Skip to content

3.AWS Fargate

AWS Fargate runs highly scalable containers scheduled by the EC2 Container Service (ECS). To run an application on Fargate you need the following components:

AWS ECS uses the bridge network mode, by default. But Fargate requires using the awsvpc network mode, each Task gets its own Elastic Network Interface, a primary private IP Address, and an internal DNS hostname.

A. Docker-Compose Containers via ECS-CLI (Fargate type)

A.1. Installing and Configuring ECS-CLI

  • Installing ECS CLI
  sudo curl -o /usr/local/bin/ecs-cli https://s3.amazonaws.com/amazon-ecs-cli/ecs-cli-darwin-amd64-latest
  curl -s https://s3.amazonaws.com/amazon-ecs-cli/ecs-cli-darwin-amd64-latest.md5 && md5 -q /usr/local/bin/ecs-cli
  sudo chmod +x /usr/local/bin/ecs-cli
  # ecs-cli --version  
  ecs-cli configure profile --access-key $AWS_ACCESS_KEY_ID --secret-key $AWS_SECRET_ACCESS_KEY --profile-name ecs-fargate
  ecs-cli configure --cluster ecs-fargate-cluster --region ap-southeast-2 --default-launch-type FARGATE --config-name ecs-fargate 

A.2. Create the Task Execution IAM Role:

Precondition: $ aws configure --profile ecs-fargate & IAM IAMFullAccess + AmazonECS_FullAccess

  aws iam --profile ecs-fargate --region ap-southeast-2 create-role --role-name ecsTaskExecutionRole --assume-role-policy-document file://task-execution-assume-role.json
  aws iam --profile ecs-fargate --region ap-southeast-2 attach-role-policy --role-name ecsTaskExecutionRole --policy-arn arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy

A.3. Create a Cluster using ecs-cli up

  ecs-cli up --cluster ecs-fargate-cluster

  ## @FIXME: already created by CloudFormation
  # aws ec2 create-security-group --group-name "ecs-fargate-sg" --description "ECS Fargate - Security Group" --vpc-id "vpc-XXXXXXXXXXXXXXXXX"
aws ec2 create-security-group --group-name "my-sg" --description "My security group" --vpc-id "VPC_ID"

  aws ec2 authorize-security-group-ingress --group-id "sg-XXXXXXXXXXXXXXXXX" --protocol tcp --port 80 --cidr 0.0.0.0/0 --region ap-southeast-2 --profile ecs-fargate

Resources created by CloudFormation amazon-ecs-cli-setup-ecs-fargate-cluster

  • [x] InternetGateway: AWS::EC2::InternetGateway
  • [x] PubSubnet1RouteTableAssociation: AWS::EC2::SubnetRouteTableAssociation
  • [x] PubSubnet2RouteTableAssociation: AWS::EC2::SubnetRouteTableAssociation
  • [x] PubSubnetAz1: AWS::EC2::Subnet
  • [x] PubSubnetAz2: AWS::EC2::Subnet
  • [x] PublicRouteViaIgw: AWS::EC2::Route
  • [x] RouteViaIgw: AWS::EC2::RouteTable
  • [x] Vpc: vpc-XXXXXXXXXXXXXXXXX AWS::EC2::VPC
  • [x] Security Group: sg-XXXXXXXXXXXXXXXXX

A.4. Create a Compose file

A.5. Deploy the Compose file to a Cluster

  ecs-cli compose --project-name ecs-fargate-service service up --create-log-groups --cluster-config ecs-fargate-cluster-config --cluster ecs-fargate-cluster --region ap-southeast-2 --aws-profile ecs-fargate

A.6. View the Running Containers on a Cluster

  ecs-cli ps --cluster ecs-fargate-cluster

  ecs-cli compose --project-name ecs-fargate-service service ps --cluster-config ecs-fargate-cluster-config

  ecs-cli logs --task-id XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX --follow --cluster-config ecs-fargate-cluster-config --cluster ecs-fargate-cluster

A.7. Scaling Tasks

  ecs-cli compose --project-name ecs-fargate-service service scale 2 --cluster-config ecs-fargate-cluster-config --cluster ecs-fargate-cluster

A.8. Clean Up

  ecs-cli compose --project-name ecs-fargate-service service down --cluster-config ecs-fargate-cluster-config --cluster ecs-fargate-cluster

  ## @FIXME manually delete `vpc-XXXXXXXXXXXXXXXXX`
  ecs-cli down --force --cluster-config ecs-fargate-cluster-config --cluster ecs-fargate-cluster

B. AWS Cloudformation

  • B.1. Docker Image published to Docker Hub or EC2 Container Registry (ECR)
  • B.2. Fargate Cluster
  • B.3. Fargate Service
    • 3.1. Using the Cluster's Load Balancer and Path and/or Host based Routing
    • 3.2. Using a Dedicated Load Balancer for the Service
    • 3.3. Using Service Discovery (aka. Cloud Map)
CloudFormation Template Cluster Service
[x] Fully Public Container Fully Public Public Facing Service
[ ] Fully Public Container Public + Private Public Facing Service
[ ] Publicly Service with Private Networking Public + Private Public Facing, Private Subnet Service
[ ] Internal Service with Private Networking Public + Private Private Service, Private Subnet

B.2. Fargate Cluster

This template describes a fault tolerant and scalable Fargate cluster on AWS.

