Docker's ECS Plugin has been released, and it seems that it also supports the stable version of Docker for Mac, so I tried it.
There are official documents and commentary sites, but there were some stumbling blocks, so (Unknowingly, the docker ecs compose command has been integrated into docker compose ...) I summarized it as a memo for ECS beginners.
Version 2 is required for AWS CLI. We recommend that you update both Docker and AWS CLI to the latest version.
Reference link: AWS CLI Settings Installing, updating, and uninstalling AWS CLI version 2 on macOS
This time, I will use Docker official sample. First, check the operation locally. It is almost written in Official Doc, but as a memo for myself, it is a Docker official sample. I will explain the procedure of.
--Pull Docker official sample
$ git clone https://github.com/docker/ecs-plugin.git
$ cd ecs-plugin/example/
--Tag with the name example and build the app directory
$ docker build app -t example
--Specify a tag and confirm that the image has been created
$ docker images --filter reference=example
REPOSITORY TAG IMAGE ID CREATED SIZE
example latest 33e46b7030e0 4 minutes ago 52.3MB
--Local operation check
$ docker run -t -i -p 5000:5000 example
Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
Try accessing http://0.0.0.0:5000/. Because redis is not running redis.exceptions.ConnectionError Should occur. Exit with CTRL + C.
Amazon ECR is like Docker Hub. Push the created Docker image to ECR and pull it when using docker-compose.
python
$ docker context use default
$ docker context ls
This also creates an IAM user according to Official Doc .. Follow the steps to create it with the name "Administrator". When you sign in as the IAM user you created, "Administrator @ aws_account_id" is displayed in the navigation bar. ex. Administrator@1234-5678-9012
Make a note of the credentials as you will use them later. aws_account_id aws_access_key_id aws_secret_access_key
In my case, I use the Tokyo region (ap-northeast-1). Enter the aws_account_id confirmed in the navigation bar in [aws_account_id] without hyphens. ex. 1234-5678-9012 => 123456789012
$ aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin [aws_account_id].dkr.ecr.ap-northeast-1.amazonaws.com
Login Succeeded
Now that you have an image to push to Amazon ECR, create a repository to hold it. Create a repository called example: latest and push the example image you just created.
--Create a repository
$ aws ecr create-repository \
--repository-name example \
--image-scanning-configuration scanOnPush=true \
--region ap-northeast-1
--Tagging images to push to the repository
$ docker tag example:latest [aws_account_id].dkr.ecr.ap-northeast-1.amazonaws.com/example:latest
--Push the image
$ docker push [aws_account_id].dkr.ecr.ap-northeast-1.amazonaws.com/example:latest
$ aws ecr list-images --repository-name example
Pull the image pushed to ECR and check the operation locally. Make sure you can push the image to ERC. Open the Amazon ECR console (https://console.aws.amazon.com/ecr/). The example repository should have been created.
Copy the URL. Paste it into the image in docker-compose.yml and docker-compose up. comment out x-aws-pull_credentials as they are not needed this time.
example/docker-compose.yml
version: "3.8"
services:
frontend:
build: app
# x-aws-pull_credentials: <<<your arn for your secret you can get with docker ecs secret list>>>
image: 123456789012.dkr.ecr.ap-northeast-1.amazonaws.com/example:latest
ports:
- "5000:5000"
depends_on:
- backend
backend:
image: redis:alpine
$ docker-compose up
You can pull the image pushed to ECR, so you can check the operation of the app locally.
I was able to confirm the operation of redis.
$ docker-compose down
As per docker docs (translation), create it with the name myecscontext. Use the credentials you created in IAM earlier. aws_access_key_id aws_secret_access_key
$ docker context create ecs myecscontext
? Select AWS Profile new profile
? profile name myecscontext
? Region ap-northeast-1
? Enter credentials Yes
? AWS Access Key ID aws_access_key_id
? Enter AWS Secret Access Key aws_secret_access_key
Successfully created ecs context "myecscontext"
Check context
$ docker context ls
NAME TYPE DESCRIPTION DOCKER ENDPOINT KUBERNETES ENDPOINT ORCHESTRATOR
default * moby Current DOCKER_HOST based configuration unix:///var/run/docker.sock swarm
myecscontext ecs ap-northeast-1
Use myecscontext
$ docker context use myecscontext
this tool requires the "new ARN resource ID format"
It looks like you need to enable the long ARN format. I think it's magic and execute it.
