Amazon ECS (Elastic Container Service) is a managed service that allows you to run containers on AWS. This service offers a fast, scalable method for managing container workloads on a managed cluster. You can run, stop, manage containers by creating Task Definitions and manage all your workloads with simple API Calls.
Before we begin, those who might be interested in Amazon Elastic Kubernetes Service, should go to our Amazon EKS Anywhere blog article.
ECS Anywhere is a feature in ECS Service that brings you the ability to run container workloads on your own environment - whether it’s a bare-metal server or a Virtual Machine. This feature was preannounced at re:Invent last year, and now it is Generally Available. You can run ECS Anywhere in your own datacenter or in a co-location. With ECS Anywhere, you need to manage your own infrastructure. That means you have to secure the physical machines, network configurations, power and cooling mechanisms etc. But, running container workloads on your own infrastructure will give you low latency or you can continue to use your existing infrastructure investments.
If you have any compliance requirements or local regulations that restrict you to run workloads on Public Cloud environments, you can fulfill those requirements with ECS Anywhere as you won’t move any of your applications or data to a Public Cloud.
If you have any plans to move to the cloud, this feature is the first step of that journey. ECS Anywhere is a Hybrid option. This means you can run your containers on both on-premises and cloud with a standardized container orchestrator. ECS Anywhere eases the operation of managing both environments at the same time. You won’t need expertise in different toolsets.
ECS Anywhere offers a fully managed control plane. With ECS Anywhere, you don’t need to run and operate separate container management software for your on-premises workloads. You can configure your Task Definitions or Container Definitions with the familiar ECS interface and orchestrate your workloads for both on-premise and cloud from the same place. You will use the same APIs, same cluster management operations, workload scheduling methods, and monitoring options when using ECS on cloud.
Another benefit of using ECS Anywhere is the ability to use the cloud as a secondary expandable infrastructure option for your workloads. You can run the base capacity of your application’s needs on your own infrastructure and whenever you need to scale those applications you can use AWS for meeting the load on the peak times.
Amazon ECS Anywhere instances are optimized for running applications that generate outbound traffic or processing data. Lack of having a Load Balancing support makes running applications that generate inbound traffic (like a web service) less efficient. The containers running on ECS Anywhere instances must use Bridge, Host or None network options. Also, you need a connection to ECS Control Plane running on AWS.
ECS Anywhere in Action
I have prepared a demonstration to show you how you can configure and use ECS Anywhere in your environment. I have launched two Ubuntu Virtual Machines running on VMware vSphere.
First, I need to create an ECS Control Plane from AWS. When creating an ECS Cluster I am choosing the Networking Only mode.
Next, I will configure the cluster as usual.
Mostly, I am choosing most of the default values but you can change the default configurations according to your needs.
After creating the cluster, there are no instances by default as you can see in the screenshot below.
For adding external Virtual Machines to this cluster, I need to register those instances.
Before registering the instances, I have created the necessary IAM Role for those instances. As you can see in the screenshot above, there is an IAM Role named ECSAnywhereRole. You can follow the instructions from documentation and create your own roles.
On the Register External Instances page, there is a generated registration command. I am going to run this command on both of my instances.
curl --proto "https" -o "/tmp/ecs-anywhere-install.sh" "https://amazon-ecs-agent.s3.amazonaws.com/ecs-anywhere-install-latest.sh" && bash /tmp/ecs-anywhere-install.sh --region "eu-west-1" --cluster "ecs-anywhere" --activation-id "59a61e67-1d8e-475e-b92b-aa07c6253b63" --activation-code "w5aZRcqAypd+YgT9+AYI"
You can see the installation for ECS Agent, SSM Agent, , an Activation ID, and an Activation Code for successful registration in this snippet. Of course that ID and Code are going to be unavailable when you read this blog post.
After installing necessary packages and agents, you will see an output similar to the screenshot below.
Now I can see those external instances from the AWS Console as well.
As you can see, there is some information about instance status, agent connection status and the External Instances parameter is true. If you add EC2 instances to this cluster you can see those from here as well with External Instances parameter set to false.
Now finally, I will run an example nginx container on those external instances. I am starting with Task Definition configuration.
I have chosen the External Launch Type Compatibility for this Task Definition. Next I will configure the Task Definition and the Container Definition as well.
For running the task, I have chosen the External Launch Type as well. Now I can see the running task from the ECS Console.
I can now login to the instance and see the containers from there as well.
As you can see from the screenshot, I have two running containers on that node. ECS Agent and the Nginx container that we have configured from the ECS Console. I can now reach that container.
It is running as expected.
Conclusion
Using the same APIs and operating model of ECS is a huge benefit for running container workloads on your environment. You won’t need to configure and manage separate container orchestration tools on different environments. Moreover, if you have compliance requirements or regulatory restrictions, ECS Anywhere can be the right solution for you.
