Turn on/off AWS Fargate @ AWS Pipelines

What is AWS Fargate

AWS Fargate is a serverless technology provided by AWS. It is a simpler alternative to its competitor Kubernetes, as it offers a great low-maintenance container orchestration solution.

As a serverless service, with AWS Fargate, there are no upfront costs and you pay only for the resources you use. You pay for the amount of vCPU, memory, and storage resources. Despite that, and contrary to AWS Lambda functions where you pay per invocation, in AWS Fargate you need your service to be constantly running to be able to respond to incoming requests.

This leads us to our topic, how can we turn on/off an AWS Fargate cluster that might not be needed in specific periods of the day, for example:

• A staging cluster that is not used during the night
• A testing cluster that only needs to be available to run end-to-end tests

Turning off these types of clusters can really make a difference in your monthly bill.

Turning on/off your cluster

Unfortunately, AWS Fargate does not offer this option as other services like AWS Elastic Beanstalk. To do this, you must use a CLI command to scale the number of instances of each service in the cluster to 0.

For example, given this cluster named Staging-Cluster in the eu-central-1 region:

To turn off the cluster, you need to execute the 3 following commands (one per service):

ecs update-service --cluster Staging-Cluster --service first-service --region eu-central-1 --desired-count 0
ecs update-service --cluster Staging-Cluster --service second-service --region eu-central-1 --desired-count 0
ecs update-service --cluster Staging-Cluster --service third-service --region eu-central-1 --desired-count 0

To turn on the cluster, it is the same command but it the desired-count argument to 1 (or more), for example:

ecs update-service --cluster Staging-Cluster --service first-service --region eu-central-1 --desired-count 1
ecs update-service --cluster Staging-Cluster --service second-service --region eu-central-1 --desired-count 1
ecs update-service --cluster Staging-Cluster --service third-service --region eu-central-1 --desired-count 2

Automation

There are multiple ways to automate the execution of CLI commands. In this case, we will use 2 additional AWS services:

• An AWS pipeline service: Codebuild
• Amazon EventBridge to trigger the executions

Creating a Codebuild Project

1. Search the Codebuild service
2. Select the Create Build Project button
3. Give it a name
4. Select No source on Source configuration

Codebuild Source configuration

5. Select one of the AWS Managed images on the Environment configuration, for example:

Codebuild Environment configuration

6. Add the desired commands to your Buildspec configuration

Codebuild Buildspec configuration

Example:

version: 0.2
phases:
  build:
    commands:
      - ecs update-service --cluster Staging-Cluster --service first-service --region eu-central-1 --desired-count 0
      - ecs update-service --cluster Staging-Cluster --service second-service --region eu-central-1 --desired-count 0
      - ecs update-service --cluster Staging-Cluster --service third-service --region eu-central-1 --desired-count 0

7. Scroll to the end with all the default values and select Create Build Project

8. Open your newly created build project and go to the Build details tab, as you will need the Project ARN in the following steps

Codebuild project Build details

Give the correct permission to your Role

If we try to execute the newly created Build Project, we will have the following error:

An error occurred (AccessDeniedException) when calling the UpdateService operation: User: arn:aws:sts::1111111:assumed-role/codebuild-My-Build-Project-service-role/AWSCodeBuild-a1111aaa-11aa-1111–…. is not authorized to perform: ecs:UpdateService on resource: arn:aws:ecs:eu-central-1:….:service/Staging-Cluster/first-service because no identity-based policy allows the ecs:UpdateService action

To solve this lack of permissions, you must:

1. Search the IAM service
2. Find your role, in this case is codebuild-My-Build-Project-service-role (name can be found on the error message)
3. Select Add Permission > Create inline policy and select the UpdateService action of the Elastic Container Service

Create policy to Update ECS services

Scheduling the execution with Eventbridge

1. Search the Amazon Eventbridge service
2. Select Rules
3. Select the Create rule button
4. Select Schedule rule type

Amazon Eventbridge Rule detail

5. Define the schedule of your rule. Here are 2 examples:

Run at 7AM of every weekday

Run everyday at 21h00

6. Set your Codebuild project previously created as the target of your rule. Above in this document, on step 8 of Creating a Codebuild Project, you can view how to retrieve the Project ARN of your build project

Target of Eventbridge rule

7. Create the new rule with default values on the rest of the configurations

Conclusion

This article described how to turn on/off an AWS Fargate cluster using the CLI. It also described one of several examples of how to automate it.

Naturally, there are multiple interesting next steps to better take advantage of performing automation in a pipeline (Codebuild service), for example, setting the source of the Codebuild project to a code repository that performs end-to-end tests.