3.AWS Fargate
AWS Fargate runs highly scalable containers scheduled by the EC2 Container Service (ECS). To run an application on Fargate you need the following components:
AWS ECS uses the bridge network mode, by default. But Fargate requires using the awsvpc network mode, each Task gets its own Elastic Network Interface, a primary private IP Address, and an internal DNS hostname.
A. Docker-Compose Containers via ECS-CLI (Fargate type)
A.1. Installing and Configuring ECS-CLI
- Installing ECS CLI
sudo curl -o /usr/local/bin/ecs-cli https://s3.amazonaws.com/amazon-ecs-cli/ecs-cli-darwin-amd64-latest
curl -s https://s3.amazonaws.com/amazon-ecs-cli/ecs-cli-darwin-amd64-latest.md5 && md5 -q /usr/local/bin/ecs-cli
sudo chmod +x /usr/local/bin/ecs-cli
# ecs-cli --version
ecs-cli configure profile --access-key $AWS_ACCESS_KEY_ID --secret-key $AWS_SECRET_ACCESS_KEY --profile-name ecs-fargate
ecs-cli configure --cluster ecs-fargate-cluster --region ap-southeast-2 --default-launch-type FARGATE --config-name ecs-fargate
A.2. Create the Task Execution IAM Role:
Precondition: $
aws configure --profile ecs-fargate
& IAMIAMFullAccess
+AmazonECS_FullAccess
aws iam --profile ecs-fargate --region ap-southeast-2 create-role --role-name ecsTaskExecutionRole --assume-role-policy-document file://task-execution-assume-role.json
aws iam --profile ecs-fargate --region ap-southeast-2 attach-role-policy --role-name ecsTaskExecutionRole --policy-arn arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
A.3. Create a Cluster using ecs-cli up
ecs-cli up --cluster ecs-fargate-cluster
## @FIXME: already created by CloudFormation
# aws ec2 create-security-group --group-name "ecs-fargate-sg" --description "ECS Fargate - Security Group" --vpc-id "vpc-XXXXXXXXXXXXXXXXX"
aws ec2 create-security-group --group-name "my-sg" --description "My security group" --vpc-id "VPC_ID"
aws ec2 authorize-security-group-ingress --group-id "sg-XXXXXXXXXXXXXXXXX" --protocol tcp --port 80 --cidr 0.0.0.0/0 --region ap-southeast-2 --profile ecs-fargate
Resources created by CloudFormation
amazon-ecs-cli-setup-ecs-fargate-cluster
- [x] InternetGateway: AWS::EC2::InternetGateway
- [x] PubSubnet1RouteTableAssociation: AWS::EC2::SubnetRouteTableAssociation
- [x] PubSubnet2RouteTableAssociation: AWS::EC2::SubnetRouteTableAssociation
- [x] PubSubnetAz1: AWS::EC2::Subnet
- [x] PubSubnetAz2: AWS::EC2::Subnet
- [x] PublicRouteViaIgw: AWS::EC2::Route
- [x] RouteViaIgw: AWS::EC2::RouteTable
- [x] Vpc:
vpc-XXXXXXXXXXXXXXXXX
AWS::EC2::VPC - [x] Security Group:
sg-XXXXXXXXXXXXXXXXX
A.4. Create a Compose file
- [x] ecs-params.yml
- [x] docker-compose.yml
A.5. Deploy the Compose file to a Cluster
ecs-cli compose --project-name ecs-fargate-service service up --create-log-groups --cluster-config ecs-fargate-cluster-config --cluster ecs-fargate-cluster --region ap-southeast-2 --aws-profile ecs-fargate
A.6. View the Running Containers on a Cluster
ecs-cli ps --cluster ecs-fargate-cluster
ecs-cli compose --project-name ecs-fargate-service service ps --cluster-config ecs-fargate-cluster-config
ecs-cli logs --task-id XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX --follow --cluster-config ecs-fargate-cluster-config --cluster ecs-fargate-cluster
A.7. Scaling Tasks
ecs-cli compose --project-name ecs-fargate-service service scale 2 --cluster-config ecs-fargate-cluster-config --cluster ecs-fargate-cluster
A.8. Clean Up
ecs-cli compose --project-name ecs-fargate-service service down --cluster-config ecs-fargate-cluster-config --cluster ecs-fargate-cluster
## @FIXME manually delete `vpc-XXXXXXXXXXXXXXXXX`
ecs-cli down --force --cluster-config ecs-fargate-cluster-config --cluster ecs-fargate-cluster
B. AWS Cloudformation
- B.1. Docker Image published to Docker Hub or EC2 Container Registry (ECR)
- B.2. Fargate Cluster
- B.3. Fargate Service
- 3.1. Using the Cluster's Load Balancer and Path and/or Host based Routing
- 3.2. Using a Dedicated Load Balancer for the Service
- 3.3. Using Service Discovery (aka. Cloud Map)
B.2. Fargate Cluster
This template describes a fault tolerant and scalable Fargate cluster on AWS.
