SlideShare a Scribd company logo

Managed Container Orchestration with Amazon ECS

P
Philipp Garbe

The document discusses managed container orchestration using Amazon ECS, emphasizing its benefits, integration with AWS, and the implementation of automated node draining and scaling. It outlines the architecture of a custom service (Infinity) and how it utilizes Lambda functions for tasks like cross-account proxying and monitoring service health. Additionally, it provides resources and blog links for further exploration of ECS automation and CloudFormation best practices.

Internet
1 of 49
Downloaded 10 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
Managed Container Orchestration with ECS Philipp Garbe (@pgarbe) Scout24
Managed Container Orchestration with Amazon ECS
● Philipp Garbe ● Lead Platform Engineer @Scout24 ● Docker Captain ● Living in Bavaria ● Working in the Cloud About Me
Our purpose: Inspiring your best decisions. We connect people, cars and homes.
Platform Engineering
Improve the developer experience With kind permissions of Alexey Gravanov
Managed Container Orchestration with Amazon ECS
How to run it in production?
So many choices... Amazon ECS Docker Swarm Azure Container Services Cloud Foundry’s Diego https://www.linux.com/news/8-open-source-CONTAINER-ORCHESTRATION-TOOLS-KNOW CoreOS Fleet Google Container Engine Kubernetes Mesosphere Marathon
Amazon ECS Docker Swarm Azure Container Services Cloud Foundry’s Diego https://www.linux.com/news/8-open-source-CONTAINER-ORCHESTRATION-TOOLS-KNOW CoreOS Fleet Google Container Engine Kubernetes Mesosphere Marathon
Deep Integration with AWS ● Cluster and Services can be created with CloudFormation ● Tasks have their own IAM role ● Dynamic port mapping with ALB Easy to maintain ● Cluster state is managed by AWS Follows our IT principals β‡’ All orchestration tools can run containers! Why ECS?
Under the hood
What? It’s not managed? ECS has no AutoScaling? No automated Node draining? BUT: We don’t want to run / care about the cluster
Resources: Service: Type: 'Custom::InfinityService' Properties: ServiceToken: 'arn:aws:lambda:eu-west-1:123456789012:function:angus' ServiceName: my-service ImageName: 210987654321.dkr.ecr.eu-west-1.amazonaws.com/awesome-app ContainerPort: 9000 Make it simple
Infinity & Angus
Infinity
Infinity = Managed ECS Cluster ECS + ● Automated node draining ● Automated Scaling ● Cross-Account Proxy ● Watchdog Lambda ● Some tweaks
Automated Node Draining The Problem ECS offers Node Draining, but ASG is not interested in it
Automated Node Draining ASG Lifecycle Hook + SNS + Lambda
Automated Scaling The Problem No proper CloudWatch metric to scale out and in
● CPU Utilization ● Memory Utilization ● CPU Reservation ● Memory Reservation ECS Metrics
New metric: # of schedulable containers
Example Have enough resources for 1 - 2 of our max containers Scale out when # of schedulable containers < 1 Scale in when # of schedulable containers > 2
How many schedulable containers?
How many schedulable containers?
How many schedulable containers?
How many schedulable containers?
Cross-Account Proxy The Problem TaskRoleArn supports only roles of the same account
Default Roles ecsAutoScalingRole ecsContainerInstanceRole ecsServiceRole ecsTaskRole ● Read CloudWatch Metrics ● Modify App AutoScaling ● ECR: Get Images ● ECS: De/Register Container Instances ● De/Register Instances with Load Balancer ● Everything your task needs to do
Managed Container Orchestration with Amazon ECS
Managed Container Orchestration with Amazon ECS
● Re-route call to ECS-Agent ● ECS-Agent gets credentials based on configured TaskRole ● TaskRole needs only one permission: AssumeRole ● X-Acc-Proxy assumes role (Role ARN comes from Docker Label) ● X-Acc-Proxy returns credentials from assumed role Cross Account Proxy
Managed Container Orchestration with Amazon ECS
WatchDog Lambda The Problem Timeout of creating an ECS service which don’t get healthy is 3h!
WatchDog Lambda Lambda who checks for status codes like ● β€œEssential container in task exited” ● β€œTask failed ELB health checks” β‡’ Cancels the CloudFormation stack update
● HealthCheck in cfn-init ● β€œVersion” in UserData ● Partitions for images and logs ● Container cleanup ECS_ENGINE_TASK_CLEANUP_WAIT_DURATION Tweaks
Angus
>500 lines of CloudFormation template ● Load balancer ● Security Groups ● Auto scaling ● Roles ● Alarms ECS Service and Taskdefinition
Managed Container Orchestration with Amazon ECS
Resources: Service: Type: 'Custom::InfinityService' Properties: ServiceToken: 'arn:aws:lambda:eu-west-1:123456789012:function:angus' ServiceName: my-service ImageName: 210987654321.dkr.ecr.eu-west-1.amazonaws.com/awesome-app ContainerPort: 9000 Make it simple
● Like AWS Service Catalog but for managed services ● Translator to map properties of a custom resource to CloudFormation stack parameters ● Handles the whole CloudFormation workflow ● Supports versioned templates ● Allow to roll out template changes to existing stacks What is Angus?
Angus
Team: stack.yaml CloudFormation specific Angus specific Template specific Service: Type: 'Custom::InfinityService' Properties: ServiceToken: > 'arn:aws:lambda:eu-west-1:123456789012:function:angus' ServiceName: my-service ImageName: nginx Cpu: 512 Configuration: - MY_ENV_VAR: my-value
Team: stack.yaml Service: Type: 'Custom::InfinityService' Properties: ServiceToken: > 'arn:aws:lambda:eu-west-1:123456789012:function:angus' ServiceName: my-service ImageName: nginx Cpu: 512 Configuration: - MY_ENV_VAR: my-value Defines service type (which template should be used) Defines stack name in platform account Arn of Angus lambda
Team: stack.yaml Service: Type: 'Custom::InfinityService' Properties: ServiceToken: > 'arn:aws:lambda:eu-west-1:123456789012:function:angus' ServiceName: my-service ImageName: nginx Cpu: 512 Configuration: - MY_ENV_VAR: my-value Platform: my-service AWSTemplateFormatVersion: '2010-09-09' Parameters: ImageName: Type: String Description: Name of the Docker Image Cpu: Type: Number Default: 512 MinValue: 0 MaxValue: 4096 Description: CPU reservation for the task Configuration1: Type: String Description: An item of possible environment variables Default: ''
Template Versioning ● Allows you to introduce new features (like HealthCheckPath) ● Allows you to apply new features from AWS Rollout strategies ● Canary releases for existing stacks ● For new stacks But: Be backwards compatible!
Questions ?
Automated Node Draining: https://aws.amazon.com/blogs/compute/how-to-automate-container-instance-draining-in-amazon-ecs/ IAM Reference: https://iam.cloudonaut.io CloudFormation Hacks: http://garbe.io/blog/2017/07/17/cloudformation-hacks/ AutoScaling of ECS clusters: ● http://garbe.io/blog/2017/04/12/a-better-solution-to-ecs-autoscaling/ ● https://help.spotinst.com/hc/en-us/articles/115004452129-EC2-Container-Service-ECS-Autoscaler High quality CloudFormation templates http://templates.cloudonaut.io Useful resources
www.scout24.com Philipp Garbe Twitter: @pgarbe Blog: garbe.io

