When an ECS task associated with a service discovery-enabled ECS service starts, Amazon ECS automatically registers the task's IP address and port with AWS Cloud Map. Other services within the same Cloud Map namespace can then resolve the service's name (e.g., myservice.example.com) to discover the IP addresses of the running tasks and establish connections. This eliminates the need for manual IP address management and provides a flexible, dynamic way for services to interact.
Before you start this tutorial, make sure that the following prerequisites are met:
The latest version of the AWS CLI is installed and configured. For more information, see Installing or updating to the latest version of the AWS CLI.
The steps described in Set up to use Amazon ECS are complete.
Your IAM user has the required permissions specified in the AmazonECS_FullAccess IAM policy example.
You have created at least one VPC and one security group. For more information, see Create a virtual private cloud.
Step 1: Create the Service Discovery resources in AWS Cloud Map
Follow these steps to create your service discovery namespace and service discovery service:
Create a private Cloud Map service discovery namespace. This example creates a namespace that's called tutorial. Replace vpc-abcd1234 with the ID of one of your existing VPCs.
aws servicediscovery create-private-dns-namespace \
--name tutorial \
--vpc vpc-abcd1234Using the OperationId from the output of the previous step, verify that the private namespace was created successfully. Make note of the namespace ID because you use it in subsequent commands.
aws servicediscovery get-operation \
--operation-id h2qe3s6dxftvvt7riu6lfy2f6c3jlhf4-je6chs2eUsing the NAMESPACE ID from the output of the previous step, create a service discovery service. This example creates a service named myapplication. Make note of the service ID and ARN because you use them in subsequent commands.
aws servicediscovery create-service \
--name myapplication \
--dns-config "NamespaceId="ns-uejictsjen2i4eeg",DnsRecords=[{Type="A",TTL="300"}]" \
--health-check-custom-config FailureThreshold=1
Step 2: Create the Amazon ECS resources
Follow these steps to create your Amazon ECS cluster, task definition, and service:
Create an Amazon ECS cluster. This example creates a cluster that's named tutorial.
aws ecs create-cluster \
--cluster-name tutorialRegister a task definition that's compatible with Fargate and uses the awsvpc network mode. Follow these steps:
a. Create a file that's named fargate-task.json with the contents of the following task definition.
{
"family": "tutorial-task-def",
"networkMode": "awsvpc",
"containerDefinitions": [
{
"name": "sample-app",
"image": "public.ecr.aws/docker/library/httpd:2.4",
"portMappings": [
{
"containerPort": 80,
"hostPort": 80,
"protocol": "tcp"
}
],
"essential": true,
"entryPoint": [
"sh",
"-c"
],
"command": [
"/bin/sh -c \"echo '<html> <head> <title>Amazon ECS Sample App</title> <style>body {margin-top: 40px; background-color: #333;} </style> </head><body> <div style=color:white;text-align:center> <h1>Amazon ECS Sample App</h1> <h2>Congratulations!</h2> <p>Your application is now running on a container in Amazon ECS.</p> </div></body></html>' > /usr/local/apache2/htdocs/index.html && httpd-foreground\""
]
}
],
"requiresCompatibilities": [
"FARGATE"
],
"cpu": "256",
"memory": "512"
}
b. Register the task definition using fargate-task.json.
aws ecs register-task-definition \
--cli-input-json file://fargate-task.json
- Create an ECS service by following these steps:
Create a file that's named ecs-service-discovery.json with the contents of the ECS service that you're creating. This example uses the task definition that was created in the previous step. An awsvpcConfiguration is required because the example task definition uses the awsvpc network mode.
When you create the ECS service, specify Fargate and the LATEST platform version that supports service discovery. When the service discovery service is created in AWS Cloud Map , registryArn is the ARN returned. The securityGroups and subnets must belong to the VPC that's used to create the Cloud Map namespace. You can obtain the security group and subnet IDs from the Amazon VPC Console.
{
"cluster": "tutorial",
"serviceName": "ecs-service-discovery",
"taskDefinition": "tutorial-task-def",
"serviceRegistries": [
{
"registryArn": "arn:aws:servicediscovery:region:aws_account_id:service/srv-utcrh6wavdkggqtk"
}
],
"launchType": "FARGATE",
"platformVersion": "LATEST",
"networkConfiguration": {
"awsvpcConfiguration": {
"assignPublicIp": "ENABLED",
"securityGroups": [ "sg-abcd1234" ],
"subnets": [ "subnet-abcd1234" ]
}
},
"desiredCount": 1
}
b. Create your ECS service using ecs-service-discovery.json.
aws ecs create-service \
--cli-input-json file://ecs-service-discovery.json
Step 3: Verify Service Discovery in AWS Cloud Map
You can verify that everything is created properly by querying your service discovery information. After service discovery is configured, you can either use AWS Cloud Map API operations, or call dig from an instance within your VPC. Follow these steps:
- Using the service discovery service ID, list the service discovery instances. Make note of the instance ID (marked in bold) for resource cleanup.
aws servicediscovery list-instances \ --service-id srv-utcrh6wavdkggqtk - Use the service discovery namespace, service, and additional parameters such as ECS cluster name to query details about the service discovery instances.
aws servicediscovery discover-instances \ --namespace-name tutorial \ --service-name myapplication \ --query-parameters ECS_CLUSTER_NAME=tutorial - The DNS records that are created in the Route 53 hosted zone for the service discovery service can be queried with the following AWS CLI commands:
Using the namespace ID, get information about the namespace, which includes the Route 53 hosted zone ID.
aws servicediscovery \
get-namespace --id ns-uejictsjen2i4eeg
b. Using the Route 53 hosted zone ID from the previous step (see the text in bold), get the resource record set for the hosted zone.
aws route53 list-resource-record-sets \
--hosted-zone-id Z35JQ4ZFDRYPLV
- You can also query the DNS from an instance within your VPC using dig.
dig +short myapplication.tutorial
Top comments (0)