Creating an Amazon ECS service that uses Service Discovery

Amazon ECS services with Service Discovery enable dynamic discovery of containerized services using AWS Cloud Map, allowing tasks to register and find each other by DNS names without hardcoding IPs.

Core Concepts
Service Discovery integrates ECS with Cloud Map to automatically register service instances with custom names and health checks. Use it for microservices where tasks need to communicate via service names (e.g., api.default.local). Supports private/public namespaces and automatic deregistration on task stops.

When an ECS task associated with a service discovery-enabled ECS service starts, Amazon ECS automatically registers the task's IP address and port with AWS Cloud Map. Other services within the same Cloud Map namespace can then resolve the service's name (e.g., myservice.example.com) to discover the IP addresses of the running tasks and establish connections. This eliminates the need for manual IP address management and provides a flexible, dynamic way for services to interact.

Before you start this tutorial, make sure that the following prerequisites are met:

• The latest version of the AWS CLI is installed and configured. For more information, see Installing or updating to the latest version of the AWS CLI.

• The steps described in Set up to use Amazon ECS are complete.

• Your IAM user has the required permissions specified in the AmazonECS_FullAccess IAM policy example.

• You have created at least one VPC and one security group. For more information, see Create a virtual private cloud.

Step 1: Create the Service Discovery resources in AWS Cloud Map
Follow these steps to create your service discovery namespace and service discovery service:

1. Create a private Cloud Map service discovery namespace. This example creates a namespace that's called tutorial. Replace vpc-abcd1234 with the ID of one of your existing VPCs.

aws servicediscovery create-private-dns-namespace \
      --name tutorial \
      --vpc vpc-abcd1234

1. Using the OperationId from the output of the previous step, verify that the private namespace was created successfully. Make note of the namespace ID because you use it in subsequent commands. aws servicediscovery get-operation \ --operation-id h2qe3s6dxftvvt7riu6lfy2f6c3jlhf4-je6chs2e
2. Using the NAMESPACE ID from the output of the previous step, create a service discovery service. This example creates a service named myapplication. Make note of the service ID and ARN because you use them in subsequent commands.

aws servicediscovery create-service \
      --name myapplication \
      --dns-config "NamespaceId="ns-uejictsjen2i4eeg",DnsRecords=[{Type="A",TTL="300"}]" \
      --health-check-custom-config FailureThreshold=1

Step 2: Create the Amazon ECS resources
Follow these steps to create your Amazon ECS cluster, task definition, and service:

1. Create an Amazon ECS cluster. This example creates a cluster that's named tutorial.

aws ecs create-cluster \
      --cluster-name tutorial

1. Register a task definition that's compatible with Fargate and uses the awsvpc network mode. Follow these steps:

a. Create a file that's named fargate-task.json with the contents of the following task definition.

{
    "family": "tutorial-task-def",
        "networkMode": "awsvpc",
        "containerDefinitions": [
            {
                "name": "sample-app",
                "image": "public.ecr.aws/docker/library/httpd:2.4",
                "portMappings": [
                    {
                        "containerPort": 80,
                        "hostPort": 80,
                        "protocol": "tcp"
                    }
                ],
                "essential": true,
                "entryPoint": [
                    "sh",
                    "-c"
                ],
                "command": [
                    "/bin/sh -c \"echo '<html> <head> <title>Amazon ECS Sample App</title> <style>body {margin-top: 40px; background-color: #333;} </style> </head><body> <div style=color:white;text-align:center> <h1>Amazon ECS Sample App</h1> <h2>Congratulations!</h2> <p>Your application is now running on a container in Amazon ECS.</p> </div></body></html>' >  /usr/local/apache2/htdocs/index.html && httpd-foreground\""
                ]
            }
        ],
        "requiresCompatibilities": [
            "FARGATE"
        ],
        "cpu": "256",
        "memory": "512"
}

b. Register the task definition using fargate-task.json.

aws ecs register-task-definition \
      --cli-input-json file://fargate-task.json

1. Create an ECS service by following these steps:

Create a file that's named ecs-service-discovery.json with the contents of the ECS service that you're creating. This example uses the task definition that was created in the previous step. An awsvpcConfiguration is required because the example task definition uses the awsvpc network mode.

When you create the ECS service, specify Fargate and the LATEST platform version that supports service discovery. When the service discovery service is created in AWS Cloud Map , registryArn is the ARN returned. The securityGroups and subnets must belong to the VPC that's used to create the Cloud Map namespace. You can obtain the security group and subnet IDs from the Amazon VPC Console.