More Related Content

PDF
JavaDay Lviv: Serverless Archtiectures
Antons Kranga
Β 
PDF
ECS and ECR deep dive
Shiva Narayanaswamy
Β 
PDF
DevOps Days Tel Aviv - Serverless Architecture
Antons Kranga
Β 
PDF
Netflix Container Runtime - Titus - for Container Camp 2016
aspyker
Β 
PPTX
Riga dev day: Lambda architecture at AWS
Antons Kranga
Β 
PPTX
Container orchestration overview
Wyn B. Van Devanter
Β 
PPTX
Container Orchestration with Docker Swarm and Kubernetes
Will Hall
Β 
PDF
ApacheCon NA - Apache Camel K: connect your Knative serverless applications w...
Nicola Ferraro
Β 
JavaDay Lviv: Serverless Archtiectures
Antons Kranga
Β 
ECS and ECR deep dive
Shiva Narayanaswamy
Β 
DevOps Days Tel Aviv - Serverless Architecture
Antons Kranga
Β 
Netflix Container Runtime - Titus - for Container Camp 2016
aspyker
Β 
Riga dev day: Lambda architecture at AWS
Antons Kranga
Β 
Container orchestration overview
Wyn B. Van Devanter
Β 
Container Orchestration with Docker Swarm and Kubernetes
Will Hall
Β 
ApacheCon NA - Apache Camel K: connect your Knative serverless applications w...
Nicola Ferraro
Β 

What's hot (8)

