/OS updates, new features, bug fixes, and security updates Why expose it? • Gives you explicit control over • Migration to new platform versions • Rollback to previous platform versions How do I use it? $ aws ecs run-task ... --platform-version 1.1.0 $ aws ecs run-task ... --platform-version LATEST #or just leave it blank
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VPC INTEGRATION 172.31.0.0/16 Subnet 172.31.1.0/24 Internet Other Entities in VPC EC2 LB DB etc. Private IP 172.31.1.164 Launch your Fargate Tasks into subnets Under the hood : • We create an Elastic Network Interface (ENI) • The ENI is allocated a private IP from your subnet • The ENI is attached to your task • Your task now has a private IP from your subnet! You can assign public IPs to your tasks Configure security groups to control inbound & outbound traffic Spread your application across subnets in multiple Availability Zones (AZs) for high redundancy us-east-1a us-east-1b us-east-1c ENI Fargate TaskPublic / 208.57.73.13 /
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VPC CONFIGURATION { "family": "scorekeep", "cpu": "1 vCpu", "memory": "2 gb", "networkMode": "awsvpc", "containerDefinitions": [ { "name":“scorekeep-frontend", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/fe", "cpu": 256, "memoryReservation": 512 }, { "name":“scorekeep-api", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/api", "cpu": 768, "memoryReservation": 512 } ] } $ aws ecs run-task ... -- task-definition scorekeep:1 -- network-configuration “awsvpcConfiguration = { subnets=[subnet1-id, subnet2-id], securityGroups=[sg-id] }” Enables ENI creation & attachment to Task Run Task Task Definition
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. INTERNET ACCESS The Task ENI is used for all inbound & outbound network traffic to and from your task It is also used for: • Image Pull (from ECR or a public repository) • Pushing to Amazon CloudWatch logs Both these endpoints need to be reachable via your task ENI Two common modes of setup: • Private with no inbound internet traffic, but allows outbound internet access • Public task with both inbound and outbound internet access
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PRIVATE TASK SETUP Public subnet Private subnet Fargate TaskENI Private IP 172.31.1.164 NAT Gateway Public EIP 34.214.162.237 Internet Gateway 172.31.0.0/16 172.31.2.0/24 172.31.1.0/24 Destination Target 172.31.0.0/16 local 0.0.0.0/0 NAT Gateway Destination Target 172.31.0.0/16 local 0.0.0.0/0 Internet Gateway Route Tables Internet Attach Internet Gateway to VPC Setup a Public Subnet with • Route to Internet Gateway • NAT Gateway Setup Private Subnet with • Fargate Task • Route to NAT Gateway Security Group to allow outbound traffic Type Port Destination All Traffic ALL 0.0.0.0/0 Outbound Security Group Rules
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Outbound Inbound PUBLIC TASK SETUP Public subnet Fargate Task Public IP 54.191.135.66 Internet Gateway 172.31.0.0/16 172.31.2.0/24 Destination Target 172.31.0.0/16 local 0.0.0.0/0 Internet Gateway Route Table Internet ENI $ aws ecs run-task ... -- task-definition scorekeep:1 -- network-configuration “awsvpcConfiguration = { subnets=[public-subnet], securityGroups=[sg-id], }” Launch the task into a Public subnet Give it a public IP address Security Group to allow the expected inbound traffic Discover the public IP by describing the ENI attached to the task Type Port Source HTTP 8080 0.0.0.0/0 Inbound Security Group Rule Type Port Destination All Traffic ALL 0.0.0.0/0 Outbound Security Group Rules assignPublicIp=ENABLED
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ELB SETUP • ELB integration supported on services • ALB & NLB supported • ALB requires that you pick at least two subnets in two different AZs • Ensure that the ALB subnet AZs are a superset of your task subnet AZs • Select ALB Target type: IP (not Instance)
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ELB CONFIGURATION { "family": "scorekeep", "cpu": "1 vCpu", "memory": "2 gb", "networkMode": “awsvpc“, "containerDefinitions": [ { "name":“scorekeep-frontend", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/fe", "cpu": 256, "memoryReservation": 512, "portMappings": [ { "containerPort": 8080 } ] }, { "name":“scorekeep-api", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/api", "cpu": 768, "memoryReservation": 512, "portMappings": [ { "containerPort": 5000 } ] } ] } $ aws ecs create-service ... -- task-definition scorekeep:1 -- network-configuration “awsvpcConfiguration = { subnets=[subnet-id], securityGroups=[sg-id] }” -- load-balancers “[ { "targetGroupArn": “<insert arn>", "containerName": “scorekeep-frontend", "containerPort": 8080 } ]” Create Service Task Definition
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. INTERNET FACING ELB SETUP Public subnet Private subnet Fargate TaskENI Private IP 172.31.1.164 :8080 ALB Public IP 208.57.73.13 :80 172.31.0.0/16 172.31.2.0/24 172.31.1.0/24 Internet Task in private subnet with private IP ALB in public subnet with public IP Make sure the AZs of the two subnets match ALB security group to allow inbound traffic from internet Task security group to allow inbound traffic from the ALB’s security group Task Security GroupALB Security Group Type Port Source HTTP 80 0.0.0.0/0 Inbound Rule Type Port Source Custom TCP 8080 ALB Security Group Inbound Rule us-east-1a us-east-1a
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PERMISSION TIERS Cluster Permissions Application Permissions Task Housekeeping Permissions Cluster Fargate Task Cluster Permissions: Control who can launch, stop and describe tasks in your cluster Application Permissions: Allows your application containers to access AWS resources securely Housekeeping Permissions: Allows us to perform housekeeping activities around your task: • ECR Image Pull • CloudWatch logs pushing • ENI creation • Register/Deregister targets into ELB
