Managing Docker Containers with Amazon ECS

 

Managing Docker Containers with Amazon ECS

Introduction

In the ever-evolving landscape of cloud computing, containerization has emerged as a pivotal technology for deploying and managing applications efficiently. Docker has become the de facto standard for containerization, allowing developers to package applications and their dependencies into lightweight, portable containers. However, managing these containers at scale requires robust orchestration tools. This is where Amazon Elastic Container Service (ECS) comes into play.

What is Amazon ECS?

Amazon Elastic Container Service (ECS) is a fully managed container orchestration service provided by Amazon Web Services (AWS). It enables you to run, stop, and manage Docker containers on a cluster of Amazon EC2 instances or using AWS Fargate, which allows you to run containers without managing servers or clusters.

Key Components

• Task Definition: A blueprint that describes how a Docker container should launch. It includes settings like the Docker image to use, CPU and memory requirements, and networking configurations.
• Task: An instance of a task definition running on a container instance.
• Service: Defines how many tasks should be running and maintains the desired number of tasks.
• Cluster: A logical grouping of tasks or services.
• Container Instance: An EC2 instance running the ECS agent and registered into an ECS cluster.
• AWS Fargate: A serverless compute engine for containers that works with ECS, allowing you to run containers without managing the underlying EC2 instances.

Why is ECS Important in Cloud Computing?

• Scalability: Automatically scale your applications up or down based on demand.
• Flexibility: Choose between EC2 or Fargate launch types based on your needs.
• Integration: Seamlessly integrates with other AWS services like IAM, VPC, and CloudWatch.
• Cost-Effective: Pay only for the resources you use, especially with AWS Fargate.

Real-World Use Cases

• Microservices Architecture: Deploy and manage microservices efficiently.
• Batch Processing: Run batch jobs in containers on a schedule or in response to events.
• Continuous Integration/Continuous Deployment (CI/CD): Automate the deployment of containerized applications.
• Machine Learning: Deploy machine learning models packaged in containers.

---

Hands-on Lab: Deploying a Dockerized Web Application with Amazon ECS

Scenario Overview

Imagine you're a DevOps engineer at a startup that has developed a Node.js web application packaged as a Docker container. The application is ready for deployment, and you need to ensure it can scale to meet user demand without managing the underlying infrastructure manually. You decide to use Amazon ECS with AWS Fargate to deploy and manage your Docker containers efficiently.

What You'll Learn

• How to create a Docker image and push it to Amazon Elastic Container Registry (ECR).
• How to set up an ECS cluster and task definitions.
• How to deploy a containerized application using ECS and Fargate.
• How to test and validate the deployment.
• How to scale the application.

Prerequisites

• An AWS account with administrative access.
• AWS CLI installed and configured.
• Docker installed on your local machine.
• Basic knowledge of Docker and AWS services.

---

Step 1: Set Up Your Development Environment

1.1 Install and Configure AWS CLI

Why? The AWS CLI allows you to interact with AWS services from your terminal, which is essential for pushing Docker images to ECR and managing ECS resources.

How?

• Install AWS CLI:
• macOS/Linux:

curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"

sudo installer -pkg AWSCLIV2.pkg -target /

• Windows:

Download the MSI installer from the AWS CLI Installation Guide.

• Configure AWS CLI:

aws configure

Enter your Access Key ID, Secret Access Key, Default region name (e.g., us-east-1), and Default output format (json).

1.2 Install Docker

Why? Docker is required to build and manage container images.

• Download and install Docker from the official website.

1.3 Install Node.js and npm on Windows

1.     Go to the official Node.js website: https://nodejs.org/

2.     You will see two versions typically listed:

• LTS (Long-Term Support)
• Current
  It is generally recommended to install the LTS version for stability.

3.     Download the Windows Installer (an .msi file).

4.     Run the .msi installer:

• Click Next and agree to the license terms.
• Accept the default installation path (e.g., C:\Program Files\nodejs\).
• When prompted, check the box to install Tools for Native Modules if you plan on compiling native addons. (This may require additional steps, but for a simple Node.js + Express application, this is usually optional.)

5.     When the installer finishes, you should have both Node.js and npm installed on your system.

Verify the Installation

1.     Open Command Prompt or PowerShell.

2.     Type:

node -v

This should print something like v14.x.x or v16.x.x, depending on the version you installed.

3.     Next, check npm:

npm -v

This should print the npm version, for example 6.x.x or 8.x.x.

 

---

Step 2: Create a Dockerized Web Application

2.1 Create a Simple Node.js Application

Why? We need an application to containerize and deploy.

How?

1. Create a Project Directory:

mkdir ecs-demo-app

cd ecs-demo-app

2. Initialize Node.js Project:

npm init -y

Note: If you are unable to Run “ npm init -y ” Due to Script Execution Restrictions

If you attempt to run the command “npm init -y” and encounter the following error:

This issue is likely caused by PowerShell's Execution Policy settings, which are preventing scripts from running for security reasons.

1.     Open PowerShell with Administrative Privileges:

• Press Win + X on your keyboard.
• Select Windows PowerShell (Admin) or Windows Terminal (Admin) from the menu.