PPTX
Netflix0SS Services on Docker
Docker, Inc.
Β 
PDF
Kubernetes on AWS
Grant Ellis
Β 
PPTX
Kubernetes @ Nanit by Chen Fisher
DoiT International
Β 
PPTX
Webcast - Making kubernetes production ready
Applatix
Β 
PDF
Building Out Your Kafka Developer CDC Ecosystem
confluent
Β 
PDF
Sf bay area Kubernetes meetup dec8 2016 - deployment models
Peter Ss
Β 
PDF
Riga DevDays 2017 - Efficient AWS Lambda
Antons Kranga
Β 
PPTX
CI Implementation with Kubernetes at LivePerson by Saar Demri
DoiT International
Β 
Netflix0SS Services on Docker
Docker, Inc.
Β 
Kubernetes on AWS
Grant Ellis
Β 
Kubernetes @ Nanit by Chen Fisher
DoiT International
Β 
Webcast - Making kubernetes production ready
Applatix
Β 
Building Out Your Kafka Developer CDC Ecosystem
confluent
Β 
Sf bay area Kubernetes meetup dec8 2016 - deployment models
Peter Ss
Β 
Riga DevDays 2017 - Efficient AWS Lambda
Antons Kranga
Β 
CI Implementation with Kubernetes at LivePerson by Saar Demri
DoiT International
Β 
Ad

Similar to Managed Container Orchestration with Amazon ECS (20)

PPTX
Amazon ECS.pptx tasks conatiner ecs new car
zineblahib2
Β 
PPTX
ECS and Docker at Okta
Jon Todd
Β 
PDF
Running Docker clusters on AWS (June 2016)
Julien SIMON
Β 
PPTX
AWS ECS Meetup Talentica
Anshul Patel
Β 
PDF
Running Docker Containers on AWS
Vladimir Simek
Β 
PPTX
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks
Β 
PDF
Introduction to Amazon EC2 Container Service
christophertcannon
Β 
PPTX
ECS - from 0 to 100
Vitaliy Kuznetsov
Β 
PDF
Running Docker clusters on AWS (November 2016)
Julien SIMON
Β 
PDF
Amazon ECS (March 2016)
Julien SIMON
Β 
PPTX
Docker on Amazon ECS
Deepak Kumar
Β 
PDF
Deliver Docker Containers Continuously on AWS - QCon 2017
Philipp Garbe
Β 
PDF
intro elastic container service amazon aws
DanielJara92
Β 
PDF
ecs-presentation
Marc Costello
Β 
PPTX
AWS Elastic Container Service (ECS) with a CI Pipeline Overview
Wyn B. Van Devanter
Β 
PDF
Artem Zhurbila - docker clusters (solit 2015)
Artem Zhurbila
Β 
PPTX
AWS ECS LESSONS LEARNED
humayun Jamal
Β 
PDF
Docker Container automatisiert nach AWS deployen - Continuous Lifecycle 2016
Philipp Garbe
Β 
PDF
Deliver Docker Containers Continuously On AWS - DevOpsCon Munich 2016
Philipp Garbe
Β 
PDF
Getting started with Amazon ECS
Ioannis Polyzos
Β 
Amazon ECS.pptx tasks conatiner ecs new car
zineblahib2
Β 
ECS and Docker at Okta
Jon Todd
Β 
Running Docker clusters on AWS (June 2016)
Julien SIMON
Β 
AWS ECS Meetup Talentica
Anshul Patel
Β 
Running Docker Containers on AWS
Vladimir Simek
Β 
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks
Β 
Introduction to Amazon EC2 Container Service
christophertcannon
Β 
ECS - from 0 to 100
Vitaliy Kuznetsov
Β 
Running Docker clusters on AWS (November 2016)
Julien SIMON
Β 
Amazon ECS (March 2016)
Julien SIMON
Β 
Docker on Amazon ECS
Deepak Kumar
Β 
Deliver Docker Containers Continuously on AWS - QCon 2017
Philipp Garbe
Β 
intro elastic container service amazon aws
DanielJara92
Β 
ecs-presentation
Marc Costello
Β 
AWS Elastic Container Service (ECS) with a CI Pipeline Overview
Wyn B. Van Devanter
Β 
Artem Zhurbila - docker clusters (solit 2015)
Artem Zhurbila
Β 
AWS ECS LESSONS LEARNED
humayun Jamal
Β 
Docker Container automatisiert nach AWS deployen - Continuous Lifecycle 2016
Philipp Garbe
Β 
Deliver Docker Containers Continuously On AWS - DevOpsCon Munich 2016
Philipp Garbe
Β 
Getting started with Amazon ECS
Ioannis Polyzos
Β 
Ad

More from Philipp Garbe (6)

PDF
Run Jenkins as Managed Product on ECS - AWS Meetup
Philipp Garbe
Β 
PDF
Is Platform Engineering the new Ops?
Philipp Garbe
Β 
PDF
Finding Cars and Hunting Down Logs - ElasticSearch @AutoScout24
Philipp Garbe
Β 
PDF
Deliver docker containers continuously on aws
Philipp Garbe
Β 
PDF
ElasticSearch on AWS
Philipp Garbe
Β 
PDF
DockerCon 2016 Seattle Recap
Philipp Garbe
Β 
Run Jenkins as Managed Product on ECS - AWS Meetup
Philipp Garbe
Β 
Is Platform Engineering the new Ops?
Philipp Garbe
Β 
Finding Cars and Hunting Down Logs - ElasticSearch @AutoScout24
Philipp Garbe
Β 
Deliver docker containers continuously on aws
Philipp Garbe
Β 
ElasticSearch on AWS
Philipp Garbe
Β 
DockerCon 2016 Seattle Recap
Philipp Garbe
Β 

