Open in app

Sign in

Write

Sign in

AWS ECS Anywhere Quick Start

Jazz Tong
Geek Culture
Published in
7 min readJun 27, 2021

When we talking about digitalization, it always refers to Cloud migration at first, but we cannot be denied that Hybrid Cloud use case still needs in many areas such as Edge compute resource, IoT fleet management, low latency application that needs to deploy close to the users. AWS ECS Anywhere is the product that AWS allows us to manage instances outside of AWS and manage Container's life cycle and health using the same ECS control plane. Today we will try out ECS Anywhere, and discuss the area you want to consider when adopting ECS Anywhere.

AWS ECS Anywhere High-Level flow

Demonstrate the Virtual Machine or Bare metal Linux environment, we will use Vagrant to set up an Ubuntu Linux box for this demonstration.

Demo environment setup

Follow the following setup to prepare the Demo environment.

Install Virtual Box

We will install VirtualBox for our demo environment, follow the official guide to download VirtualBox, or if you use Mac Machine, you can install it with brew:-

brew install virtualbox

Install Vagrant

We will use Vagrant to manage our virtual environment, install from Vagrant official site or install with brew if you using Mac Machine:-

brew install vagrant

Bring up Virtual Machine

Create a folder with a name ecs-lab in your development environment, and run the following command:-

vagrant init ubuntu/bionic64
vagrant up

You should see from the log that the image being download and bring up the environment.

Expose port

Edit the vagrant file and add the following line into the file:-

config.vm.network "forwarded_port", guest: 8080, host: 8080

You should add in the config section and as below:-

Run the command vagrant reload to update the virtual environment, and you should see it expose port 8080 as below:-

Login to Ubuntu

Run the command vagrant ssh to login into the Virtual Machine. To register ECS instance, you require to run-in root mode, run sudo su to enter into superuser mode.

Setup ECS Cluster and register external instance

We did set up the virtual environment, now we need to create a new ECS Cluster and obtain the registration setup script.

Create ECS Cluster

Go to ECS Console and create a cluster with Networking only option, which is used for AWS Fargate or External instance capacity .

During the step, give it a name default and do not click the option. Finish the step to create a cluster.

Register external instance

Enter into your cluster page, and go to ECS Instances tab, you should see an option Register External Instances .

Click on Register External Instances to go to the registration page.

In Register external instances page, follow the following option and click Next step .

In step 2, the page will provide the shell command to register external instances. Copy the script and run it in Vagrant terminal.

The script will download require components and dependencies to register the instance. Wait until it finishes.

After it complete, you can run docker ps to check the ECS agent is running.

And go back ECS console page, you should see one ECS instance is registered, click on the instance to know more detail.

(BONUS) Start a remote session from AWS to an instance

AWS utilizes AWS Fleet Manager to manage instances, you can start a remote session to troubleshoot your instance from AWS console without SSH into your actual machine.

Click on the instance id start with mi-..... , and it will bring you to the Fleet manager page.

When you click on the Start session in Instance actinons , it will active Session manager

Create ECS Service

We will create an ECS service to run in our newly registered instance.

Create a new Task definition

Create a new Nginx task definition with the following setting. Create a new task definition with External launch type.

Use the right role for Task and Task execution, you may refer here.

Add container with the following setting.

Create Nginx Service

After task definition, we should proceed to create a new service using the task as below.

In a couple of seconds, you should see service started, and you able to view the log in the console.

Test the Nginx

Now we can browse the Nginx-Service local with http://localhost:8080

Clean up

After you comfortable with the study, you can deregister the instance from the ECS instance page, and run the commandvagrant destroy to clean up the virtual machine.

Discussion

Use cases

ECS Anywhere simplifies container management using the same ECS control plane, it lowers down the requirement to manage containers in an on-prem environment. If your existing team already uses ECS in container management, you can use the same tooling and CICD workflow to manage content in your data center.

Outbound Connectivity Requirements

ECS Anywhere requires stable connectivity to the AWS platform, the following outbound connectivity is required for ap-northeast-1 the region, consists of ECS API and agent connection, CloudWatch API, S3 Endpoint, SSM, EC2 message API, and AWS Fleet API, if your environment has a strict regulation, you need to submit the following list for review and whitelist:-

  • ecs.ap-northeast-1.amazonaws.com.
  • ecs-t-*.ap-northeast-1.amazonaws.com.
  • ecs-a-*.ap-northeast-1.amazonaws.com.
  • ec2messages.ap-northeast-1.amazonaws.com.
  • ssm.ap-northeast-1.amazonaws.com.
  • s3.ap-northeast-1.amazonaws.com.
  • ssmmessages.ap-northeast-1.amazonaws.com.
  • amazon-ecs-agent.s3.amazonaws.com.
  • aws-fleet-manager-artifacts-ap-northeast-1.s3.ap-northeast-1.amazonaws.com.
  • s3-r-w.ap-northeast-1.amazonaws.com.
  • s3-w.us-east-1.amazonaws.com.

Ubuntu and Docker outbound requirements

Although it is case by case, if your machine is Ubuntu and your docker image is store in Docker, you require the following outbound connectivity as well:-

  • archive.ubuntu.com.
  • security.ubuntu.com.
  • download.docker.com.

Support Platform

At the time of writing this article, ECS Anywhere only supports the Linux environment. Although the ECS agent is supporting the Window platform, the external instance registration is not supporting Window for now. Hopefully, we can see this coming in this year. At the time of writing, only the following Linux Distro supported:-

  • CentOS
  • RHEL
  • Fedora
  • OpenSUSE
  • Ubuntu
  • Debian

Limitation

If compare ECS Anywhere to Docker Swarm or Kubernetes, there is a lot of gaps to fill, such ask Service Mesh, Load balancing, Service Discovery, and Secret.

Cost

ECS Anywhere charge $0.01025 per hour for each manage register instance.

Take Away

Container application is easy and portal, but managing container applications is challenging. When considering the use-case of manage containers in an on-prem environment, besides the high requirements setup of Kubernetes or Docker Swarm, AWS ECS Anywhere will be a simple and lightweight option to manage containers and extend the ECS control plane to your data center.

Ecsanywhere
AWS
Container
Edge Computing
Awsfleetmanager

--

--

Jazz Tong
Geek Culture

Written by Jazz Tong

136 Followers
Writer for

Full-time father with 2, and part-time software engineer, passion for elegant solutions, save the world by killing tech-debt

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams