A quick walkthrough on how to create new ECS cluster
In our previous article, we got acquainted with Amazon ECS service theoretically. In this article, we will walk you through steps to create a new ECS cluster.
ECS Cluster is a logical grouping of ECS instances on which containerized application can be orchestrated.
This article is using below design to provision ECS cluster.
without further delay lets dive into it –
- Login into Amazon ECS dashboard
- From the left navigation panel, click on Clusters
- Now, on the right-hand side click on the Create Cluster button
- Here a user should be choosing the cluster template for the new cluster
Three templates mentioned here are :
- Networking only
- No ECS instances.
- All tasks will be launched using the Fargate launch type!
- EC2 Linux + Networking
- Deploy with Linux ECS instances
- EC2 and Fargate both launch types available for tasks
- EC2 Windows + Networking
- Deploy with Windows ECS instances
- EC2 and Fargate both launch types available for tasks
Most of the time, EC2 Linux + Networking should suffice the requirement. Select the appropriate template and click the Next Step button.
On cluster configuration screen various details can be filled.
- Cluster name
- Create an empty cluster is an option to create clusters with no ECS instances.
Then, instance configurations should be defined.
Under instance configurations choose :
- Provisioning model: Choose billing type of instances (on-demand or spot)
- Number of instances
- EC2 AMI ID. The dropdown allows choosing Amazon Linux AMI.
- Root EBS size
- Key Pair: If you want to log into ECS instances. If not then choose None.
Next section allows network configuration.
By default setup present to create a new VPC to be used for this ECS cluster. But, if you wish to use existing or already created VPC then choose it from the dropdown.
In my case, I have a custom VPC created already. So I will use it from drop down. While using existing VPC, you need to choose which subnets to be used to place container instances and which security group should be applied to them.
I used my existing VPC along with 2 private subnets in different AZ and security groups which allows SSH and HTTP traffic to instances. Since I will be testing webserver containers on this cluster. This SG should allow the ports you will be using in your containerized applications. Also, they should be allowing traffic from only intended sources.
Finally, IAM roles to be defined which will be attached to ECS instances.
Tags can be applied to instances here. Also, if container-level monitoring needs to be enabled it can be done here. Click Create and a cluster will be created in a few.
ECS uses CloudFormation in the backend to deploy the whole stack. It can be verified in the Launch status or CloudFormation service dashboard as well.
Now, click on the View Cluster button and new ECS cluster details will be presented on screen.
Both ECS instances are registered to cluster as well at this stage. Those Cluster ECS instances can be viewed from the EC2 dashboard as well.
These instances will be named automatically by ECS. And if you observe those are deployed in different AZ (supplied at cluster creation) and assigned with SG as well.
So the ECS cluster is up and ready along with both ECS instances registered to cluster and ready to run tasks!
Issue: ECS instances not registering in ECS cluster
One of the common issues seen at this stage is although EC2 instances are running fine they do not get registered to the ECS cluster. You do not see them in the ECS Instances tab on the cluster details page.
Cause: This is caused when ECS instances have not to route to the internet. ECS agent on the instances needs to reach ECS public endpoint to register the instance in the ECS cluster. Since no route to the internet, they can not reach ECS public endpoint and can not register to cluster.
Solution: If instances are launched in a private subnet then they should be able to reach the internet using NAT gateway or HTTP proxy. Or you can configure VPC endpoints for Amazon ECS and route traffic from instances to ECS without giving them internet access at all.
If instances are launched in public subnet then make sure auto-assign public IPv4 address is enabled and the instance is allocated with public IPv4 address. Also, the subnet is associated with a routeing table that has a route to Internet Gateway.