I am trying to create an ECS cluster(using cloudformation template), where i can create an instance installed with an provided AMI through Yaml file
But the problem i am facing -
In Yaml file -
I am creating a cluster then creating a service and task with minimum required values
The cluster is creating service is also creating but I can't see any Container instance there.
How can I be able to see container instance, what kind of changes/modifications I need to make in my YAML file?
ECS is amazon manage service you donot have any type of access to underlying resources.
ECS also known as fargate and in that task is there it & not create container instances.
there is total two launch type in ECS where
ECS fargate launch type
EC2 launch type
in second launch type ec2 only it create container instance and you can watch it in ec2 section while with fargate you have to manage it as task defination
Launch type definition documentation : https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html
you can read more here : https://docs.aws.amazon.com/AmazonECS/latest/developerguide/Welcome.html
For EC2 launch type your cluster type will be same
Type: AWS::ECS::Cluster
But SG, VPC,NATGateway and other resources will change
EcsHostSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Access to the ECS hosts that run containers
VpcId: !Ref 'VPC'
Related
Is there a way to assign an elastic ip to a ec2 instance that was just made using cloud formation scripts in amazon aws? I'm not able to find any simple examples of how to "get an elastic ip" by it's tag, or any api references about whether or not this is even possible. I need to first get the elastic ip by it's tag, and then assign it to an existing instance in lambda.
In the AWS CLI (I'm using 2.2.4) I can get EIP's by the Name tag:
aws ec2 describe-addresses --filters "Name=tag:Name,Values=some-tag-here"
My tag has the Key "Name" as part of it.
For Python/Boto3 you can run something like:
import boto3
client = boto3.client('ec2')
response=client.describe_addresses(...)
where the parameters to describe_addresses are defined in these docs.
From AWS::EC2::EIP - AWS CloudFormation:
MyEIP:
Type: AWS::EC2::EIP
Properties:
InstanceId: !Ref Logical name of an AWS::EC2::Instance resource
The easiest way is to include this in the same template that launched the EC2 instance. The !Ref can then refer to the instance elsewhere in the template. If you want to assign an Elastic IP address in a separate template, then you would need to provide a reference to the EC2 instance that was previously launched.
I am creating an AWS ECS cluster (Networking + Linux).
I follow all the steps, set up the subnets and use the existing VPC and the EC2 instance is created.
However, when I go into my cluster > ECS Instances I don't see any EC2 instances there. It doesn't seem to register there.
My EC2 instance has a public IP so that should not be an issue. What could be the problem?
You haven't specified in the question, but normally you also should modify your UserData so that it registers with the non-default cluster:
#!/bin/bash
echo ECS_CLUSTER=<your-cluster-name> >> /etc/ecs/ecs.config
Also Amazon ECS-optimized AMI should be used which has pre-installed ECS Agent.
Edit: Also need to make sure that instances have access to the ECS Service, for example by having public IP and internet access. Without that, ECS Agent won't be able to communicate with the ECS Service.
UserData in console can be specified in the following configuration:
You can also use Launch Templates or Launch Configurations to specify the UserData reduce the amount of work needed when launching new instances.
I am new to AWS and I wanted to ask this. Is there a way to SSH into an EC2 instance created via Cloudformation?
I just wanted to ask since key pairs are generated upon manual creation of EC2 instances in the AWS console right? What if the EC2 was created from Cloudformation?
When you create an ec2 instance, then you can use an existing KeyPair to login into the other hosts. You just need to provide the existing KeyPair whenever you create any instance.
Make sure KeyPair file has been downloaded after creating it.
In case of cloudformation, just mention the same keyPair in Template.
Below is the sample cloudformation yaml having KeyPair mentioned :
---
Resources:
MyInstance:
Type: AWS::EC2::Instance
Properties:
AvailabilityZone: us-east-1a
ImageId: ami-0b898040803850657
InstanceType: t2.micro
KeyName : EssentialKeyPair
You need to make sure it is present in the EC2 Dashboard as well
Once stack creates your EC2 instance, just log in to the host using below command :
ssh -i EssentialKeyPair.pem ec2-user#<Public-IP>
You can verify whether your instance is using the same keyPair that you have provided in the Template through EC2 Dashboard :
I want to create a cloudformation template for my ECS cluster so that I can deploy it automatically when needed.
My cluster contains 3 tasks definitions, and 2 instances, and no ECS services.
I created the tasks definitions and the cluster, but I'm stuck in the creation of the EC2 instances. In the documentation here
There is only
AWS::ECS::Cluster,
AWS::ECS::Service and
AWS::ECS::TaskDefinition.
How am I supposed to create the resources of EC2 in the template ??
When you make a AWS::ECS::Service declare it as DependsOn a suitable AWS::AutoScaling::AutoScalingGroup that is declared elsewhere
Or you can make the AWS::ECS::Service depend on a ALB, and the ALB ultimately depends on a AWS::ElasticLoadBalancingV2::TargetGroup
This example http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-ecs.html shows how to use an ALB to do this
I have started 2 ECS optimized instances on EC2, but how can I register them as ECS container instances ?
Can not figure out a way of doing that.
When you start an ECS optimized image, it starts the ECS agent on the instance by default. The ecs agent registers the instance with the default ecs cluster.
For your instance to be available on the cluster, you will have to create the default cluster.
if you have a custom ecs cluster, you can set the cluster name using the userdata section.
The ecs agent expects the cluster name inside the ecs.config file available at /etc/ecs/ecs.config.
You can set it up at instance boot up using userdata script
#!/bin/bash
echo ECS_CLUSTER={cluster_name} >> /etc/ecs/ecs.config
Please refer to the following ecs documentation for more information
http://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_container_instance.html
When you create an EC2 instance, you must specified the IAM role linked to your ECS container (if using SDK/..., you must specified the "Instance Profile ARN" of this role in the parameters), if you use the interactive ECS cluster creation at your first ECS use on the aws website, you should already have an ecsInstanceRole link to the default cluster.
Then, after being launched, your EC2 instance will be automatically register as ECS container in this cluster.
Other than the user-data script echoing the non-default cluster's name, remember that the container instances need external network access to communicate with the Amazon ECS service. So, if your container instances do not have public IP addresses, then they must use network address translation (NAT) gateway to provide this access.
Source: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_container_instance.html
One more thing you can do to register instances in the cluster is to:
Create a service and assign it a task;
When creating a service - choose a load balancer and respective number of tasks that should be launched;
Afterwards, create a target group for the load balancer (if one doesn't exist already);
You have 2 options now - either create desired instances manually or edit a launch template of your cluster (based on the template, the instances will be created automatically);
If you create instances via the launch template - they will be linked to the target group automatically (because you selected the respective load balancer when creating the service);
Otherwise add them manually - any instance that passes health checks and is in your service target group will be automatically added to the cluster, unless the cluster already has the max. amount of instances.