Amazon Elastic Container Service (ECS) with a Load Balancer | AWS Tutorial with New ECS Experience
ฝัง
- เผยแพร่เมื่อ 8 ก.ค. 2024
- In a prior video ( • Containers with Amazon... ), I introduced you to the basics of working with the Elastic Container Service (ECS) on AWS. But in that video, we only used a single container, accessing it from the container’s public IP address.
In this video, we’ll make things more real-world, by running multiple containers and balancing traffic across them using an Application Load Balancer (ALB).
In a hands-on tutorial, we’ll create two security groups-one for the ALB and one for the ECS service. Then we’ll create an ECS cluster and task definition that pulls in an NGINX container from the Amazon Elastic Container Registry (ECR) Public Gallery. From there, we’ll create the ECS service, and while doing that, we’ll create the Application Load Balancer. But there’s a gotcha here! Make sure you stay to the end to find out how to get the load balancing working properly.
🌟🌟If you’re interested in getting AWS certifications, check out these full courses. They include lots of hands-on demos, quizzes and full practice exams. Use FRIENDS10 for a 10% discount!
- AWS Certified Cloud Practitioner: academy.zerotomastery.io/a/af...
- AWS Certified Solutions Architect Associate: academy.zerotomastery.io/a/af...
00:00 - Overviewing what we’ll be building, and the need for a load balancer with ECS
01:38 - Understanding the security groups we need to get the load balancer working in ECS
02:43 - Creating two security groups in the AWS Console
04:43 - Creating an ECS Cluster
05:38 - Creating a new task definition for NGINX
07:12 - Deploying the ECS service
08:30 - Creating the load balancer to work with the ECS service (warning: There’s a gotcha here!)
10:08 - Testing our load balancer
10:34 - The load balancer doesn’t work!
10:58 - Fixing the security groups so that our load balancer works
12:00 - Now the load balancer works with our ECS containers!
12:22 - Summarizing what we’ve built
12:33 - IMPORTANT!! Deleting your ECS task, service, cluster, task definition, load balancer and security groups - วิทยาศาสตร์และเทคโนโลยี
The part about the two security groups save my life...
I'm so glad!! :)
I love the way tutorials are structured with the concepts and some theory explained beyond the practice. Thanks!
Awww, thanks so much for the nice comment! Glad they're helpful! 😊🙏
the explanation about the security groups and how they work was essential to my understanding about some issues I was facing during a ECS service setup. You rock! Nice job!
Oh wonderful! I'm so glad it helped. Security groups are super important in AWS land. Thanks for watching! 😊
Man this is a really good breakdown of what you plan to do before you do it. Very good teaching style. I also like the fact that you always do a clean up of resources at the end. Keep it up.
Thanks for such a nice comment, Derrick! So glad you're enjoying the videos. 😊
Hi, just wanted to drop a comment to say thank you for this excellent tutorial. Your clear instructions saved my day at work! I really appreciate the effort you put into making these complex concepts so easy to understand. Keep up the great work!
Hey Arif! 😊 Thanks so much for the nice comment...made my day! 🌟🙏🔥
Awesome video; thanks for sharing. I've been fighting with my task to make it accessible since yesterday, and then I found this, straight to the point and fixed my issue!
Oh, fantastic! I'm so glad it helped. Thanks for watching! 😊
I love your teaching style. Less word but whatever you explain is relevant to the topic. Neat & explanation with demo. Appreciate your effort.
Oh, you're very kind!!! Thanks so much for the support! 🙏🌟🤓
You rock!. The way you explain, I believe even anyone without any aws knowledge will understand easily how to setup things in aws. Your voice is so clear and interesting to follow. Please keep it up
Thanks so much, Suresh!! Really appreciate the nice comment! 😊
omg you just made this so easy, I've been suffering with all of this for months now, THANK YOU!!!
YAY!!! I'm so glad it helped! Thanks for the nice comment. 🙏🌟🤓
This is very good; a crystal clear explanation. I found it very useful to understand a training course I am doing.
In the course, we constructed a more complex setup. A load balancer connected to a node.js container which in turn talks to a mongodb database. The database, however, is linked to another AWS resource; EFS, elastic file system. This saves the database data so that if the mongodb container goes down or is stopped, which would cause data stored within to be lost, the data is still held in the EFS.
