I have an AWS ECS Service running in the Fargate mode. My setup has two tasks running an httpd image (Apache2) listening on port 80. I have an application load balancer that redirects port 80 to a target group. That target group is configured with two IPs (each task exposes on private IP, hence two IPs in the target group.
I have a question around auto scaling on ECS Services: how does the auto scaling will work in terms of assigning IPs to the target group? That is an essential part of of the scaling-out mechanism since if the new task's private IP is not assigned to the target group then that new container/task won't get any traffic, which counters the entire purpose of auto scaling.
Correct. That's why when you configure ECS you tell ECS what the target group for the service is. Behind the scenes ECS will add/remove the tasks IPs to/from the LB target group. It's part of the built-in integration between ECS and other AWS services (LB in this case).
For example, if you were to do this from the CLI, this is the command you'd be running when creating the service:
aws ecs create-service --service-name scale-out-app --cluster app-cluster --load-balancers "targetGroupArn=$TARGET_GROUP_ARN,containerName=scale-out-app,containerPort=80" --task-definition scale-out-app --desired-count 4 --launch-type FARGATE --platform-version 1.4.0 --network-configuration "awsvpcConfiguration={subnets=[$PRIVATE_SUBNET1, $PRIVATE_SUBNET2],securityGroups=[$SCALE_OUT_APP_SG_ID],assignPublicIp=DISABLED}" --region $AWS_REGION
In this specific case targetGroupArn=$TARGET_GROUP_ARN is what wires the service to the target group and ECS knows what to do.
Makes sense?
Related
I created an NLB and a fargate service.
Then i create a target group with "ip" of my ecs instance.
When i now add a fargate ip to my target group, it works, but how does the scaling work? Suppose ecs has to scale out, i will have to register another ip, but i want it to scale automatically.
Let us say one task is added. How does the network load balancer the new task ip without me manually adding it?
I do not get, how the link is between the nlb and the service of ecs. Does amazon does add targets implicitly?
Instead of manually registering the IP of your Fargate task with the target group, you are supposed to configure the ECS service with knowledge of the load balancer you want to use. The ECS service will then automatically register every task that it creates as part of deployments and auto-scaling.
From what I've read so far:
EC2 ASG is a simple solution to scale your server with more copies of it with a load balancer in front of the EC2 instance pool
ECS is more like Kubernetes, which is used when you need to deploy multiple services in docker containers that works with each other internally to form a service, and auto scaling is a feature of ECS itself.
Are there any differences I'm missing here? Because ECS is almost always a superior choice to go with if they work as I understand.
You are right, in a very simple sense, EC2 Autoscaling Groups is a way to add/remove (register/unregister) EC2 instances to a Classic Load Balancer or Target Groups (ALB/NLB).
ECS has two type of scaling as does any Container orchestration platform:
Cluster Autoscaling: Add remove EC2 instances in a Cluster when tasks are pending to run
Service Autoscaling: Add/remove tasks in a service based on demand, uses Application AutoScaling service behind the scenes
Is it possible to deploy an AWS ECS service to an EC2 scaling group or 1 particular EC2 instance without using either of load balancer or target group through Cloudformation? If so, how should such an ECS service be coded in Cloudfromation?
I am facing an issue while using AWS - ECS service.
I am launching my ECS cluster with 2 instances. I use EC2 service. Not Fargate. I am trying to use the awsvpc networking for the ECS containers. Morte info is here.
For the container load balancing , target type is IP. It is not editable.
Now the problem is - Auto Scaling Group can not be created for this target group to scale the cluster.
How do you guys handle the situation?
Simply leave out the load balancing configuration for the Auto Scaling group.
awsvpc creates a separate network interface whose IP address is registered to the Target Group. This target group has to be of the ip-address type.
Auto Scaling Groups use the instance target group type, that uses the default network interface of the EC2 instances.
Since the Task will get its own IP address, which is separate from the IP address of the EC2 instance, there is no need to configure load balancing for the EC2 instances themselves.
This is because of awsvpc mode,awsvpc network mode is associated with an elastic
network interface, not an Amazon EC2 instance so you must choose IP. Here is what AWS said about AWVPC network mode .
AWS_Fargate
Services with tasks that use the awsvpc network mode (for example,
those with the Fargate launch type) only support Application Load
Balancers and Network Load Balancers. Classic Load Balancers are not
supported. Also, when you create any target groups for these services,
you must choose ip as the target type, not instance. This is because
tasks that use the awsvpc network mode are associated with an elastic
network interface, not an Amazon EC2 instance.
Fargate do not to manage EC2 instances, the purpose of Fargate is not to manage server then why you need to attach auto-scaling? you can scale services.
AWS Fargate is a technology that you can use with Amazon ECS to run
containers without having to manage servers or clusters of Amazon EC2
instances. With AWS Fargate, you no longer have to provision,
configure, or scale clusters of virtual machines to run containers.
This removes the need to choose server types, decide when to scale
your clusters, or optimize cluster packing.
https://aws.amazon.com/blogs/compute/aws-fargate-a-product-overview/
I have a Fargate Service running in AWS. I use it to run multiple tasks. Some of the tasks connect to an RDS database to query the database.
How can I add the Fargate Service to my inboard rules of a Security Group for the RDS database? - Is there a way to associate an Elastic IP with the Fargate Cluster?
Might have misunderstood something here... But the ECS allows you specify a security group at the service level.
Go to https://docs.aws.amazon.com/cli/latest/reference/ecs/create-service.html
And search for the --network-configuration parameter
So surely you just need to set the source on your inbound rule of the RDS security group to be that security group ID?
Fargate doesn't support associating Elastic IPs with clusters. Clusters which runs in Fargate mode operate on instances which are not yours, it's the opposite of classic ECS stacks. That means you can't manage networking of host instances.
There is a way to associate IP with stack by having a Network Load Balancer in front of cluster. Then you could add a rule which allows connect your cluster through NLB.