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CLUSTER PERMISSIONS { "Effect": "Allow", "Action": [ "ecs:RunTask" ], "Condition": { "ArnEquals": {"ecs:cluster":"<cluster-arn>"} }, "Resource": [ “<task_def_family>:*" ] } You can tailor IAM policies for fine grained access control to your clusters Attach these policies to IAM Users and/or Roles as necessary Some example policies: Example 1: Allow RunTask in a specific cluster with a specific task definition only { "Effect": "Allow", "Action": [ "ecs:ListTasks“, “ecs:DescribeTasks” ], "Condition": { "ArnEquals": {"ecs:cluster":"<cluster-arn>"} }, "Resource": “*” } Example 2: Read-only access to tasks in a specific cluster and many more!
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. APPLICATION PERMISSIONS Do your application containers access other AWS resources? Need to get credentials down to the task? Create an IAM Role with the requisite permissions that your application needs. In our scorekeep example, DynamoDB & SNS permissions. Establish a trust relationship with ecs-tasks.amazonaws.com on that role. This lets us assume the role and wire the credentials down to your task. Add the role arn to your task definition and you’re done! AWS CLI/SDK calls from within your application will automatically use the Task Role credentials Credentials are temporary and rotated periodically Use a Task Role { "family": "scorekeep", "cpu": "1 vCpu", "memory": "2 gb", "networkMode": “awsvpc“, “taskRoleArn": “arn:aws...role/scorekeepRole“, "containerDefinitions": [ { "name":“scorekeep-frontend", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/fe", "cpu": 256, "memoryReservation": 512, "portMappings": [ { "containerPort": 8080 } ] }, { "name":“scorekeep-api", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/api", "cpu": 768, "memoryReservation": 512, "portMappings": [ { "containerPort": 5000 } ] } ] } Task Definition
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. HOUSEKEEPING PERMISSIONS • We need certain permissions in your account to bootstrap your task and keep it running. • Execution Role gives us permissions for: • ECR Image Pull • Pushing to CloudWatch logs • ECS Service Linked Role gives us permissions for: • ENI Management • ELB Target Registration/Deregistration
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. EXECUTION ROLE • Using an ECR Image or CloudWatch Logs? • Create an IAM Role. Add Read Permissions to ECR. Add Write Permissions to CloudWatch Logs • Establish trust relationship with ecs-tasks.amazonaws.com. This lets us assume the role • Add the execution role arn into your task definition Give us permissions via an Execution Role { "family": "scorekeep", "cpu": "1 vCpu", "memory": "2 gb", "networkMode": “awsvpc“, “taskRoleArn": “arn:aws...role/scorekeepRole“, “executionRoleArn": “arn:aws...role/scorekeepExecutionRole“, "containerDefinitions": [ { "name":“scorekeep-frontend", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/fe", "cpu": 256, "memoryReservation": 512, "portMappings": [ { "containerPort": 8080 } ] }, { "name":“scorekeep-api", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/api", "cpu": 768, "memoryReservation": 512, "portMappings": [ { "containerPort": 5000 } ] } ] } Task Definition
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ECS SERVICE LINKED ROLE • A service-linked role is a unique type of IAM role that is linked directly to an AWS service, in this case ECS • It has a predefined policy, that is immutable. In this case, ENI & ELB permissions • It has a trust relationship with ecs.amazonaws.com. Allows us to assume the role and perform ENI & ELB management on your behalf • It is automatically created in your account at cluster creation time • You don’t have to explicitly pass this role in the task definition or any API call • Just know about it in case you stumble upon it in the IAM console
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CLOUDWATCH LOGS CONFIGURATION • Use the awslogs driver to send stdout from your application to CloudWatch logs • Create a log group in CloudWatch • Configure the log driver in your task definition { "family": "scorekeep", ... "containerDefinitions": [ { "name":“scorekeep-frontend", ... "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-group": "scorekeep", "awslogs-region": “us-east-1", "awslogs-stream-prefix": "scorekeep/frontend“}} }, { "name":“scorekeep-api", ... "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-group": "scorekeep", "awslogs-region": “us-east-1", "awslogs-stream-prefix": "scorekeep/api"}} } ]} Task Definition
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CLOUDWATCH LOGS Logs Tab in the Task Detail Page View logs in the ECS or CloudWatch Console
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CLOUDWATCH METRICS FOR SERVICES ScorekeepService ScorekeepService Metrics tab in the service detail page
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DEBUGGING TIPS Task is not RUNNING? Inspect container stopped reason in the Task Detail page or via DescribeTasks API Task in STOPPED state Inspect Container Stopped Reasons
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DEBUGGING TIPS Service not scaling as expected? Check activity log in the Service Events tab or DescribeServices API Events Tab in the Service Detail Page Inspect activity messages Drill down into the task detail page for more
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. COMING UP NEXT How to: Build Data Driven Apps with GraphQL & AWS AppSync Adrian Hall | 1:00PM Thursday, July 12 10:00AM – Microservices for Startups 11:00AM – Serverless for Mobile Developers 12:00PM – How to: Simplify Container Deployment & Operations with Amazon ECS & Fargate 1:00PM – How to: Build Data Driven Apps with GraphQL & AWS AppSync 2:00PM – Serverless Architectural Patterns 3:00PM – Coordinating Microservices with AWS Step Functions 4:00PM – Theatre Review & Ask the Experts
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Go Build! Donnie Prakoso AWS Technology Evangelist, ASEAN @donnieprakoso donnie@amazon.com