Oh, interesting! Nice redundancy there! 😎
Thanks , u saved my day I was stuck on it for 2 days and everytime the task failed but now following this tutorial it's is up and running
Oh, I'm so glad!! That makes it all worth it! 🥰🔥
Fantastic video, this is exactly what I was looking for.
Thank you so much
I'm so glad it helped! Thanks for watching! 😊
That was a great tutorial, I really appreciate it. Keep up the good work.
Thanks so much, Marcin! Really glad it helped! 😊
you are doing a great job
Wow, thanks so much!! Really appreciate the support! 🙏🌟😊
Fantastic Video, coming from a Network Architect that's never used AWS before!
Oh wonderful! I'm so glad it helped. Thanks for watching! 🙏🌟🤓
Great Tutorial, clear and sweet voice.
Thank you kindly!!! 😊🙏🌟
great teaching skill
You're too kind!! Thanks so much for watching! 🙏🌟🤓
Thanks, it helped a lot
I'm so glad! Thanks for watching! 🙏🌟🤓
Well explained , very helpful
I'm so glad it helped!! Thanks for watching! 🤓🌟🙏
Hey thank you for the video and efforts! Loved it, first time finding you out, will definitely be sticking around for the other aws videos! 🔥
Yay! Welcome to the channel, Liger! 😊
This is very helpful tutorial. appreciated. Keep up the good work.
Thanks for supporting the channel, Sandeep! 😊
You saved my life!
Yay! I'm so glad it was helpful. Thanks for watching, and for the nice comment! 🙏🌟🤓
Thanks! This is a really great tutorial video for beginners.
Glad it was helpful! Thanks for watching! 🙏🤓🌟
very good, thanks
You bet! Glad it helped! 🤓
The best 👍🏼
You're very kind!!! Thanks for watching! 🤓🙏🌟
this is really helpful and it's working fine, you save me today- Thank you so much
Great to hear!
I watched multiple videos for how ECS work, After watch this ..ya i got clarity Now, how to do AND your way of demo appreciate....So good and clear explanation ...... Thank you so much ...
Oh, I'm so glad it helped! 💪 Thanks for the nice comment! 😊
12/10 - This is so good! Thank you making it!! Subbed
Thank you so much!! 🤓🌟🙏 Welcome to the channel!
amazing teaching skill. And I have been being an engineer for like 10 years : )
Wow, thanks! Really appreciate the nice comment!! Thank you for watching! 🙏🤓🌟
Amazing amazing content with excellent explaination
Oh wow...thanks SO much!! This made my day. 🙏🌟🤓
Great video! Thank you so much!
Thanks so much for watching! Glad it was helpful! 😊
Thank you so much! That was very helpful!
I'm so glad! Thanks for watching! 😊🙏🥰
Well explained...i understood easily. thank u so much .
You bet! Thanks for watching! 😊🙏
Really appreciate it.
You bet! Thanks for watching! 😊
What an amazing tutorial mam. Made me a fan of you. Thanks a lot.
Thanks a lot!! 😊 Much appreciated.
It's a request that please make a tutorial on managing EC2 cluster for ECS (alternative to Fargate)
@@TinyTechnicalTutorials
Great suggestion, Talha! I'll add this to my list. Thank you! 🙏🌟🤓
The best ever
THANK YOU!!! 🙏🤓🌟
Thank you. It's better than the best seller aws developer certification course on udemy.
Wow, thanks! Really appreciate the nice comment! 😊🔥😎
Thank you woman, you're amei-zing
Thank you so much!! 🙏🌟🤓
Thank you really helpfull !!
Yay! I'm so glad it was helpful. Thanks for watching, and for the nice comment! 🙏🌟🤓
Thank you , thank you
You solve my biggest problem
Oh, I'm so glad! Thanks for watching! 😊
Very clearly demonstrated. I guess the only criticism you might make, and it's slight, is that running an ALB constantly sort of defeats the purpose of using Fargate.
Fair point! 👍🤓
This video is out of amazon playlist
Ooh, great catch! Just added it to the playlist. Thanks so much for letting me know! 🙏
I didnt know Meryl Streep is so knowledgeable with AWS! Hehe. Great video :)
LOL!! That's the nicest compliment ever!! A belated thank you! 🥰🙏🌟
Nice explanation could you please make a viedo on this part how can we start the service on ecs container and also how can we increase the desired value on any particular service
Great suggestion! I'll add it to my list for future videos. Thanks for watching! 🌟🤓🙏
Helpful video, would recommend you expand on this where you use ECS with HTTPS / SSL since that is a common use-case and I don't see a good tutorial on TH-cam 👍
Great suggestion--thanks, @joemac84! 😎🌟💪 I'll add this to my list!