{
    "cluster": "tutorial",
    "serviceName": "ecs-service-discovery",
    "taskDefinition": "tutorial-task-def",
    "serviceRegistries": [
       {
          "registryArn": "arn:aws:servicediscovery:region:aws_account_id:service/srv-utcrh6wavdkggqtk"
       }
    ],
    "launchType": "FARGATE",
    "platformVersion": "LATEST",
    "networkConfiguration": {
       "awsvpcConfiguration": {
          "assignPublicIp": "ENABLED",
          "securityGroups": [ "sg-abcd1234" ],
          "subnets": [ "subnet-abcd1234" ]
       }
    },
    "desiredCount": 1
}

b. Create your ECS service using ecs-service-discovery.json.

aws ecs create-service \
      --cli-input-json file://ecs-service-discovery.json 

Step 3: Verify Service Discovery in AWS Cloud Map
You can verify that everything is created properly by querying your service discovery information. After service discovery is configured, you can either use AWS Cloud Map API operations, or call dig from an instance within your VPC. Follow these steps:

1. Using the service discovery service ID, list the service discovery instances. Make note of the instance ID (marked in bold) for resource cleanup.

 aws servicediscovery list-instances \
       --service-id srv-utcrh6wavdkggqtk

1. Use the service discovery namespace, service, and additional parameters such as ECS cluster name to query details about the service discovery instances.

aws servicediscovery discover-instances \
      --namespace-name tutorial \
      --service-name myapplication \
      --query-parameters ECS_CLUSTER_NAME=tutorial

1. The DNS records that are created in the Route 53 hosted zone for the service discovery service can be queried with the following AWS CLI commands:

Using the namespace ID, get information about the namespace, which includes the Route 53 hosted zone ID.

aws servicediscovery \
      get-namespace --id ns-uejictsjen2i4eeg

b. Using the Route 53 hosted zone ID from the previous step (see the text in bold), get the resource record set for the hosted zone.

aws route53 list-resource-record-sets \
      --hosted-zone-id Z35JQ4ZFDRYPLV 

1. You can also query the DNS from an instance within your VPC using dig.

dig +short myapplication.tutorial

Step 4: Clean up
When you're finished with this tutorial, clean up the associated resources to avoid incurring charges for unused resources. Follow these steps:

1. When you're finished with this tutorial, clean up the associated resources to avoid incurring charges for unused resources. Follow these steps:

aws servicediscovery deregister-instance \
      --service-id srv-utcrh6wavdkggqtk \
      --instance-id 16becc26-8558-4af1-9fbd-f81be062a266

1. Using the OperationId from the output of the previous step, verify that the service discovery service instances were deregistered successfully.

aws servicediscovery get-operation \ 
      --operation-id xhu73bsertlyffhm3faqi7kumsmx274n-jh0zimzv

1. Delete the service discovery service using the service ID.

aws servicediscovery delete-service \ 
      --id srv-utcrh6wavdkggqtk

1. Delete the service discovery namespace using the namespace ID.

aws servicediscovery delete-namespace \ 
      --id ns-uejictsjen2i4eeg

1. Using the OperationId from the output of the previous step, verify that the service discovery namespace was deleted successfully.

aws servicediscovery get-operation \ 
      --operation-id c3ncqglftesw4ibgj5baz6ktaoh6cg4t-jh0ztysj

1. Update the desired count for the Amazon ECS service to 0. You must do this to delete the service in the next step.

aws ecs update-service \
      --cluster tutorial \
      --service ecs-service-discovery \
      --desired-count 0

1. Delete the Amazon ECS service.

aws ecs delete-service \
      --cluster tutorial \
      --service ecs-service-discovery

1. Delete the Amazon ECS cluster.

aws ecs delete-cluster \
      --cluster tutorial

Key Benefits vs Alternatives

Practice Question: What is required for ECS Service Discovery?
Answer: Cloud Map namespace/service + awsvpc networking; auto-registers task IPs as DNS records.

Service discovery pricing

Customers using Amazon ECS service discovery are charged for Route 53 resources and AWS Cloud Map discovery API operations. This involves costs for creating the Route 53 hosted zones and queries to the service registry. For more information, see AWS Cloud Map Pricing
Amazon ECS performs container level health checks and exposes them to AWS Cloud Map custom health check API operations. This is currently made available to customers at no extra cost. If you configure additional network health checks for publicly exposed tasks, you're charged for those health checks.

Flow Diagram

Reference:

1. Use service discovery to connect Amazon ECS services with DNS names
2. What Is AWS Cloud Map?

---