5

I am trying to use ecs-cli compose to manage my services and tasks on Amazon ECS.

I'm unable to find a way using the service up command to create a new service with an application load balancer (even when that load balancer already exists).

This seems possible with service create, but the API is different from the service up API, and I'm not sure how to specify params in the same way with create. And it would generally be preferable to use just the up command for consistency. The documentation is pretty scattered, there's many different ways to do the same things, just wondering what best practice is here. Any suggestions greatly appreciated.

Worth noting, everything is working for me, so long as I have an existing task definition and I create my service through the Amazon AWS GUI while specifying the load balancer. So I'm thinking about moving all my compose config into a task-definition.json and use it directly with aws ecs cli.

I have a working docker-compose.yml file:

# docker-compose.yml

version: "3"

services:
  application:
    image: ${IMAGE_ARN}
    command: npm start
    ports:
      - "8000:8000"
  nginx:
    image: ${IMAGE_ARN}
    ports:
      - "80:80"

And an accompanying ecs-params.yml file:

# ecs-params.yml

version: 1

task_definition:
  task_role_arn: ${ROLE_ARN}
  task_execution_role: ${ROLE_ARN}
  ecs_network_mode: awsvpc
  task_size:
    mem_limit: 0.5GB
    cpu_limit: 256
  container_definitions:
    - name: application
    - name: nginx

run_params:
  network_configuration:
    awsvpc_configuration:
      assign_public_ip: ENABLED
      subnets:
        - ${SUBNET_1_ID}
        - ${SUBNET_2_ID}
      security_groups:
        - ${SECURITY_GROUP_ID}

The command that I run to bring the service up is:

ecs-cli compose service up \
--file docker-compose.yaml \
--ecs-params ecs-params.yaml \
--project-name service-name

Any way to specify the load balancer configuration through that command?

jordancooperman
  • 1,931
  • 2
  • 21
  • 33
  • There is much dialog here: https://github.com/aws/amazon-ecs-cli/issues/21. Suggested workaround is to define tasks using ecs-cli and create service using aws ecs. Not bad, but is there a better way? – jordancooperman Dec 22 '18 at 19:19

1 Answers1

9

It seems like latest ecs-cli version does support load balancer configuration with service up.

Have you tried providing --target-group-arn option?. Assuming you have already created ALB and Target Group to associate ECS service. Here is sample command I just tested.

ecs-cli compose --file docker-compose.yaml --project-name nginx \
--ecs-params ecs-params.yaml service up \
--target-group-arn "arn:aws:elasticloadbalancing:us-east-1:xxxxxxxx:targetgroup/awsvpc-nginx/2bf8921935c827bd" \
--container-name nginx --container-port 80

Note -

  1. target-group-arn, container-name and container-port options are mandatory for load balancer association and they have to be provided in command after service up.
  2. I see you are trying to use awsvpc mode for the tasks. I am not sure you are trying to bring up EC2 or Fargate type launch container.
  3. If you do want awsvpc mode then please make sure your load balancer target group has target created with type ip instead of instance.
  4. If you are on EC2 launch type but with awsvpc mode then please make sure EC2 AMI is Amazon-ECS Optimized AMI. If you are on Fargate type then your assign_public_ip should DISABLED.

Do let me know your feedback.

Reference - https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cmd-ecs-cli-compose-service.html

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html

Imran
  • 5,542
  • 3
  • 23
  • 46
  • Hi @Imran many thanks for the detailed response. I am using type `awsvpc` with a load balancer of type `ip` so all good there. I'm running version 1.12.1 and still getting an error when trying to use `--target-group-arn`, is that the version you're on as well? Thanks! – jordancooperman Jan 10 '19 at 18:49
  • @jordancooperman I am on 1.12.1 as well. what is the error you are getting?. check my example. the placement of `--target-group-arn` is very important. Also, I tested it using `awsvpc` mode only. – Imran Jan 10 '19 at 18:51
  • Okay, that does seem to work when in the order you specify, now I understand that `compose` takes different flags than `up` does. Now debugging a different error: `InvalidParameterException: Unable to assume role and validate the specified targetGroupArn. Please verify that the ECS service role being passed has the proper permissions.\n\tstatus code: 400,` I've added a `--task-role-arn {AWSServiceRoleForECSARN}` but still no dice. Will post updates here, let me know if you have any ideas. Once I resolve, I'll mark this answer correct! – jordancooperman Jan 10 '19 at 19:31
  • @jordancooperman This is ECS Task Role. `Optional IAM role that tasks can use to make API requests to authorized AWS services. Create an Amazon Elastic Container Service Task Role in the IAM Console`. Was this working before you provided above target group configuration?. This is provided in your ecs-params.yml and has nothing to do with target group configuration. Make sure you provided full Arn to this. – Imran Jan 10 '19 at 19:46
  • 1
    You're right, all working great now, thanks for your help! – jordancooperman Jan 10 '19 at 22:47
  • `--target-group-arn` is only relevant on **creation** see: https://github.com/aws/amazon-ecs-agent/issues/497#issuecomment-240876617 – cdosborn Sep 16 '19 at 15:19
  • i am wondering if I can assign multiple target group to multiple containers through ecs-cli compose command? – user2361494 Mar 05 '20 at 18:10
  • @user2361494 once you have ECS tasks, you can assign your containers to multi TG. See `--target-groups` option in the following [Docs](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cmd-ecs-cli-compose-service-up.html) – Haeyoon J. Jun 20 '22 at 11:17