2.     Set the Execution Policy to RemoteSigned for the Current Session:

• In the PowerShell window, enter the following command and press Enter:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process

 

Why? RemoteSigned allows scripts created locally to run without any restrictions. Scripts downloaded from the internet must be signed by a trusted publisher.

3.     Run the NPM Command Again:

• After adjusting the Execution Policy, navigate to your project directory if you're not already there: ecs-demo-app
• Execute the npm init -y command:

npm init -y

 

3. Install Express.js:

npm install express

4. Create app.js File:

// app.js

const express = require('express');

const app = express();

const port = 80;

 

app.get('/', (req, res) => {

  res.send('<h1>Hello, Amazon ECS!</h1>');

});

 

app.listen(port, () => {

  console.log(`App running on port ${port}`);

});

 

 

5.     Optional local test (before creating the Docker image):

 

node app.js

 

·  Open your web browser and go to http://localhost:80.

·  You should see Hello, Amazon ECS!

·  Press Ctrl + C in the terminal to stop the Node.js application.

Explanation: This simple Node.js application uses Express.js to serve a web page that displays "Hello, Amazon ECS!" when accessed.

2.2 Create a Dockerfile

Why? A Dockerfile specifies how to build a Docker image of your application.

How?

Create a file named Dockerfile with no extension in your project directory with the following content:

# Use the official Node.js 14 image as the base

FROM node:14

 

# Set the working directory

WORKDIR /usr/src/app

 

# Copy package.json and package-lock.json

COPY package*.json ./

 

# Install dependencies

RUN npm install

 

# Copy application code

COPY . .

 

# Expose port 80

EXPOSE 80

 

# Start the application

CMD ["node", "app.js"]

Explanation:

• FROM: Specifies the base image.
• WORKDIR: Sets the working directory inside the container.
• COPY: Copies files from your local machine to the container.
• RUN npm install: Installs application dependencies.
• EXPOSE 80: Exposes port 80 to the host machine.
• CMD: Specifies the command to run when the container starts.

---

Step 3: Build and Push the Docker Image to Amazon ECR

3.1 Create an ECR Repository

Why? Amazon ECR is a managed Docker container registry that makes it easy to store, manage, and deploy Docker container images.

How?

1. Log into AWS Management Console
• Navigate to the AWS Management Console.
2. Navigate to Amazon ECR
• In the AWS Management Console, type ECR in the search bar at the top and select ECR.

3. Create a Repository
• Click "Create".
• Repository name: ecs-demo-repo.
• Leave other settings as default.
• Click "Create".

3.2 Authenticate Docker to ECR

Why? You need to authenticate Docker to push images to your ECR repository.

How?

• Run the following command:

aws ecr get-login-password --region your-region | docker login --username AWS --password-stdin your-account-id.dkr.ecr.your-region.amazonaws.com

Replace your-region and your-account-id with your AWS region and account ID. Replace highlighted content.

3.3 Build the Docker Image

Why? To create a container image that can be pushed to ECR.

How?

• Build the Docker image and tag it:

docker build -t ecs-demo-app .

3.4 Tag the Docker Image

Why? Tagging is necessary to specify the repository location in ECR.

How?

• Tag the image with the ECR repository URI:

docker tag ecs-demo-app:latest your-account-id.dkr.ecr.your-region.amazonaws.com/ecs-demo-repo:latest

3.5 Push the Docker Image to ECR

Why? Pushing the image to ECR makes it accessible for ECS to deploy.

How?

• Push the image:

docker push your-account-id.dkr.ecr.your-region.amazonaws.com/ecs-demo-repo:latest

 

You can confirm from ECR repository the image is pushed. Go to ECR click your repository ecs-demo-repo

 

---

Step 4: Create an ECS Cluster

4.1 Navigate to Amazon ECS

Why? An ECS cluster is required to run your tasks and services.

• In the AWS Management Console, type ECS in the search bar at the top and select ECS.

4.2 Create a Cluster

Why? To provide a logical grouping of resources.

1. Click “Get started”
2. Click "Create Cluster".
3. Cluster name: ecs-demo-cluster.
4. Check "AWS Farget (serverless)" for the Infrastructure (since we're using AWS Fargate).
5. Click "Create".

---

 

4.3 Creating the Task Execution Role

Navigate to the IAM Service

• In the AWS Management Console, type "IAM" in the search bar and select "IAM" to go to the Identity and Access Management dashboard.

Create a New Role

• In the IAM dashboard, click on "Roles" in the left sidebar.
• Click the "Create role" button.

Select Trusted Entity

• Select type of trusted entity: Choose "AWS service".
• Choose a use case: Select "Elastic Container Service".
• Under "Elastic Container Service," choose "Elastic Container Service Task".
• Click "Next: Permissions".

Attach Permissions Policies

• In the "Attach permissions policies" screen, search for and select the following managed policies:

AmazonECSTaskExecutionRolePolicy

AmazonS3ReadOnlyAccess

 

Why? This policy grants the necessary permissions for ECS tasks to pull images from ECR and send logs to CloudWatch.

