What is ECS:
Amazon Elastic Container Service (ECS) is a fully managed container orchestration service provided by Amazon Web Services (AWS). It enables developers to easily deploy, manage, and scale containerized applications using Docker containers and orchestrates them across a cluster of EC2 instances. ECS abstracts away the complexities of managing infrastructure, allowing engineers to focus on building and deploying applications without worrying about the underlying infrastructure.
AWS engineers commonly use ECS for various reasons:
Scalability: ECS simplifies the process of scaling containerized applications. It automatically manages the placement of containers based on resource requirements and ensures that the application can scale up or down based on demand. Engineers can define scaling policies to adjust the number of containers dynamically, maintaining optimal performance and cost efficiency.
High Availability: ECS facilitates high availability by distributing containers across multiple Availability Zones (AZs). In the event of a failure in one AZ, ECS automatically reroutes traffic to healthy containers in other AZs, ensuring uninterrupted service availability. This fault tolerance is crucial for mission-critical applications where downtime is not acceptable.
Resource Efficiency: ECS optimizes resource utilization by allowing engineers to pack multiple containers onto each EC2 instance. This maximizes the utilization of compute resources and reduces costs by minimizing the number of idle resources. Engineers can configure task definitions and placement strategies to efficiently utilize CPU and memory resources.
Integration with AWS Services: ECS seamlessly integrates with other AWS services, such as Amazon Elastic Load Balancing (ELB), Amazon CloudWatch, AWS Identity and Access Management (IAM), and AWS CloudFormation. This tight integration simplifies the management of containerized applications and enables engineers to leverage the full ecosystem of AWS services for monitoring, logging, and automation.
Flexibility: ECS offers flexibility in deployment options, supporting both EC2 launch type and AWS Fargate launch type. With EC2 launch type, engineers have full control over the underlying infrastructure, including EC2 instance types, networking, and storage configurations. On the other hand, Fargate launch type abstracts away the infrastructure management, allowing engineers to focus solely on deploying and managing containers without worrying about servers.
Cost-effectiveness: ECS helps optimize costs by providing granular control over resource allocation and utilization. Engineers can leverage features such as spot instances, which offer significant cost savings for non-critical workloads, and Reserved Instances, which provide discounted pricing for predictable workloads. By optimizing resource utilization and leveraging cost-saving mechanisms, engineers can reduce operational expenses associated with running containerized applications.
Now, let's delve into a real-time example of how AWS engineers might use ECS:
Real-Time Example: E-commerce Application
Consider an e-commerce company that experiences fluctuating traffic throughout the day due to varying customer demand. To ensure seamless performance and cost-effective scaling, the company decides to containerize its application using Docker and deploy it on ECS.
Containerization: The development team packages the e-commerce application components, such as the frontend, backend services, and databases, into Docker containers. Each component is containerized to ensure consistency and portability across different environments.
ECS Cluster Setup: The AWS infrastructure team sets up an ECS cluster across multiple Availability Zones for high availability. They configure Auto Scaling Groups to automatically adjust the number of EC2 instances based on CPU and memory utilization.
Task Definition Creation: The engineering team creates ECS task definitions that define how containers should be run within the cluster. They specify container images, CPU and memory requirements, networking configurations, and any dependencies.
Service Deployment: Using ECS, the team deploys the containerized e-commerce application as ECS services. They configure Elastic Load Balancing to distribute incoming traffic across containers and ensure scalability and fault tolerance.
Auto Scaling Policies: Engineers set up auto scaling policies based on CloudWatch metrics to dynamically scale the number of containers in response to changes in demand. For instance, if CPU utilization exceeds a certain threshold, ECS automatically adds more containers to handle the increased load.
Monitoring and Logging: The operations team configures CloudWatch alarms and dashboards to monitor the health and performance of the ECS cluster and containers. They set up centralized logging using services like Amazon CloudWatch Logs to aggregate logs for troubleshooting and analysis.
Cost Optimization: To optimize costs, the finance team leverages ECS Spot Fleet to utilize spare EC2 capacity at a lower cost for non-critical workloads. They also utilize Reserved Instances for predictable workloads to benefit from discounted pricing.
