/ecs-cfn-refarch

Amazon ECS reference architecture

Primary LanguagePython

ecs-cfn-refarch

This is an Amazon EC2 Container Service reference architecture with cloudformation templates that helps you provision a complete Amazon ECS environment with many advanced optional features.

Features

  • Cluster provisioned with mixed autoscaling group(ondemand + spot instances diversified across many types and AZs)
  • Secrets saved in SSM Parameter Store
  • Using latest Amazon ECS AMI
  • Built-in service autoscaling policies and cluster autoscaling policies
  • Support ECS Service Custom Metrics Logger as a plug-in to automatically generate some missing metrics

Prerequisite

ecs-cfn-refarch will not generate the following resources for you. Make sure you have created them.

  • A VPC with 3 public subnets
  • A SSH key pair in EC2 console

Usage

create a custom.mk file and customize your parameters in this file

# git clone the project
$ git clone https://github.com/pahud/ecs-cfn-refarch.git
$ cd ecs-cfn-refarch
$ cp custom.mk.sample custom.mk
$ vim custom.mk

Create the cluster

# create the cluster
$ make create-ecs-cluster

click the link to the cloudformation console. The whole stack should be created in 5–7minutes.

Validate

When the cloudformation is completed. Check the stach output:

# check the stack output
$ make describe-ecs-cluster

Response

[
    {
        "OutputKey": "GreetingURL", 
        "OutputValue": "http://ecsdemo-MAIN-1M6ASY034M08X-alb-2131750000.ap-northeast-1.elb.amazonaws.com/greeting.html"
    },  
    {
        "OutputKey": "URL", 
        "OutputValue": "http://ecsdemo-MAIN-1M6ASY034M08X-alb-2131750000.ap-northeast-1.elb.amazonaws.com"
    }
]

click the URL and you'll see the phpinfo page, wihch is served by ECS Tasks behind ALB.

If you cURL the GreetingURL , you'll get a static page containing credentials stored in SSM Parameter Store(i.e.ECSYourName and ECSYourPassword). The credentials were retrieved by ECS Execution Role from SSM Parameter on task bootstrapping and is injected into the environment variables.(details)

$ curl http://ecsdemo-MAIN-1M6ASY034M08X-alb-2131750000.ap-northeast-1.elb.amazonaws.com/greeting.html
<!DOCTYPE html>
<html>
<head>
<title>EC2 Parameter Store demo</title>
</head>
<body>
<p>
<h1>Hi DefaultName!</h1>
<p>
<h2>Your password is DefaultPassword!</h2>

attributes

By default, instances will have instance-purchase-option attributes either ondemand or spot(implementation detail).

For example, list all the instances with instance-purchase-option=spot:

$ aws ecs list-attributes --target-type container-instance  --region ap-northeast-1  --cluster ecsdemo-MAIN-IKGTIS1HXS9J-ecs-cluster --attribute-name instance-purchase-option --attribute-value spot
{
    "attributes": [
        {
            "targetId": "arn:aws:ecs:ap-northeast-1:903779448426:container-instance/22119ce6-bcfc-488d-ba8a-d005f2f6237f", 
            "name": "instance-purchase-option", 
            "value": "spot"
        }, 
        {
            "targetId": "arn:aws:ecs:ap-northeast-1:903779448426:container-instance/0dbf6399-e51d-4fe7-a6b8-c86019d101bc", 
            "name": "instance-purchase-option", 
            "value": "spot"
        }, 
        {
            "targetId": "arn:aws:ecs:ap-northeast-1:903779448426:container-instance/097bec0a-11c2-4c5a-8231-b82f387574ce", 
            "name": "instance-purchase-option", 
            "value": "spot"
        }
    ]
}

Optionally, you may define your task placement constraints to explicitly deploy ECS tasks on ondemand or spot.

"placementConstraints": [
    {
        "expression": "attribute:instance-purchase-option == spot",
        "type": "memberOf"
    }
]

This will give you better control over the taks placement based on the constraints expression.

clean up

# delete the stacks
$ make delete-ecs-cluster