·  Click "Next".

Review and Create

• Role name: Enter ecsTaskExecutionRole (you can choose a different name, but ensure it's descriptive).
• Role description: (Optional) Add a description, e.g., "Role for ECS Task Execution to access ECR and CloudWatch."
• Review the policies attached.
• Click "Create role".

 

Step 5: Create a Task Definition

5.1 Define Task Definition

Why? A task definition is required to tell ECS how to run your container.

1. In the ECS console, click "Task Definitions" in the left navigation pane.
2. Click "Create new Task Definition".
3. Task Definition Name: ecs-demo-task.
4. Choose " AWS Fargate" as the launch type.

5.     Task Role: Leave as "None".

6. Network Mode: Leave as "awsvpc".
7. Task Execution Role:
1. Select the ecsTaskExecutionRole you created from the dropdown menu.
2. The role allows ECS to pull images from ECR and send logs to CloudWatch.
8. Task Size:
1. Task memory (GB): 0.5 (3GB) GB.
2. Task CPU (vCPU): 0.5 vCPU.

9. Container:
1. Container name: ecs-demo-container.
2. Image: your-account-id.dkr.ecr.your-region.amazonaws.com/ecs-demo-repo:latest.
3. Port mappings:
1. Port: 80.

10. Click "Create".

---

Step 6: Run the Task Using ECS Service

6.1 Create a Service

Why? An ECS service allows you to run and maintain a specified number of instances of a task definition.

How?

1. Go to ECS console, and click ecs-demo-cluster.
2. Click "Services" tab, then click "Create".
3. Choose Launch type choose "FARGATE".

4. Under Task Definition: Family Choose ecs-demo-task.
5. Revision: LATEST.
6. Cluster: ecs-demo-cluster.
7. Service name: ecs-demo-service.
8. Desired tasks: 1.
9. Deployment type: "Rolling update".

6.2 Configure Network

Why? ECS tasks need to be associated with a VPC and subnets.

How?

1. VPC: Choose your default VPC.
2. Subnets: Select two subnets in different Availability Zones or leave the default setting.
3. Security Groups:
• Click "Create a new security group"
• Security group name: ecs-demo-sg.
• Description: Allow HTTP access.
• Inbound rules:
• Type: HTTP.
• Protocol: TCP.
• Port range: 80.
• Source: Anywhere (0.0.0.0/0).
• Click "Save".
4. Auto-assign public IP: ENABLED.

6.3 Skip Load Balancing

Why? For this lab, we'll run a single task without load balancing.

• Select "Do not assign a load balancer".

6.4 Review and Create Service

• Click "Create".
• Wait for the service to be created.

---

Step 7: Test and Validate the Deployment

7.1 Locate the Running Task

Why? To find the public IP address of the running container.

How?

1. In the ECS console, navigate to your cluster.
2. Click on "Tasks" tab.
3. Select the running task.
4. Find and click the "Task link".

5. Click on the ENI ID to go to the EC2 console.
6. In the EC2 console, note the Public IPv4 address.

7.2 Access the Application

Why? To verify that the application is running correctly.

• Open a web browser and navigate to http://<Public-IP>.
• You should see:

Hello, Amazon ECS!

Explanation: This confirms that your Dockerized application is successfully running on ECS using Fargate.

---

Step 8: Scale the Application

8.1 Update the Service Desired Count

Why? To scale the number of running tasks (containers) to handle more traffic.

1. In the ECS console, navigate to your cluster and select "Services".
2. Select ecs-demo-service.
3. Click "Update service".
4. Desired tasks: Change from 1 to 3.
5. Click "Update".

8.2 Verify the Scaling

Why? To ensure that the service has scaled up correctly.

How?

• In the Tasks tab, you should now see three running tasks.

---

Step 9: Clean Up Resources

Why? To avoid incurring unnecessary costs.

1. Delete the ECS Service
• In the ECS console, navigate to your cluster and select "Services".
• Select ecs-demo-service.
• Click "Delete service", confirm deletion.
• Note: if you are unable to delete scale this service to 0 task and then try to delete or try Force delete to check checkbox.
2. Delete the ECR Repository
• Navigate to ECR.
• Select ecs-demo-repo.
• Click "Delete", confirm deletion.
3. Delete the ECS Cluster
• In the ECS console, select your cluster.
• Click "Delete Cluster", confirm deletion.

---

Summary

In this lab, you have:

• Created a Dockerized Web Application: Developed a simple Node.js app and packaged it into a Docker container.
• Pushed the Docker Image to Amazon ECR: Stored your Docker image in a private container registry.
• Set Up an ECS Cluster: Created a cluster to run your tasks.
• Defined a Task Definition: Specified how your container should run.
• Deployed the Application Using ECS and Fargate: Ran your containerized application without managing servers.
• Tested and Validated the Deployment: Ensured your application is accessible and functioning correctly.
• Scaled the Application: Increased the number of running tasks to handle more load.
• Cleaned Up Resources: Deleted resources to prevent unnecessary costs.