What is ECS?

Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service that helps you easily deploy, manage, and scale containerized applications

ECS terminology and components

capacity - Where container runs (EC2/Farget/Onpremis VMs)
controllers - Deploy and manage your applications that run on the containers (AWS ECS Scheduler)
Provisioning - Tools to deploy applications & containers (CLI, SDK, AWS Toolkit ..etc)

Fargate is suitable for the following workloads:

Large workloads that need to be optimized for low overhead
Small workloads that have occasional burst
Tiny workloads
Batch workloads

EC2 is suitable for the following workloads:

Workloads that require consistently high CPU core and memory usage
Large workloads that need to be optimized for price
Your applications need to access persistent storage
You must directly manage your infrastructure

ECS FOR APPLICATION

Create ECS cluster
- Create VPC with public & private subnets
- Create IAM policy to enable the service to pull the image from ECR.

AWS ECS Cluster

VPC and networking

resource "aws_vpc" "app_vpc" {
  cidr_block = var.cidr

  tags = {
    Name        = "${var.app_name}-${var.environment}-vpc"
    Environment = var.environment
  }
}

resource "aws_subnet" "private" {
  vpc_id            = aws_vpc.app_vpc.id
  count             = length(var.private_subnets)
  cidr_block        = element(var.private_subnets, count.index)
  availability_zone = element(var.availability_zones, count.index)

  tags = {
    Name        = "${var.app_name}-${var.environment}-private_subnet-${count.index + 1}"
    Environment = var.environment
  }
}

resource "aws_subnet" "public" {
  vpc_id                  = aws_vpc.app_vpc.id
  cidr_block              = element(var.public_subnets, count.index)
  availability_zone       = element(var.availability_zones, count.index)
  count                   = length(var.public_subnets)
  map_public_ip_on_launch = true

  tags = {
    Name        = "${var.app_name}-${var.environment}-public-subnet-${count.index + 1}"
    Environment = var.environment
  }
}

# Internet gateway for internet communication

resource "aws_internet_gateway" "igw" {
  vpc_id = aws_vpc.app_vpc.id
  tags = {
    Name        = "${var.app_name}-${var.environment}-igw"
    Environment = var.environment
  }
}

resource "aws_route_table" "public" {
  vpc_id = aws_vpc.app_vpc.id

  tags = {
    Name        = "${var.app_name}-${var.environment}-routing-table-public"
    Environment = var.environment
  }
}

resource "aws_route" "public" {
  route_table_id         = aws_route_table.public.id
  destination_cidr_block = "0.0.0.0/0"
  gateway_id             = aws_internet_gateway.igw.id
}

resource "aws_route_table_association" "public" {
  count          = length(var.public_subnets)
  subnet_id      = element(aws_subnet.public.*.id, count.index)
  route_table_id = aws_route_table.public.id
}

output "vpc_id" {
  value = aws_vpc.app_vpc.id
}

Terraform To Create ECS cluster

IAM policy to enable the service to pull the image from ECR.


data "aws_iam_policy_document" "assume_role_policy" {
statement {
actions = ["sts:AssumeRole"]

principals {
  type        = "Service"
  identifiers = ["ecs-tasks.amazonaws.com"]
}
}
}

resource "aws_iam_role" "ecs_task_execution_role" { name = "${var.appname}${var.app_name}_execution_task_role" assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json tags = { Name = "${var.app_name}-iam-role" Environment = var.environment } }

resource "aws_iam_role_policy_attachment" "ecs_Task_execution_role_policy" { role = aws_iam_role.ecs_task_execution_role.name policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role" }

srinivasaleti / my-learnings

AWS-ECS #1

ECS FOR APPLICATION

AWS ECS Cluster