Recommended

How To Run Your Containers on AWS with ECS & Fargate: Collision 2018
How To Run Your Containers on AWS with ECS & Fargate: Collision 2018How To Run Your Containers on AWS with ECS & Fargate: Collision 2018
How To Run Your Containers on AWS with ECS & Fargate: Collision 2018Amazon Web Services
 
Intro to Amazon ECS
Intro to Amazon ECSIntro to Amazon ECS
Intro to Amazon ECSAmazon Web Services
 
Introducing AWS Fargate
Introducing AWS FargateIntroducing AWS Fargate
Introducing AWS FargateAmazon Web Services
 
Introduction to Amazon EKS
Introduction to Amazon EKSIntroduction to Amazon EKS
Introduction to Amazon EKSAmazon Web Services
 
Amazon EKS Deep Dive
Amazon EKS Deep DiveAmazon EKS Deep Dive
Amazon EKS Deep DiveAndrzej Komarnicki
 
Deep Dive on Amazon Elastic Container Service (ECS) and Fargate
Deep Dive on Amazon Elastic Container Service (ECS) and FargateDeep Dive on Amazon Elastic Container Service (ECS) and Fargate
Deep Dive on Amazon Elastic Container Service (ECS) and FargateAmazon Web Services
 
Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon Web Services
 
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitKubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitAmazon Web Services
 

Recommended

How To Run Your Containers on AWS with ECS & Fargate: Collision 2018
How To Run Your Containers on AWS with ECS & Fargate: Collision 2018How To Run Your Containers on AWS with ECS & Fargate: Collision 2018
How To Run Your Containers on AWS with ECS & Fargate: Collision 2018Amazon Web Services
 
Intro to Amazon ECS
Intro to Amazon ECSIntro to Amazon ECS
Intro to Amazon ECSAmazon Web Services
 
Introducing AWS Fargate
Introducing AWS FargateIntroducing AWS Fargate
Introducing AWS FargateAmazon Web Services
 
Introduction to Amazon EKS
Introduction to Amazon EKSIntroduction to Amazon EKS
Introduction to Amazon EKSAmazon Web Services
 
Amazon EKS Deep Dive
Amazon EKS Deep DiveAmazon EKS Deep Dive
Amazon EKS Deep DiveAndrzej Komarnicki
 
Deep Dive on Amazon Elastic Container Service (ECS) and Fargate
Deep Dive on Amazon Elastic Container Service (ECS) and FargateDeep Dive on Amazon Elastic Container Service (ECS) and Fargate
Deep Dive on Amazon Elastic Container Service (ECS) and FargateAmazon Web Services
 
Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon Web Services
 
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitKubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitAmazon Web Services
 
Containers on AWS: An Introduction
Containers on AWS: An IntroductionContainers on AWS: An Introduction
Containers on AWS: An IntroductionAmazon Web Services
 
Kubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSKubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSAmazon Web Services
 
Aws VPC
Aws VPCAws VPC
Aws VPCAbhishek Amralkar
 
K8s on AWS: Introducing Amazon EKS
K8s on AWS: Introducing Amazon EKSK8s on AWS: Introducing Amazon EKS
K8s on AWS: Introducing Amazon EKSAmazon Web Services
 
AWS CloudFormation Masterclass
AWS CloudFormation MasterclassAWS CloudFormation Masterclass
AWS CloudFormation MasterclassAmazon Web Services
 
Amazon ECS Deep Dive
Amazon ECS Deep DiveAmazon ECS Deep Dive
Amazon ECS Deep DiveAmazon Web Services
 
CI/CD on AWS
CI/CD on AWSCI/CD on AWS
CI/CD on AWSAmazon Web Services
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
CI/CD pipelines on AWS - Builders Day Israel
CI/CD pipelines on AWS - Builders Day IsraelCI/CD pipelines on AWS - Builders Day Israel
CI/CD pipelines on AWS - Builders Day IsraelAmazon Web Services
 
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Web Services
 
Introduction to Serverless
Introduction to ServerlessIntroduction to Serverless
Introduction to ServerlessAmazon Web Services
 
An introduction to AWS CloudFormation - Pop-up Loft Tel Aviv
An introduction to AWS CloudFormation - Pop-up Loft Tel AvivAn introduction to AWS CloudFormation - Pop-up Loft Tel Aviv
An introduction to AWS CloudFormation - Pop-up Loft Tel AvivAmazon Web Services
 
Getting Started on Amazon EKS
Getting Started on Amazon EKSGetting Started on Amazon EKS
Getting Started on Amazon EKSMatthew Barlocker
 
Introduction to Amazon EC2
Introduction to Amazon EC2Introduction to Amazon EC2
Introduction to Amazon EC2Amazon Web Services
 
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Amazon Web Services
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
VPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPCVPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPCAmazon Web Services
 
Deep Dive on AWS Lambda
Deep Dive on AWS LambdaDeep Dive on AWS Lambda
Deep Dive on AWS LambdaAmazon Web Services
 
AWS VPN Solutions (NET304) - AWS re:Invent 2018
AWS VPN Solutions (NET304) - AWS re:Invent 2018AWS VPN Solutions (NET304) - AWS re:Invent 2018
AWS VPN Solutions (NET304) - AWS re:Invent 2018Amazon Web Services
 
Using Containers on AWS
Using Containers on AWSUsing Containers on AWS
Using Containers on AWSAmazon Web Services
 
Getting Started with Docker On AWS
Getting Started with Docker On AWSGetting Started with Docker On AWS
Getting Started with Docker On AWSAmazon Web Services
 

More Related Content

What's hot

Containers on AWS: An Introduction
Containers on AWS: An IntroductionContainers on AWS: An Introduction
Containers on AWS: An IntroductionAmazon Web Services
 
Kubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSKubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSAmazon Web Services
 