$ aws ecs put-account-setting-default --name awsvpcTrunking --value enabled
$ aws ecs put-account-setting-default --name containerInsights --value enabled
$ aws ecs put-account-setting-default --name containerInstanceLongArnFormat --value enabled
$ aws ecs put-account-setting-default --name serviceLongArnFormat --value enabled
$ aws ecs put-account-setting-default --name taskLongArnFormat --value enabled
It's finally ECS, but it's over in an instant. When docker compose up, resources are automatically created and deployed.
$ docker compose up
WARN[0000] services.build: unsupported attribute
[+] Running 17/17
⠿ example CREATE_COMPLETE 204.0s
⠿ ExampleLoadBalancer CREATE_COMPLETE 122.0s
⠿ FrontendTCP5000TargetGroup CREATE_COMPLETE 1.0s
⠿ CloudMap CREATE_COMPLETE 51.0s
⠿ FrontendTaskExecutionRole CREATE_COMPLETE 22.0s
⠿ LogGroup CREATE_COMPLETE 3.0s
⠿ ExampleDefaultNetwork CREATE_COMPLETE 8.0s
⠿ Cluster CREATE_COMPLETE 6.0s
⠿ BackendTaskExecutionRole CREATE_COMPLETE 21.0s
⠿ ExampleDefaultNetworkIngress CREATE_COMPLETE 1.0s
⠿ FrontendTaskDefinition CREATE_COMPLETE 3.0s
⠿ BackendTaskDefinition CREATE_COMPLETE 4.0s
⠿ FrontendServiceDiscoveryEntry CREATE_COMPLETE 3.0s
⠿ BackendServiceDiscoveryEntry CREATE_COMPLETE 1.9s
⠿ BackendService CREATE_COMPLETE 68.0s
⠿ FrontendTCP5000Listener CREATE_COMPLETE 1.0s
⠿ FrontendService CREATE_COMPLETE 68.0s
Check the status of the running container.
$ docker compose ps
ID NAME REPLICAS PORTS
example-BackendService-xSDWkSABSvEt backend 1/1
example-FrontendService-0pIz1giwUZg4 frontend 1/1 ExampleLoadBalancer-29dbd0f98418a861.elb.ap-northeast-1.amazonaws.com:5000->5000/tcp
Try accessing the frontend PORTS. I think you have deployed the sample app. http://ExampleLoadBalancer-29dbd0f98418a861.elb.ap-northeast-1.amazonaws.com:5000/
If you docker compose down, the resource will be deleted automatically.
$ docker compose down
[+] Running 17/17
⠿ example DELETE_COMPLETE 515.0s
⠿ ExampleLoadBalancer DELETE_COMPLETE 389.0s
⠿ FrontendTCP5000TargetGroup DELETE_COMPLETE 389.0s
⠿ CloudMap DELETE_COMPLETE 514.0s
⠿ FrontendTaskExecutionRole DELETE_COMPLETE 393.0s
⠿ LogGroup DELETE_COMPLETE 471.0s
⠿ ExampleDefaultNetwork DELETE_COMPLETE 467.0s
⠿ Cluster DELETE_COMPLETE 467.0s
⠿ BackendTaskExecutionRole DELETE_COMPLETE 472.0s
⠿ ExampleDefaultNetworkIngress DELETE_COMPLETE 3.0s
⠿ FrontendTaskDefinition DELETE_COMPLETE 390.0s
⠿ BackendTaskDefinition DELETE_COMPLETE 467.0s
⠿ FrontendServiceDiscoveryEntry DELETE_COMPLETE 389.0s
⠿ BackendServiceDiscoveryEntry DELETE_COMPLETE 467.0s
⠿ BackendService DELETE_COMPLETE 464.0s
⠿ FrontendTCP5000Listener DELETE_COMPLETE 388.0s
⠿ FrontendService DELETE_COMPLETE 386.0s
Docker official sample Deploying Docker container on ECS How to start Amazon ECR using AWS CLI How to start Amazon ECS with Fargate The docker ecs command was born by collaboration between Docker and AWS, so I tried using it I tried Amazon ECS deployment of Docker Compose
Recommended Posts