Turn on/off AWS Fargate @ AWS Pipelines
What is AWS Fargate
AWS Fargate is a serverless technology provided by AWS. It is a simpler alternative to its competitor Kubernetes, as it offers a great low-maintenance container orchestration solution.
As a serverless service, with AWS Fargate, there are no upfront costs and you pay only for the resources you use. You pay for the amount of vCPU, memory, and storage resources. Despite that, and contrary to AWS Lambda functions where you pay per invocation, in AWS Fargate you need your service to be constantly running to be able to respond to incoming requests.
This leads us to our topic, how can we turn on/off an AWS Fargate cluster that might not be needed in specific periods of the day, for example:
- A staging cluster that is not used during the night
- A testing cluster that only needs to be available to run end-to-end tests
Turning off these types of clusters can really make a difference in your monthly bill.
Turning on/off your cluster
Unfortunately, AWS Fargate does not offer this option as other services like AWS Elastic Beanstalk. To do this, you must use a CLI command to scale the number of instances of each service in the cluster to 0.
For example, given this cluster named Staging-Cluster in the eu-central-1 region:
To turn off the cluster, you need to execute the 3 following commands (one per service):
ecs update-service --cluster Staging-Cluster --service first-service --region eu-central-1 --desired-count 0ecs update-service --cluster Staging-Cluster --service second-service --region eu-central-1 --desired-count 0ecs update-service --cluster Staging-Cluster --service third-service --region eu-central-1 --desired-count 0
To turn on the cluster, it is the same command but it the desired-count argument to 1 (or more), for example:
ecs update-service --cluster Staging-Cluster --service first-service --region eu-central-1 --desired-count 1ecs update-service --cluster Staging-Cluster --service second-service --region eu-central-1 --desired-count 1ecs update-service --cluster Staging-Cluster --service third-service --region eu-central-1 --desired-count 2
Automation
There are multiple ways to automate the execution of CLI commands. In this case, we will use 2 additional AWS services:
- An AWS pipeline service: Codebuild
- Amazon EventBridge to trigger the executions
Creating a Codebuild Project
- Search the Codebuild service
- Select the Create Build Project button
- Give it a name
- Select No source on Source configuration
5. Select one of the AWS Managed images on the Environment configuration, for example:
6. Add the desired commands to your Buildspec configuration
Example:
version: 0.2
phases:
build:
commands:
- ecs update-service --cluster Staging-Cluster --service first-service --region eu-central-1 --desired-count 0
- ecs update-service --cluster Staging-Cluster --service second-service --region eu-central-1 --desired-count 0
- ecs update-service --cluster Staging-Cluster --service third-service --region eu-central-1 --desired-count 0
7. Scroll to the end with all the default values and select Create Build Project
8. Open your newly created build project and go to the Build details tab, as you will need the Project ARN in the following steps
Give the correct permission to your Role
If we try to execute the newly created Build Project, we will have the following error:
An error occurred (AccessDeniedException) when calling the UpdateService operation: User: arn:aws:sts::1111111:assumed-role/codebuild-My-Build-Project-service-role/AWSCodeBuild-a1111aaa-11aa-1111–…. is not authorized to perform: ecs:UpdateService on resource: arn:aws:ecs:eu-central-1:….:service/Staging-Cluster/first-service because no identity-based policy allows the ecs:UpdateService action
To solve this lack of permissions, you must:
- Search the IAM service
- Find your role, in this case is codebuild-My-Build-Project-service-role (name can be found on the error message)
- Select Add Permission > Create inline policy and select the UpdateService action of the Elastic Container Service
Scheduling the execution with Eventbridge
- Search the Amazon Eventbridge service
- Select Rules
- Select the Create rule button
- Select Schedule rule type
5. Define the schedule of your rule. Here are 2 examples:
6. Set your Codebuild project previously created as the target of your rule. Above in this document, on step 8 of Creating a Codebuild Project, you can view how to retrieve the Project ARN of your build project
7. Create the new rule with default values on the rest of the configurations
Conclusion
This article described how to turn on/off an AWS Fargate cluster using the CLI. It also described one of several examples of how to automate it.
Naturally, there are multiple interesting next steps to better take advantage of performing automation in a pipeline (Codebuild service), for example, setting the source of the Codebuild project to a code repository that performs end-to-end tests.