K8s on AWS: Introducing Amazon EKS
K8s on AWS: Introducing Amazon EKSK8s on AWS: Introducing Amazon EKS
K8s on AWS: Introducing Amazon EKSAmazon Web Services
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
CI/CD pipelines on AWS - Builders Day Israel
CI/CD pipelines on AWS - Builders Day IsraelCI/CD pipelines on AWS - Builders Day Israel
CI/CD pipelines on AWS - Builders Day IsraelAmazon Web Services
 
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Web Services
 
An introduction to AWS CloudFormation - Pop-up Loft Tel Aviv
An introduction to AWS CloudFormation - Pop-up Loft Tel AvivAn introduction to AWS CloudFormation - Pop-up Loft Tel Aviv
An introduction to AWS CloudFormation - Pop-up Loft Tel AvivAmazon Web Services
 
Getting Started on Amazon EKS
Getting Started on Amazon EKSGetting Started on Amazon EKS
Getting Started on Amazon EKSMatthew Barlocker
 
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Amazon Web Services
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
VPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPCVPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPCAmazon Web Services
 
AWS VPN Solutions (NET304) - AWS re:Invent 2018
AWS VPN Solutions (NET304) - AWS re:Invent 2018AWS VPN Solutions (NET304) - AWS re:Invent 2018
AWS VPN Solutions (NET304) - AWS re:Invent 2018Amazon Web Services
 

What's hot (20)

Containers on AWS: An Introduction
Containers on AWS: An IntroductionContainers on AWS: An Introduction
Containers on AWS: An Introduction
 
Kubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSKubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKS
 
Aws VPC
Aws VPCAws VPC
Aws VPC
 
K8s on AWS: Introducing Amazon EKS
K8s on AWS: Introducing Amazon EKSK8s on AWS: Introducing Amazon EKS
K8s on AWS: Introducing Amazon EKS
 
AWS CloudFormation Masterclass
AWS CloudFormation MasterclassAWS CloudFormation Masterclass
AWS CloudFormation Masterclass
 
Amazon ECS Deep Dive
Amazon ECS Deep DiveAmazon ECS Deep Dive
Amazon ECS Deep Dive
 
CI/CD on AWS
CI/CD on AWSCI/CD on AWS
CI/CD on AWS
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best Practices
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control Tower
 
CI/CD pipelines on AWS - Builders Day Israel
CI/CD pipelines on AWS - Builders Day IsraelCI/CD pipelines on AWS - Builders Day Israel
CI/CD pipelines on AWS - Builders Day Israel
 
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
 
Introduction to Serverless
Introduction to ServerlessIntroduction to Serverless
Introduction to Serverless
 
An introduction to AWS CloudFormation - Pop-up Loft Tel Aviv
An introduction to AWS CloudFormation - Pop-up Loft Tel AvivAn introduction to AWS CloudFormation - Pop-up Loft Tel Aviv
An introduction to AWS CloudFormation - Pop-up Loft Tel Aviv
 
Getting Started on Amazon EKS
Getting Started on Amazon EKSGetting Started on Amazon EKS
Getting Started on Amazon EKS
 
Introduction to Amazon EC2
Introduction to Amazon EC2Introduction to Amazon EC2
Introduction to Amazon EC2
 
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control Tower
 
VPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPCVPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPC
 
Deep Dive on AWS Lambda
Deep Dive on AWS LambdaDeep Dive on AWS Lambda
Deep Dive on AWS Lambda
 
AWS VPN Solutions (NET304) - AWS re:Invent 2018
AWS VPN Solutions (NET304) - AWS re:Invent 2018AWS VPN Solutions (NET304) - AWS re:Invent 2018
AWS VPN Solutions (NET304) - AWS re:Invent 2018
 

Similar to Deep Dive into Amazon ECS & Fargate

Getting Started with Docker On AWS
Getting Started with Docker On AWSGetting Started with Docker On AWS
Getting Started with Docker On AWSAmazon Web Services
 
NEW LAUNCH! Introducing AWS Fargate - CON214 - re:Invent 2017
NEW LAUNCH! Introducing AWS Fargate - CON214 - re:Invent 2017NEW LAUNCH! Introducing AWS Fargate - CON214 - re:Invent 2017
NEW LAUNCH! Introducing AWS Fargate - CON214 - re:Invent 2017Amazon Web Services
 
Getting Started with Containers on AWS
Getting Started with Containers on AWSGetting Started with Containers on AWS
Getting Started with Containers on AWSAmazon Web Services
 
Containers on AWS - re:Invent Comes to London 2.0
Containers on AWS - re:Invent Comes to London 2.0Containers on AWS - re:Invent Comes to London 2.0
Containers on AWS - re:Invent Comes to London 2.0Amazon Web Services
 
AWS Black Belt Online Seminar 2018 re:Invent Recap: Compute, Container and Ne...
AWS Black Belt Online Seminar 2018 re:Invent Recap: Compute, Container and Ne...AWS Black Belt Online Seminar 2018 re:Invent Recap: Compute, Container and Ne...
AWS Black Belt Online Seminar 2018 re:Invent Recap: Compute, Container and Ne...Amazon Web Services Japan
 
Deep dive ECS & Fargate Deep Dive
Deep dive ECS & Fargate Deep DiveDeep dive ECS & Fargate Deep Dive
Deep dive ECS & Fargate Deep DiveAmazon Web Services
 
Building with Containers on AWS by Tony Pujals .pdf
Building with Containers on AWS by Tony Pujals .pdfBuilding with Containers on AWS by Tony Pujals .pdf
Building with Containers on AWS by Tony Pujals .pdfAmazon Web Services
 
Running Container on AWS - Builders Day Israel
Running Container on AWS - Builders Day IsraelRunning Container on AWS - Builders Day Israel
Running Container on AWS - Builders Day IsraelAmazon Web Services
 
Orchestrating containers on AWS | AWS Floor28
Orchestrating containers on AWS | AWS Floor28Orchestrating containers on AWS | AWS Floor28
Orchestrating containers on AWS | AWS Floor28Amazon Web Services
 
