An article about service in Amazon ECS. What is the service? How to configure it? and how to run it?
Amazon ECS helps you to spin containers on the cloud. ECS is a complete managed orchestration service offered by AWS. Container instantiation in ECS is taken care of by ECS Tasks. And to manage the ECS Tasks we have Services.
What are Services in Amazon ECS?
Amazon ECS Services enables you to run and maintain the desired number of instances of a task definition on the Amazon ECS cluster. It spins up a new instance of tasks in case existing running tasks die/fail and maintain the desired count.
How to configure Service in Amazon ECS?
I will be using the same Task Definition created in the previous article here to configure in Service.
- Log in to the Amazon ECS dashboard.
- In the left navigation panel, click on Clusters
- On a cluster page navigate to the desired cluster
- On the Cluster page select the Services tab and click the Create button
It should launch Service creation wizard as below –
Configuration parameters to be configured are –
- Launch type: FARGATE (serverless) or EC2 (use ECS instances)
- Task Definition: Choose task and version from dropdown.
- Cluster: Cluster on which service should run.
- Service name: For Identification purposes.
- Service type:
- REPLICA: Maintain the desired count of tasks across clusters.
- DAEMON: Places one task per ECS instances and maintain that count.
- Number of tasks: Desired count of tasks
- Minimum healthy percent: % of minimum desired capacity needs to be running at any given time.
- Maximum percentage: Max % it can go while deploying batch. For DEAMON mode it’s 100% by default.
- Deployments:
- Rolling update: Replaces a new version with old in a phased manner. Min and Max percentages defined above play an important role here.
- Blue/green deployment: Test new version before routing production traffic to it.
- Task placement:
- Offer 5 types in the dropdown.
- Already explained in the Tasks article.
- Tags: For identification purposes.
Click on Next step to proceed. It should move to network configurations.
- VPC and security groups: Available if awsvpc networking mode is defined in Task Definitions.
- Health check grace period: Enabled for use of load balancers. Count in seconds for which service will ignore health after launching targets.
Service load balancing can be configured here. I am using an Application load balancer. Read : How to create Application Load Balancer?.
- Load balancer type: Select ELB type
- Service IAM role: IAM role to use
- Load balancer name: Select existing LB from the dropdown. If not then create a new LB from the EC2 console and then select here. You don’t need to register targets while creating a load balancer. It will be managed by the ECS cluster.
- Container to load balance: Your container port will be listed which is fetched from Task Definition. Click on Add to loan balancer button
- Production listener port: ALB listening port
- Production listener protocol
- Target group name: If you haven’t created it with ALB then you can create here or select from the dropdown.
- Target group protocol
- Target type: ECS instances
- Path pattern: For path-based routing. If you want to route traffic depending on different paths then list it here along with the order.
- Health check path: for ALB, to determine the health of the target. If this path is reachable then ALB considers the target as healthy.
Lastly, App Mesh as defined in Task Definition and Service discovery for using it with DNS.
Click Next step button.
On the next screen, you should be able to configure service auto-scaling to handle the high and low demands.
Click Next step button
Review complete configuration once and then click on the Create Service button.
Service will be created and you can click on the View service button and you should be seeing service launching tasks in a couple of minutes.
As configured, 2 tasks are launched by service and both are running. Now to verify if service is working fine and containers are serving the purpose, ALB needs to be checked.
I took the ALB DNS name and opened it in the browser. It should go to target groups which are ECS instances and hence to the containers where Apache is running. And then it should display the Apache default page.
And it does! Test succesful! ECS service is runnign as expected.
If it does not, then do check if the security group attached to ALB allows incoming HTTP port 80 traffic from the world. Secondly, check the security group of ECS instances that allows HTTP port 80 traffic from ALB’s security group/subnet.
Now, to check if the service maintains the desired count of tasks let’s run a small test. Click on any one task ID and click the Stop button to stop that Task. This should kick in service to start a new task in order to maintain the desired count of 2 Tasks. I killed one task and it did start another task on its own.
The new task is in pending status and went into RUNNING in a couple of seconds since containers are pretty much fast to insatiate and start serving.
That’s all. We did not cover auto-scaling in this article. That will be something similar to having ASG of EC2 but here for containers!