AWS ECS - Understanding Public and Private services

ArdiH

So, from the documentation says:

Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service.

https://aws.amazon.com/ecs/

Prologue

When look container platform orchestrator, then we relate with Kubernetes. But this is not. It's AWS native platform. So, it's running docker for the container, but slightly different. Now check.


EKS - Elastic Kubernetes Service

The diagram above is simple Kubernetes service in AWS. Very simple, one application that use 1 worker, 1 service, and integrated with AWS load balancer. Simple. Now look at this image below.


2 services, 2 pods.

Now, it's getting more serious. But it's simple also, we can set the service that we want to associate with load balancer or not. Let me show you how to create service in both app.

apiVersion: v1
kind: Service
metadata:
  name: nodeapp-master # backend service
  labels:
    app: nodeapp
    role: master
    tier: backend
spec:
  ports:
  - port: 8080
    targetPort: 8080
  selector:
    app: nodeapp
    role: master
    tier: backend

apiVersion: v1
kind: Service
metadata:
  name: phpapp-master # frontend service
  labels:
    app: phpapp
    tier: frontend
spec:
  type: LoadBalancer # public load balancer assign automatically
  ports:
  - port: 80
  selector:
    app: phpapp
    tier: frontend

Looks simple. For code above you can check it in my Github: https://github.com/immma/EKS-connecting-service-to-service
we can specify what service purpose with spec:

From information above, how we implement same style in AWS ECS? Before we getting started, the communication between frontend service and backend service is regulated by ENI (Elastic Network Interface) and also Kubernetes Control to work with. In EC2 we got several private IPs that we associated with internal Kubernetes cluster automatically.

Now we go to ECS

Before we getting started, please take a look this documentation https://aws.amazon.com/blogs/aws/amazon-ecs-service-discovery/.

Look at the difference. From diagram above it clearly explains that we need Route 53 to regulated service registry using private hosted zone.
Just want to mention some important component here:

  • ENI stands for Elastic Network Interface
  • .corp is private hosted zone name
  • Route 53 is DNS service

Why do we need Route 53? In Kubernetes, service name is created by defined yaml file as Kubernetes object and associated with cluster IP.

In Kubernetes if you have service that come as backend-nodejs then following namespace (if you have one). Simply you can call it as http://backend-nodejs.
But ECS doesn't. So ECS need Route 53 and ECS service discovery to control service name.

For example if have one EC2 worker to play with, then diagram should be like:


I use one EC2 worker.

I just deploy same application with different architecture.

Please take a note that for backend, I'm using awsvpcfor networking to work with service discovery.


All of my services, frontend and backend.


Backend page, task definition is nodebackend-1:1


Service discovery endpoint is backend.local


Task definition nodebackend-1:1 networking mode is awsvpc

More tips:
After creating service with service discovery I have to check it with Cloud9. Just launch Cloud9 instance with minimal spec and take a note that Cloud9 have to launched in same VPC with associated service discovery. Now check in the Cloud9 terminal.


I just need dig command.

Because I use port 8080 in the backend app, just simply type command curl backend.local:8080

If you have existing image that call services from Kubernetes then, you may change your code a bit. For my code, would be:

<?php

    // $jsonurl = "https://05f73690990b461fb918310c655b6feb.vfs.cloud9.ap-southeast-2.amazonaws.com";
    $host = 'http://backend.local:8080'; //service discovery endpoint
    if (getenv('GET_HOSTS_FROM') == 'env') {
    $host = getenv('NODEAPP_MASTER_SERVICE_HOST');
    }
    
    
    $json = file_get_contents($host);
    // var_dump(json_decode($json));
    
    $jsondata = json_decode($json);
    
    foreach ($jsondata as $data) {
        echo "userID: " . $data->userId . "\n";
        echo "title: " . $data->title . "\n";
        echo "comments: " . $data->body . "\n";
        echo "---------------------------------\n";
    }
    
?>

And for the last, expected result would be:


Hey, it works.

Call with PHP command line is perfect. But we need to check with existing public application load balancer.


It works also with application load balancer.

And PROFIT!!

More yet pro tips:

If you want to deploy updated container in your service, just use force deployment.


Service update.


Change deregistration delay.


Deregister target for immediate draining.

Hope this article explained about ECS services.

Happy testing!