B.2.1. Installation Guide

  1. Amazon Virtual Private Cloud This templates depends on one of our vpc-*azs.yaml templates. Launch Stack
  2. AWS Fargate Cluster Launch Stack
  3. Wait until the stack reaches the state CREATE_COMPLETE

B.2.2. Dependencies

  • vpc/vpc-*azs.yaml (required)
  • operations/alert.yaml (recommended)
  • security/auth-proxy-*.yaml
  • vpc/zone-*.yaml
  • state/s3.yaml*

B.3. Fargate Service

This template describes a fault tolerant and scalable Fargate service on AWS. The service scales based on CPU utilization.

We provide three service templates: * service-cluster-alb.yaml uses the cluster's load balancer and path and/or host based routing. * service-dedicated-alb.yaml includes a dedicated load balancer (ALB). * service-cloudmap.yaml uses service discovery via Cloud Map instead of a load balancer.

B.3.1. Using the Cluster's Load Balancer and Path and/or Host based Routing

This template describes a fault tolerant and scalable Fargate service that uses the cluster's load balancer and path and/or host based routing for incoming traffic.

Installation Guide

  1. Amazon Virtual Private Cloud This templates depends on one of our vpc-*azs.yaml templates. Launch Stack
  2. AWS Fargate Cluster This templates depends on our cluster.yaml template. Launch Stack
  3. AWS Fargate Service Launch Stack

  4. Wait until the stack reaches the state CREATE_COMPLETE

Dependencies

  • vpc/vpc-*azs.yaml (required)
  • fargate/cluster.yaml (required)
  • operations/alert.yaml (recommended)
  • vpc/zone-*.yaml
  • state/client-sg.yaml

B.3.2. Using a Dedicated Load Balancer for the Service

This template describes a fault tolerant and scalable Fargate service that uses a dedicated load balancer for incoming traffic.

Installation Guide

  1. Amazon Virtual Private Cloud This templates depends on one of our vpc-*azs.yaml templates. Launch Stack
  2. This templates depends on our cluster.yaml template. Launch Stack
  3. Launch Stack
  4. Wait until the stack reaches the state CREATE_COMPLETE

Dependencies

  • vpc/vpc-*azs.yaml (required)
  • fargate/cluster.yaml (required)
  • operations/alert.yaml (recommended)
  • security/auth-proxy-*.yaml
  • vpc/zone-*.yaml
  • state/s3.yaml*
  • state/client-sg.yaml

B.3.3. Using Service Discovery (aka. Cloud Map)

This template describes a fault tolerant and scalable Fargate service that registers tasks at the service discovery registry (aka. Cloud Map). Allows inter-service communication without any load balancer in between.

Installation Guide

  1. This templates depends on one of our vpc-*azs.yaml templates. Launch Stack
  2. This templates depends on our cluster.yaml template. Launch Stack
  3. This templates depends on our cloudmap-*.yaml template. Launch Stack
  4. This templates depends on our client-sg.yaml template. Launch Stack
  5. Launch Stack
  6. Click Next to proceed with the next step of the wizard.
  7. Specify a name and all parameters for the stack.
  8. Click Next to proceed with the next step of the wizard.
  9. Click Next to skip the Options step of the wizard.
  10. Check the I acknowledge that this template might cause AWS CloudFormation to create IAM resources. checkbox.
  11. Click Create to start the creation of the stack.
  12. Wait until the stack reaches the state CREATE_COMPLETE

Dependencies

  • vpc/vpc-*azs.yaml (required)
  • fargate/cluster.yaml (required)
  • vpc/cloudmap-private.yaml (required)
  • state/client-sg.yaml (required)
  • operations/alert.yaml (recommended)
  • vpc/ssh-bastion.yaml
  cd /Volumes/OceanSoft/job4u.io/devops-mkdocs/docs/AWS-Well-Architected/CloudFormation-Templates
  aws cloudformation create-stack --stack-name vpc-fargate --template-body file://CloudFormation/vpc/vpc-2azs.yaml
  aws cloudformation create-stack --stack-name cluster-fargate --template-body file://CloudFormation/fargate/cluster.yaml --parameters ParameterKey=ParentVPCStack,ParameterValue=vpc-fargate --capabilities CAPABILITY_IAM