Microservices for Startups - Donnie Prakoso - AWS - CC18
Microservices for Startups - Donnie Prakoso - AWS - CC18Microservices for Startups - Donnie Prakoso - AWS - CC18
Microservices for Startups - Donnie Prakoso - AWS - CC18CodeOps Technologies LLP
 
CON209_Interstella 8888 Learn How to Use Docker on AWS
CON209_Interstella 8888 Learn How to Use Docker on AWSCON209_Interstella 8888 Learn How to Use Docker on AWS
CON209_Interstella 8888 Learn How to Use Docker on AWSAmazon Web Services
 
CON209_Interstella 8888 Learn How to Use Docker on AWS
CON209_Interstella 8888 Learn How to Use Docker on AWSCON209_Interstella 8888 Learn How to Use Docker on AWS
CON209_Interstella 8888 Learn How to Use Docker on AWSAmazon Web Services
 

Similar to Deep Dive into Amazon ECS & Fargate (20)

Using Containers on AWS
Using Containers on AWSUsing Containers on AWS
Using Containers on AWS
 
Getting Started with Docker On AWS
Getting Started with Docker On AWSGetting Started with Docker On AWS
Getting Started with Docker On AWS
 
Introducing Amazon Fargate
Introducing Amazon FargateIntroducing Amazon Fargate
Introducing Amazon Fargate
 
Building with Containers on AWS
Building with Containers on AWSBuilding with Containers on AWS
Building with Containers on AWS
 
Deep dive - AWS Fargate
Deep dive - AWS FargateDeep dive - AWS Fargate
Deep dive - AWS Fargate
 
NEW LAUNCH! Introducing AWS Fargate - CON214 - re:Invent 2017
NEW LAUNCH! Introducing AWS Fargate - CON214 - re:Invent 2017NEW LAUNCH! Introducing AWS Fargate - CON214 - re:Invent 2017
NEW LAUNCH! Introducing AWS Fargate - CON214 - re:Invent 2017
 
Getting Started with Containers on AWS
Getting Started with Containers on AWSGetting Started with Containers on AWS
Getting Started with Containers on AWS
 
Containers on AWS - re:Invent Comes to London 2.0
Containers on AWS - re:Invent Comes to London 2.0Containers on AWS - re:Invent Comes to London 2.0
Containers on AWS - re:Invent Comes to London 2.0
 
Containers - State of the Union
Containers - State of the UnionContainers - State of the Union
Containers - State of the Union
 
AWS Black Belt Online Seminar 2018 re:Invent Recap: Compute, Container and Ne...
AWS Black Belt Online Seminar 2018 re:Invent Recap: Compute, Container and Ne...AWS Black Belt Online Seminar 2018 re:Invent Recap: Compute, Container and Ne...
AWS Black Belt Online Seminar 2018 re:Invent Recap: Compute, Container and Ne...
 
Building with Containers on AWS
Building with Containers on AWSBuilding with Containers on AWS
Building with Containers on AWS
 
Deep dive ECS & Fargate Deep Dive
Deep dive ECS & Fargate Deep DiveDeep dive ECS & Fargate Deep Dive
Deep dive ECS & Fargate Deep Dive
 
Building with Containers on AWS by Tony Pujals .pdf
Building with Containers on AWS by Tony Pujals .pdfBuilding with Containers on AWS by Tony Pujals .pdf
Building with Containers on AWS by Tony Pujals .pdf
 
Containers - State of the Union
Containers - State of the UnionContainers - State of the Union
Containers - State of the Union
 
Running Container on AWS - Builders Day Israel
Running Container on AWS - Builders Day IsraelRunning Container on AWS - Builders Day Israel
Running Container on AWS - Builders Day Israel
 
Orchestrating containers on AWS | AWS Floor28
Orchestrating containers on AWS | AWS Floor28Orchestrating containers on AWS | AWS Floor28
Orchestrating containers on AWS | AWS Floor28
 
Containers on AWS
Containers on AWSContainers on AWS
Containers on AWS
 
Microservices for Startups - Donnie Prakoso - AWS - CC18
Microservices for Startups - Donnie Prakoso - AWS - CC18Microservices for Startups - Donnie Prakoso - AWS - CC18
Microservices for Startups - Donnie Prakoso - AWS - CC18
 
CON209_Interstella 8888 Learn How to Use Docker on AWS
CON209_Interstella 8888 Learn How to Use Docker on AWSCON209_Interstella 8888 Learn How to Use Docker on AWS
CON209_Interstella 8888 Learn How to Use Docker on AWS
 
CON209_Interstella 8888 Learn How to Use Docker on AWS
CON209_Interstella 8888 Learn How to Use Docker on AWSCON209_Interstella 8888 Learn How to Use Docker on AWS
CON209_Interstella 8888 Learn How to Use Docker on AWS
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Deep Dive into Amazon ECS & Fargate