Continuous Integration/Continuous Deployment (CI/CD): The development team integrates ECS with their CI/CD pipeline to automate the deployment of new container versions. Whenever changes are pushed to the code repository, the CI/CD pipeline builds new container images, runs tests, and deploys them to the ECS cluster seamlessly.
By utilizing ECS, the e-commerce company achieves the following benefits:
Scalability: The application can seamlessly scale up or down to handle fluctuations in traffic, ensuring optimal performance for users.
High Availability: ECS distributes containers across multiple Availability Zones, providing resilience against failures and ensuring continuous availability.
Cost Efficiency: The company optimizes costs by dynamically adjusting resource allocation based on demand and leveraging cost-saving mechanisms such as Spot Instances and Reserved Instances.
Operational Efficiency: ECS simplifies infrastructure management and automates tasks such as deployment, scaling, and monitoring, allowing engineers to focus on developing features and improving the application.
Flexibility: With ECS, the company has the flexibility to choose between EC2 and Fargate launch types based on their requirements, enabling them to strike the right balance between control and abstraction.
What is ECR:
Amazon Elastic Container Registry (ECR) is a fully managed Docker container registry service provided by Amazon Web Services (AWS). It enables developers to store, manage, and deploy Docker container images securely within the AWS ecosystem. ECR integrates seamlessly with other AWS services, such as Amazon ECS, Amazon Elastic Kubernetes Service (EKS), and AWS Lambda, making it easier for engineers to build scalable and reliable containerized applications.
AWS engineers commonly use ECR for various reasons:
Image Management: ECR simplifies the management of Docker container images by providing a secure and scalable repository for storing them. Engineers can push, pull, and manage container images using familiar Docker CLI commands or API calls, making it easy to version control and track changes to images over time.
Integration with AWS Services: ECR seamlessly integrates with other AWS container orchestration services, such as ECS and EKS. Engineers can easily deploy containerized applications stored in ECR to ECS or EKS clusters without needing to manage external registries. This tight integration streamlines the deployment process and ensures compatibility with AWS-native services.
Security and Compliance: ECR provides built-in security features to ensure that container images are stored and accessed securely. Engineers can control access to repositories using AWS Identity and Access Management (IAM) policies, encrypt images at rest using AWS Key Management Service (KMS), and scan images for vulnerabilities using integrated security scanning tools. These features help ensure compliance with regulatory requirements and protect sensitive data stored in container images.
High Availability and Durability: ECR is designed to provide high availability and durability for container images stored in repositories. Images are automatically replicated across multiple AWS Availability Zones within a region, ensuring resilience against failures and minimizing downtime. This reliability is crucial for mission-critical applications where continuous availability is essential.
Performance and Scalability: ECR is optimized for performance and scalability, allowing engineers to push and pull container images quickly and efficiently. Images are cached at edge locations using Amazon CloudFront, reducing latency for image retrieval and improving overall performance. Additionally, ECR automatically scales to accommodate growing storage needs, enabling engineers to store large numbers of images without worrying about capacity constraints.
Cost-effectiveness: ECR offers a pay-as-you-go pricing model with no upfront costs or long-term commitments. Engineers only pay for the storage and data transfer associated with their container images, making it cost-effective for organizations of all sizes. Additionally, ECR integrates with AWS Cost Explorer and AWS Budgets, allowing engineers to monitor and optimize their container image storage costs over time.
Real-Time Example: Microservices Architecture
Consider a software development company that adopts a microservices architecture to build and deploy its applications. Each microservice is developed, tested, and deployed independently, packaged as Docker containers, and stored in ECR for easy access and deployment.
Microservice Development: The engineering team develops various microservices, each responsible for a specific functionality within the application, such as user authentication, product catalog, and payment processing. Each microservice is developed using Docker containers, ensuring consistency and portability across different environments.
Container Image Build: After developing and testing each microservice locally, the team builds Docker container images for each microservice using Dockerfiles and Docker CLI commands. These images contain all the dependencies and configurations required to run the microservices in production.
Image Push to ECR: Once the container images are built, the team pushes them to ECR repositories using the Docker CLI or AWS Management Console. Each microservice has its dedicated repository within ECR, allowing engineers to organize and manage container images effectively.