B.2.1. Installation Guide
- Amazon Virtual Private Cloud This templates depends on one of our
vpc-*azs.yaml
templates. - AWS Fargate Cluster
- Wait until the stack reaches the state CREATE_COMPLETE
B.2.2. Dependencies
vpc/vpc-*azs.yaml
(required)operations/alert.yaml
(recommended)security/auth-proxy-*.yaml
vpc/zone-*.yaml
state/s3.yaml*
B.3. Fargate Service
This template describes a fault tolerant and scalable Fargate service on AWS. The service scales based on CPU utilization.
We provide three service templates:
* service-cluster-alb.yaml
uses the cluster's load balancer and path and/or host based routing.
* service-dedicated-alb.yaml
includes a dedicated load balancer (ALB).
* service-cloudmap.yaml
uses service discovery via Cloud Map instead of a load balancer.
B.3.1. Using the Cluster's Load Balancer and Path and/or Host based Routing
This template describes a fault tolerant and scalable Fargate service that uses the cluster's load balancer and path and/or host based routing for incoming traffic.
Installation Guide
- Amazon Virtual Private Cloud This templates depends on one of our
vpc-*azs.yaml
templates. - AWS Fargate Cluster This templates depends on our
cluster.yaml
template. -
Wait until the stack reaches the state CREATE_COMPLETE
Dependencies
vpc/vpc-*azs.yaml
(required)fargate/cluster.yaml
(required)operations/alert.yaml
(recommended)vpc/zone-*.yaml
state/client-sg.yaml
B.3.2. Using a Dedicated Load Balancer for the Service
This template describes a fault tolerant and scalable Fargate service that uses a dedicated load balancer for incoming traffic.
Installation Guide
- Amazon Virtual Private Cloud This templates depends on one of our
vpc-*azs.yaml
templates. - This templates depends on our
cluster.yaml
template. - Wait until the stack reaches the state CREATE_COMPLETE
Dependencies
vpc/vpc-*azs.yaml
(required)fargate/cluster.yaml
(required)operations/alert.yaml
(recommended)security/auth-proxy-*.yaml
vpc/zone-*.yaml
state/s3.yaml*
state/client-sg.yaml
B.3.3. Using Service Discovery (aka. Cloud Map)
This template describes a fault tolerant and scalable Fargate service that registers tasks at the service discovery registry (aka. Cloud Map). Allows inter-service communication without any load balancer in between.
Installation Guide
- This templates depends on one of our
vpc-*azs.yaml
templates. - This templates depends on our
cluster.yaml
template. - This templates depends on our
cloudmap-*.yaml
template. - This templates depends on our
client-sg.yaml
template. - Click Next to proceed with the next step of the wizard.
- Specify a name and all parameters for the stack.
- Click Next to proceed with the next step of the wizard.
- Click Next to skip the Options step of the wizard.
- Check the I acknowledge that this template might cause AWS CloudFormation to create IAM resources. checkbox.
- Click Create to start the creation of the stack.
- Wait until the stack reaches the state CREATE_COMPLETE
Dependencies
vpc/vpc-*azs.yaml
(required)fargate/cluster.yaml
(required)vpc/cloudmap-private.yaml
(required)state/client-sg.yaml
(required)operations/alert.yaml
(recommended)vpc/ssh-bastion.yaml
cd /Volumes/OceanSoft/job4u.io/devops-mkdocs/docs/AWS-Well-Architected/CloudFormation-Templates
aws cloudformation create-stack --stack-name vpc-fargate --template-body file://CloudFormation/vpc/vpc-2azs.yaml
aws cloudformation create-stack --stack-name cluster-fargate --template-body file://CloudFormation/fargate/cluster.yaml --parameters ParameterKey=ParentVPCStack,ParameterValue=vpc-fargate --capabilities CAPABILITY_IAM