Recently uploaded (20)

PDF
Testing WebRTC applications at scale.pdf
Giacomo Vacca
Β 
PPTX
Job_Card_System_Styled_lorem_ipsum_.pptx
Jeffkigen
Β 
PDF
The New Creative Director: How AI Tools for Social Media Content Creation Are...
SageTitans
Β 
PDF
WebRTC in SignalWire - troubleshooting media negotiation
Giacomo Vacca
Β 
PDF
πŸ’° π”πŠπ“πˆ πŠπ„πŒπ„ππ€ππ†π€π πŠπˆππ„π‘πŸ’πƒ π‡π€π‘πˆ 𝐈𝐍𝐈 πŸπŸŽπŸπŸ“ πŸ’°
GRAB
Β 
PPTX
CHE NAA, , b,mn,mblblblbljb jb jlb ,j , ,C PPT.pptx
sumodmjohn3
Β 
PPTX
Introduction to Information and Communication Technology
AkmadArzieAyao1
Β 
PDF
Cloud-Scale Log Monitoring _ Datadog.pdf
MuhammadDhomanhuriMa
Β 
PPTX
international classification of diseases ICD-10 review PPT.pptx
naveenithkrishnan
Β 
PPTX
Introduction about ICD -10 and ICD11 on 5.8.25.pptx
naveenithkrishnan
Β 
PDF
Tenda Login Guide: Access Your Router in 5 Easy Steps
tendawifi16
Β 
PDF
Best Practices for Testing and Debugging Shopify Third-Party API Integrations...
CartCoders
Β 
PPTX
artificial intelligence overview of it and more
yafotin445
Β 
PPTX
Introuction about WHO-FIC in ICD-10.pptx
naveenithkrishnan
Β 
PPTX
Introuction about ICD -10 and ICD-11 PPT.pptx
naveenithkrishnan
Β 
PDF
Vigrab.top – Online Tool for Downloading and Converting Social Media Videos a...
Vigrab Top
Β 
PDF
An introduction to the IFRS (ISSB) Stndards.pdf
farhankhan13694
Β 
PPTX
Funds Management Learning Material for Beg
NKKumar16
Β 
PPTX
presentation_pfe-universite-molay-seltan.pptx
yahyamohibme
Β 
PDF
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
APNIC
Β 
Testing WebRTC applications at scale.pdf
Giacomo Vacca
Β 
Job_Card_System_Styled_lorem_ipsum_.pptx
Jeffkigen
Β 
The New Creative Director: How AI Tools for Social Media Content Creation Are...
SageTitans
Β 
WebRTC in SignalWire - troubleshooting media negotiation
Giacomo Vacca
Β 
πŸ’° π”πŠπ“πˆ πŠπ„πŒπ„ππ€ππ†π€π πŠπˆππ„π‘πŸ’πƒ π‡π€π‘πˆ 𝐈𝐍𝐈 πŸπŸŽπŸπŸ“ πŸ’°
GRAB
Β 
CHE NAA, , b,mn,mblblblbljb jb jlb ,j , ,C PPT.pptx
sumodmjohn3
Β 
Introduction to Information and Communication Technology
AkmadArzieAyao1
Β 
Cloud-Scale Log Monitoring _ Datadog.pdf
MuhammadDhomanhuriMa
Β 
international classification of diseases ICD-10 review PPT.pptx
naveenithkrishnan
Β 
Introduction about ICD -10 and ICD11 on 5.8.25.pptx
naveenithkrishnan
Β 
Tenda Login Guide: Access Your Router in 5 Easy Steps
tendawifi16
Β 
Best Practices for Testing and Debugging Shopify Third-Party API Integrations...
CartCoders
Β 
artificial intelligence overview of it and more
yafotin445
Β 
Introuction about WHO-FIC in ICD-10.pptx
naveenithkrishnan
Β 
Introuction about ICD -10 and ICD-11 PPT.pptx
naveenithkrishnan
Β 
Vigrab.top – Online Tool for Downloading and Converting Social Media Videos a...
Vigrab Top
Β 
An introduction to the IFRS (ISSB) Stndards.pdf
farhankhan13694
Β 
Funds Management Learning Material for Beg
NKKumar16
Β 
presentation_pfe-universite-molay-seltan.pptx
yahyamohibme
Β 
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
APNIC
Β 

Managed Container Orchestration with Amazon ECS