Integration with ECS: The operations team deploys the microservices to ECS clusters using task definitions that reference the container images stored in ECR. ECS pulls the latest versions of the container images from ECR repositories and launches containers based on the specified configurations, such as CPU and memory requirements, networking, and storage.
Continuous Integration/Continuous Deployment (CI/CD): The development team sets up a CI/CD pipeline using AWS CodePipeline and AWS CodeBuild to automate the build, test, and deployment process for microservices. Whenever changes are pushed to the code repository, the CI/CD pipeline triggers automated builds, tests the container images, and deploys them to ECR repositories.
Security and Compliance: The security team configures IAM policies to control access to ECR repositories based on the principle of least privilege. They also enable encryption at rest using AWS KMS to protect container images stored in ECR. Additionally, they set up image scanning using Amazon ECR Image Scanning to detect and remediate vulnerabilities in container images.
Monitoring and Logging: The operations team monitors the performance and availability of ECS clusters and microservices using Amazon CloudWatch. They set up CloudWatch alarms to alert them of any issues or anomalies, such as high CPU utilization or container failures. They also configure centralized logging using Amazon CloudWatch Logs to aggregate and analyze logs from ECS containers.
Cost Optimization: The finance team monitors and optimizes the costs associated with storing container images in ECR. They leverage AWS Cost Explorer and AWS Budgets to track spending and identify opportunities for cost optimization, such as deleting unused images or leveraging lifecycle policies to move images to lower-cost storage tiers.
By leveraging ECR, the software development company achieves the following benefits:
Simplified Image Management: ECR provides a centralized repository for storing and managing container images, making it easy to version control and track changes to microservices over time.
Streamlined Deployment Process: ECR integrates seamlessly with ECS, enabling engineers to deploy containerized microservices quickly and efficiently without needing to manage external registries.
Enhanced Security and Compliance: ECR offers built-in security features, such as IAM policies and encryption at rest, to ensure that container images are stored and accessed securely, helping the company comply with regulatory requirements.
Improved Performance and Scalability: ECR is optimized for performance and scalability, allowing engineers to push and pull container images quickly and efficiently, even as the number of microservices and images grows over time.
Cost-effective Pricing Model: ECR offers a pay-as-you-go pricing model with no upfront costs, making it cost-effective for organizations of all sizes to store and manage container images without worrying about capacity constraints.
Why AWS Engineers Need Both ECS and ECR:
Separation of Concerns: ECS and ECR serve different purposes in the containerized application lifecycle. ECS focuses on orchestrating and managing containers, while ECR focuses on storing and managing container images. Separating these concerns allows engineers to leverage each service for its intended purpose, ensuring a clean and modular architecture.
Integration and Compatibility: ECS and ECR are tightly integrated with each other and with other AWS services. Engineers can seamlessly deploy containerized applications stored in ECR to ECS or EKS clusters, simplifying the deployment process and ensuring compatibility with AWS-native services.
Security and Compliance: ECR provides built-in security features to ensure that container images are stored and accessed securely. By integrating with IAM policies and encryption mechanisms, engineers can enforce access controls and compliance requirements for container images stored in ECR.
Performance and Scalability: ECR is optimized for performance and scalability, allowing engineers to push and pull container images quickly and efficiently. By leveraging ECR as.
AWS ECS and ECR with Cloudwatch logs for Node-todo-cicd-app:
Prerequisites
Before we go to create Node-todo-cicd-app, you need to knowledge of some services that is:
What is Github, Why we need Github and How to use Github(Click here).
What is ECR, Why we need ECR and How to use ECR Service (Cick here).
What is ECS, Why we need ECS and How to use ECS Service(Click here).
What is IAM, Why we need IAM and How to use IAM Service (Click here).
What is EC2 Machine, Why we need EC2 Machine and How to user EC2 Machine(Click here).
What is Docker, Why we need Docker and How to use Docker (Click here).
What is Cloud Watch, Why we need Cloud Watch and How to use Cloud Watch (Click here).
Create a Node Js app using ECS/ECR:
First we need to go create a EC2 Machine:
Clear understood by how to create EC2 Maching using with ubuntu:
Login to AWS Console:
Go to the AWS Management Console (https://aws.amazon.com/).