  • 1. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. R I S E – D eve lo p e r Wo r ks h o p Deep Dive into Amazon ECS and AWS Fargate Hong Kong, July 2018 @donnieprakoso
  • 2. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Application environment components Runtime Engine Code Dependencies Configuration
  • 3. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Local Laptop Staging / QA UAT Production Different environments
  • 4. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Local Laptop Staging / QA Production On-Prem It worked on my machine, why not in prod? v6.0.0 v7.0.0 v4.0.0 v7.0.0
  • 5. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. WHY DO WE LOVE CONTAINERS? Packaging Distribution Immutable infrastructure
  • 6. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. BUILDING AN ECOSYSTEM
  • 7. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Elastic Container Registry Fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images.
  • 8. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Base image Image Image Container
  • 9. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Elastic Container Service Highly scalable, high-performance container orchestration service that supports Docker containers and allows you to easily run and scale containerized applications on AWS
  • 10. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Running a single host is easy Server Guest OS Bins/Libs Bins/Libs App2App1
  • 11. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. A few hosts? Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS
  • 12. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Many hosts! Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS
  • 13. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 14. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PRODUCTION WORKLOADS ON AWS AWS VPC networking mode Advanced task placement Deep integration with AWS platform ECS CLI…{ } Global footprint Powerful scheduling engines Auto scaling CloudWatch metrics Load balancers Linux & Windows
  • 15. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Make containers tasks a fundamental compute primitive
  • 16. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ENABLE FOCUS ON APPLICATIONS
  • 17. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. INTRODUCING AWS FARGATE!
  • 18. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. No instances to manage Task native API Resource based pricing Simple, easy to use, powerful – and new consumption model = CHANGING COMPUTE CONSUMPTION MODEL
  • 19. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scheduling and Orchestration Cluster Manager Placement Engine RUNNING CONTAINERS AT SCALE WITH ECS Availability Zone #1 Availability Zone #2 Availability Zone #3
  • 20. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scheduling and Orchestration Cluster Manager Placement Engine ECS AMI Docker agent ECS agent EC2 Instance ECS AMI Docker agent ECS agent EC2 Instance ECS AMI Docker agent ECS agent EC2 Instance
  • 21. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Define application containers: Image URL, CPU & Memory requirements, etc. register Task Definition create Cluster • Infrastructure Isolation boundary • IAM Permissions boundary run Task • A running instantiation of a task definition • Use FARGATE launch type create Service Elastic Load Balancer • Maintain n running copies • Integrated with ELB • Unhealthy tasks automatically replaced CONSTRUCTS
  • 22. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. TASK DEFINITION { "family": “scorekeep", "containerDefinitions": [ { "name":“scorekeep-frontend", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/fe" }, { "name":“scorekeep-api", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/api" } ] } Immutable, versioned document Identified by family:version Contains a list of up to 10 container definitions All containers are co-located on the same host Each container definition has: • A name • Image URL (Amazon ECR or Public Images) • And more…stay tuned! Task Definition Snippet
  • 23. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon ECS - Cluster EC2 INSTANCES LOAD BALANCER ECS AGENT TASK Container TASK Container ECS AGENT TASK Container TASK Container AGENT COMMUNICATION SERVICE Amazon ECS API CLUSTER MANAGEMENT ENGINE KEY/VALUE STORE ECS AGENT TASK Container TASK Container LOAD BALANCER
  • 24. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon ECS - Task EC2 INSTANCES LOAD BALANCER ECS AGENT TASK Container TASK Container ECS AGENT TASK Container TASK Container AGENT COMMUNICATION SERVICE Amazon ECS API CLUSTER MANAGEMENT ENGINE KEY/VALUE STORE ECS AGENT TASK Container TASK Container LOAD BALANCER
  • 25. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon ECS - Service EC2 INSTANCES LOAD BALANCER ECS AGENT TASK Container TASK Container ECS AGENT TASK Container TASK Container AGENT COMMUNICATION SERVICE API CLUSTER MANAGEMENT ENGINE KEY/VALUE STORE ECS AGENT TASK Container TASK Container LOAD BALANCER Amazon ECS
  • 26. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CPU & MEMORY SPECIFICATION { "family": "scorekeep", "cpu": "1 vCpu", "memory": "2 gb", "containerDefinitions": [ { "name":“scorekeep-frontend", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/fe“, "cpu": 256, "memoryReservation": 512 }, { "name":“scorekeep-api", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/api", "cpu": 768, "memoryReservation": 512 } ] } Units • CPU : cpu-units. 1 vCPU = 1024 cpu-units • Memory : MB (2^20) Task Level Resources: • Total Cpu/Memory across all containers • Required fields • Billing axis Container Level Resources: • Defines sharing of task resources among containers • Optional fields Task Level Resources Container Level Resources Task Definition Snippet
  • 27. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CONTAINER CPU SHARING • Task CPU is the total CPU available for all containers in the task definition • Container CPU is optional. By default all containers get an equal share of task CPU time • Specify container CPU to control relative sharing among containers In our example: scorekeep-frontend = 256; scorekeep-api = 768; Task CPU = 1024 scorekeep-api container scorekeep-frontend container Container 1 Container 2 Task CPU = 1024