Sign in with your AWS account.
Navigate to EC2:
In the AWS Management Console, navigate to the EC2 service.
Launch an Instance:
Click on the "Instances" in the left navigation pane.
Click the "Launch Instances" button.
Choose an Amazon Machine Image (AMI):
In the "Step 1: Choose an Amazon Machine Image (AMI)" section, select an Ubuntu AMI. You can search for "Ubuntu" in the search bar and choose an appropriate version (e.g., Ubuntu Server 20.04 LTS).
Choose an Instance Type:
In the "Step 2: Choose an Instance Type" section, select "t2.micro" as the instance type.
Click "Next: Configure Instance Details."
Configure Instance Details:
In the "Step 3: Configure Instance Details" section:
Set the "Number of instances" to 1.
Optionally, you can configure additional settings, such as network, subnet, IAM role, etc.
Click "Next: Add Storage."
Add Storage:
In the "Step 4: Add Storage" section, you can leave the default storage settings or adjust as needed.
Click "Next: Add Tags."
Add Tags:
In the "Step 5: Add Tags" section, click "Add Tag."
For "Key," enter "Name" and for "Value," enter "Jenkins" (or your preferred name).
Click "Next: Configure Security Group."
Configure Security Group:
In the "Step 6: Configure Security Group" section:
Create a new security group or use an existing one.
Add inbound rules to allow HTTP (port 80), HTTPS (port 443), and SSH (port 22) traffic.
Click "Review and Launch."
Review and Launch:
Review your configuration settings.
Click "Launch."
Select Key Pair:
In the key pair dialog, select "Choose an existing key pair" and choose the "minikube" key pair.
Acknowledge that you have access to the private key.
Click "Launch Instances."
View Instances:
Once the instance is launched, you can view it in the EC2 dashboard.
Wait for the instance to reach the "running" state.
Github Project File Link:
Now we have ec2 machine and we have node-todo-cicd app code, After that we need to clone this code with my machine. so we need to copy HTTPS link and paste this link to ec2 machine.
git clone https://github.com/udayyysharma/node-todo-cicd.git
Now, we have node-todo-cicd directory, go to this directory and check all the files.
After that we have dockerfile, so we need to build this dockerfile and push is docker file to ECR.
Now go to ECR and click to get start.
After that, no need to change anything click to Create Repository.
Now, we have nodejs-app repository but there is no images.
After that go to this repository nodejs-app. Note this repositories is public not private.
Now, we need to click to view push commands.
Now we have recevied push command that is use for EC2 Machine to push the dockerfile to this repository.
Push command for Nodejs-app:
Make sure you have latest version of AWS CLI and Docker installed.
For Docker: (Click to this link)
For AWS CLI:
$ curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" Sudo apt-get install unzip unzip awscliv2.zip sudo ./aws/install
Go to IAM Service provide to the ECR Access.
Now First we need to create a user that is user1.
Permissions we attach: AmazonElasticContainerRegistryPublicFullAccess, AmazonElasticContainerRegistryPublicPowerUser and AmazonElasticContainerRegistryPublicReadOnly
After that we create a user.
Now we need to create a access key.
Now we have access key, go to ec2 terminal and provide the access.
awd configure
Retrieve an authentication token and authenticate your Docker client to your registry.
Use the AWS CLI:
aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/g9t1p1v8
Build your Docker image using the following command. For information on building a Docker file from scratch.
docker build -t nodejs-app .
After the build completes, tag your image so you can push the image to this repository:
docker tag nodejs-app:latest public.ecr.aws/g9t1p1v8/nodejs-app:latest
Run the following command to push this image to your newly created AWS repository:
docker push public.ecr.aws/g9t1p1v8/nodejs-app:latest
Now go to ECR and Refress. Now you can see, we have latest image.
Now you can see we have done these services.
Now go the ECS Service.
Create a Cluster.
No need to change anything, Just click to create.
Now go the Cluster and go the the tasks and check we have zero task.
Now go the Task definitions and click Create new task definition
Now we have task go to deploy and run task.
no need to change any thing just create.
Now we have running task.
Now go this task and copy the public ip and paste another browser using 8000 port number. Now you can se node-todo-app is running.
Now we have done All.