  • 28. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CONTAINER MEMORY SHARING • Task memory is the total memory available for all containers • Container level memory settings are optional. By default all task memory is available to all containers • Memory reservation is a soft lower bound. Can kick in when task memory is under contention In our example: scorekeep-frontend = 512 mb; scorekeep-api = 512 mb; • Memory is a hard upper bound. Container will not be allowed to grow beyond this value Task Memory = 2 gb scorekeep-api container scorekeep-frontend container Available for all Container 1 Container 2Available for all Task Memory = 2 gb non-critical container critical container Task Memory = 2gb Memory Reservation Memory Reservation Memory Reservation Hard Memory Limit
  • 29. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. TASK CPU MEMORY CONFIGURATIONS 50 different CPU/Memory configurations to choose from CPU Memory 256 units (.25 vCPU) 512MB, 1GB, 2GB 512 units (.5 vCPU) Between 1GB & 4GB in 1GB increments 1024 units (1 vCPU) Between 2GB & 8GB in 1GB increments 2048 units (2 vCPU) Between 4GB & 16GB in 1GB increments 4096 units (4 vCPU) Between 8GB & 30GB in 1GB increments
  • 30. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PLATFORM VERSION What is it? • It refers to a specific runtime environment around your task • Combination of Kernel version & container runtime version • Available today: 1.1.0 • New versions will be released as the runtime environment evolves: Kernel/OS updates, new features, bug fixes, and security updates Why expose it? • Gives you explicit control over • Migration to new platform versions • Rollback to previous platform versions How do I use it? $ aws ecs run-task ... --platform-version 1.1.0 $ aws ecs run-task ... --platform-version LATEST #or just leave it blank
  • 31. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VPC INTEGRATION 172.31.0.0/16 Subnet 172.31.1.0/24 Internet Other Entities in VPC EC2 LB DB etc. Private IP 172.31.1.164 Launch your Fargate Tasks into subnets Under the hood : • We create an Elastic Network Interface (ENI) • The ENI is allocated a private IP from your subnet • The ENI is attached to your task • Your task now has a private IP from your subnet! You can assign public IPs to your tasks Configure security groups to control inbound & outbound traffic Spread your application across subnets in multiple Availability Zones (AZs) for high redundancy us-east-1a us-east-1b us-east-1c ENI Fargate TaskPublic / 208.57.73.13 /
  • 32. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VPC CONFIGURATION { "family": "scorekeep", "cpu": "1 vCpu", "memory": "2 gb", "networkMode": "awsvpc", "containerDefinitions": [ { "name":“scorekeep-frontend", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/fe", "cpu": 256, "memoryReservation": 512 }, { "name":“scorekeep-api", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/api", "cpu": 768, "memoryReservation": 512 } ] } $ aws ecs run-task ... -- task-definition scorekeep:1 -- network-configuration “awsvpcConfiguration = { subnets=[subnet1-id, subnet2-id], securityGroups=[sg-id] }” Enables ENI creation & attachment to Task Run Task Task Definition
  • 33. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. INTERNET ACCESS The Task ENI is used for all inbound & outbound network traffic to and from your task It is also used for: • Image Pull (from ECR or a public repository) • Pushing to Amazon CloudWatch logs Both these endpoints need to be reachable via your task ENI Two common modes of setup: • Private with no inbound internet traffic, but allows outbound internet access • Public task with both inbound and outbound internet access
  • 34. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PRIVATE TASK SETUP Public subnet Private subnet Fargate TaskENI Private IP 172.31.1.164 NAT Gateway Public EIP 34.214.162.237 Internet Gateway 172.31.0.0/16 172.31.2.0/24 172.31.1.0/24 Destination Target 172.31.0.0/16 local 0.0.0.0/0 NAT Gateway Destination Target 172.31.0.0/16 local 0.0.0.0/0 Internet Gateway Route Tables Internet Attach Internet Gateway to VPC Setup a Public Subnet with • Route to Internet Gateway • NAT Gateway Setup Private Subnet with • Fargate Task • Route to NAT Gateway Security Group to allow outbound traffic Type Port Destination All Traffic ALL 0.0.0.0/0 Outbound Security Group Rules
  • 35. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Outbound Inbound PUBLIC TASK SETUP Public subnet Fargate Task Public IP 54.191.135.66 Internet Gateway 172.31.0.0/16 172.31.2.0/24 Destination Target 172.31.0.0/16 local 0.0.0.0/0 Internet Gateway Route Table Internet ENI $ aws ecs run-task ... -- task-definition scorekeep:1 -- network-configuration “awsvpcConfiguration = { subnets=[public-subnet], securityGroups=[sg-id], }” Launch the task into a Public subnet Give it a public IP address Security Group to allow the expected inbound traffic Discover the public IP by describing the ENI attached to the task Type Port Source HTTP 8080 0.0.0.0/0 Inbound Security Group Rule Type Port Destination All Traffic ALL 0.0.0.0/0 Outbound Security Group Rules assignPublicIp=ENABLED
  • 36. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ELB SETUP • ELB integration supported on services • ALB & NLB supported • ALB requires that you pick at least two subnets in two different AZs • Ensure that the ALB subnet AZs are a superset of your task subnet AZs • Select ALB Target type: IP (not Instance)
  • 37. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ELB CONFIGURATION { "family": "scorekeep", "cpu": "1 vCpu", "memory": "2 gb", "networkMode": “awsvpc“, "containerDefinitions": [ { "name":“scorekeep-frontend", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/fe", "cpu": 256, "memoryReservation": 512, "portMappings": [ { "containerPort": 8080 } ] }, { "name":“scorekeep-api", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/api", "cpu": 768, "memoryReservation": 512, "portMappings": [ { "containerPort": 5000 } ] } ] } $ aws ecs create-service ... -- task-definition scorekeep:1 -- network-configuration “awsvpcConfiguration = { subnets=[subnet-id], securityGroups=[sg-id] }” -- load-balancers “[ { "targetGroupArn": “<insert arn>", "containerName": “scorekeep-frontend", "containerPort": 8080 } ]” Create Service Task Definition
  • 38. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. INTERNET FACING ELB SETUP Public subnet Private subnet Fargate TaskENI Private IP 172.31.1.164 :8080 ALB Public IP 208.57.73.13 :80 172.31.0.0/16 172.31.2.0/24 172.31.1.0/24 Internet Task in private subnet with private IP ALB in public subnet with public IP Make sure the AZs of the two subnets match ALB security group to allow inbound traffic from internet Task security group to allow inbound traffic from the ALB’s security group Task Security GroupALB Security Group Type Port Source HTTP 80 0.0.0.0/0 Inbound Rule Type Port Source Custom TCP 8080 ALB Security Group Inbound Rule us-east-1a us-east-1a
  • 39. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PERMISSION TIERS Cluster Permissions Application Permissions Task Housekeeping Permissions Cluster Fargate Task Cluster Permissions: Control who can launch, stop and describe tasks in your cluster Application Permissions: Allows your application containers to access AWS resources securely Housekeeping Permissions: Allows us to perform housekeeping activities around your task: • ECR Image Pull • CloudWatch logs pushing • ENI creation • Register/Deregister targets into ELB
  • 40. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CLUSTER PERMISSIONS { "Effect": "Allow", "Action": [ "ecs:RunTask" ], "Condition": { "ArnEquals": {"ecs:cluster":"<cluster-arn>"} }, "Resource": [ “<task_def_family>:*" ] } You can tailor IAM policies for fine grained access control to your clusters Attach these policies to IAM Users and/or Roles as necessary Some example policies: Example 1: Allow RunTask in a specific cluster with a specific task definition only { "Effect": "Allow", "Action": [ "ecs:ListTasks“, “ecs:DescribeTasks” ], "Condition": { "ArnEquals": {"ecs:cluster":"<cluster-arn>"} }, "Resource": “*” } Example 2: Read-only access to tasks in a specific cluster and many more!
  • 41. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. APPLICATION PERMISSIONS Do your application containers access other AWS resources? Need to get credentials down to the task? Create an IAM Role with the requisite permissions that your application needs. In our scorekeep example, DynamoDB & SNS permissions. Establish a trust relationship with ecs-tasks.amazonaws.com on that role. This lets us assume the role and wire the credentials down to your task. Add the role arn to your task definition and you’re done! AWS CLI/SDK calls from within your application will automatically use the Task Role credentials Credentials are temporary and rotated periodically Use a Task Role { "family": "scorekeep", "cpu": "1 vCpu", "memory": "2 gb", "networkMode": “awsvpc“, “taskRoleArn": “arn:aws...role/scorekeepRole“, "containerDefinitions": [ { "name":“scorekeep-frontend", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/fe", "cpu": 256, "memoryReservation": 512, "portMappings": [ { "containerPort": 8080 } ] }, { "name":“scorekeep-api", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/api", "cpu": 768, "memoryReservation": 512, "portMappings": [ { "containerPort": 5000 } ] } ] } Task Definition
  • 42. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. HOUSEKEEPING PERMISSIONS • We need certain permissions in your account to bootstrap your task and keep it running. • Execution Role gives us permissions for: • ECR Image Pull • Pushing to CloudWatch logs • ECS Service Linked Role gives us permissions for: • ENI Management • ELB Target Registration/Deregistration
  • 43. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. EXECUTION ROLE • Using an ECR Image or CloudWatch Logs? • Create an IAM Role. Add Read Permissions to ECR. Add Write Permissions to CloudWatch Logs • Establish trust relationship with ecs-tasks.amazonaws.com. This lets us assume the role • Add the execution role arn into your task definition Give us permissions via an Execution Role { "family": "scorekeep", "cpu": "1 vCpu", "memory": "2 gb", "networkMode": “awsvpc“, “taskRoleArn": “arn:aws...role/scorekeepRole“, “executionRoleArn": “arn:aws...role/scorekeepExecutionRole“, "containerDefinitions": [ { "name":“scorekeep-frontend", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/fe", "cpu": 256, "memoryReservation": 512, "portMappings": [ { "containerPort": 8080 } ] }, { "name":“scorekeep-api", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/api", "cpu": 768, "memoryReservation": 512, "portMappings": [ { "containerPort": 5000 } ] } ] } Task Definition
  • 44. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ECS SERVICE LINKED ROLE • A service-linked role is a unique type of IAM role that is linked directly to an AWS service, in this case ECS • It has a predefined policy, that is immutable. In this case, ENI & ELB permissions • It has a trust relationship with ecs.amazonaws.com. Allows us to assume the role and perform ENI & ELB management on your behalf • It is automatically created in your account at cluster creation time • You don’t have to explicitly pass this role in the task definition or any API call • Just know about it in case you stumble upon it in the IAM console
  • 45. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CLOUDWATCH LOGS CONFIGURATION • Use the awslogs driver to send stdout from your application to CloudWatch logs • Create a log group in CloudWatch • Configure the log driver in your task definition { "family": "scorekeep", ... "containerDefinitions": [ { "name":“scorekeep-frontend", ... "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-group": "scorekeep", "awslogs-region": “us-east-1", "awslogs-stream-prefix": "scorekeep/frontend“}} }, { "name":“scorekeep-api", ... "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-group": "scorekeep", "awslogs-region": “us-east-1", "awslogs-stream-prefix": "scorekeep/api"}} } ]} Task Definition
  • 46. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CLOUDWATCH LOGS Logs Tab in the Task Detail Page View logs in the ECS or CloudWatch Console
  • 47. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CLOUDWATCH METRICS FOR SERVICES ScorekeepService ScorekeepService Metrics tab in the service detail page
  • 48. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DEBUGGING TIPS Task is not RUNNING? Inspect container stopped reason in the Task Detail page or via DescribeTasks API Task in STOPPED state Inspect Container Stopped Reasons
  • 49. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DEBUGGING TIPS Service not scaling as expected? Check activity log in the Service Events tab or DescribeServices API Events Tab in the Service Detail Page Inspect activity messages Drill down into the task detail page for more
  • 50. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. COMING UP NEXT How to: Build Data Driven Apps with GraphQL & AWS AppSync Adrian Hall | 1:00PM Thursday, July 12 10:00AM – Microservices for Startups 11:00AM – Serverless for Mobile Developers 12:00PM – How to: Simplify Container Deployment & Operations with Amazon ECS & Fargate 1:00PM – How to: Build Data Driven Apps with GraphQL & AWS AppSync 2:00PM – Serverless Architectural Patterns 3:00PM – Coordinating Microservices with AWS Step Functions 4:00PM – Theatre Review & Ask the Experts
  • 51. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Go Build! Donnie Prakoso AWS Technology Evangelist, ASEAN @donnieprakoso donnie@amazon.com