Thank you for putting together such a great, well-paced and narrated video on this topic. Is there any chance you would cover this same topic except for those situations where we might be launching into an Amazon ECS Optimized EC2 instance? I’m having some difficulty at the moment and am having difficulty finding any good documentation or videos explaining how to properly set things up. I’ve subscribed as I really enjoy your teaching style and hope to see you come out with more content!
Thanks for such a nice comment! 🥰 Glad it was helpful. And I'll add your suggestions to my list for future videos. I appreciate the suggestion!
Thank you so much! Could you please make a video on ECS EC2 launch type?
Thanks for watching, Aakash! 🙏🌟🤓 I'll add this to my list for future videos...thanks for the suggestion!
great explanation thank you, if i have two task definitions and deployed two services using those definitions, can i use the same load balancer to distribute the traffic to the correct service dependent on the host name ?
note, launch type is ec2 asg
Hey Ali! 👋 If I'm understanding the scenario, you should be able to do this using host-based rules on your load balancer/listener. Maybe this article will help? aws.plainenglish.io/host-based-routing-in-aws-application-load-balancers-d0e7b1e793ac
Nice ✅
Thanks! 🔥
@@TinyTechnicalTutorials it's the first time Ill understand ECS. Kudos to you!
I'm so glad! :)
wowwww, your voice is so good to hear maate ..
hey can u guide me , how to load balance between different services which are hostng different container or task ..
Thanks for the nice comment, Vishnu! 😊 To handle multiple services, maybe this will help? docs.aws.amazon.com/AmazonECS/latest/developerguide/register-multiple-targetgroups.html
These are super helpful. Can you do some terraform tutorials if possible please for AWS?
Thanks for the kind words, Mineth! 😊 I definitely want to do some Terraform videos...it's on my list! Thanks for the suggestion!
Great job!
I have a little question: It is possible to run a docker with multiple ports, for example backend have an API (:80) and WebSocket (:8099)?
and then run all than on a Cluster/Service -> CloudFront -> Route53 to user access, or here you need to create 2 separated services?
thanks.
Thanks so much, Sasa! Glad you enjoyed it. :) Yes, it's possible to have multiple open ports on a container. Here's an article that might help: krishna-thotakura.medium.com/deploy-on-ecs-fargate-a-docker-container-that-exposes-multiple-ports-5c00035558e3
This is great. Do you have any tutorial on how to setup https/SSL on the load balancer ?
Thanks, codegeek1001! So glad you liked it. :) I don't have any tutorials on setting up HTTPS/SSL for a load balancer, but maybe this will get you started? docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html
Hi, thank you for the great tutorial! One question: is that able to work if the load balancer and the Container have the same security group, which allows all traffic? It is not a good design, but I'd like to know if 2 different security groups are necessary for aws. Thanks!
Thanks for watching, Chenyang! 🙏👋🌟 Yes, that should work. A security group is just a collection of protocols/ports, and can be used by different resources. But you're right...it would be better to keep them separate, so that if you need to change it for the load balancer, it won't break the containers. Hope that makes sense! 😊
Very nice demo! Liked!! Just the one part that you did not go over was the networking for the ECS service - the subnets.....were they public/private? I'm guessing they are private .. Overall, very nicely explained and I keep coming back to your channel for AWS demos !! Keep up the great work!
Thanks for the kind words, Bhakta, and sorry for the slow response! 😊 You're right...I could have explained the networking setup better. I was just using the default VPC and its preconfigured subnets. By default, those are public subnets (with routes to an internet gateway). If your ECS app wasn't going to be handling internet traffic, then you could make them private subnets. Hope that helps! Thanks for watching! 🙏🌟🤓
Very tricky to open all TCP traffic from elb to ec2. Keep same ports open to avoid unnecessary attack vectors.
Thanks, Constantine! 👍
Will this work with ec2 instead of fargate? No matter what I try, the only way it work if I allow all traffic in the container's security group. If not, ecs doesn't show the container instances
I have node js app. Can you suggest which aws service i should pick to deploy my bot
Hi soltsdev! 😊 As with most things in AWS, "it depends." If you don't want to deal with underlying infrastructure, you could use Elastic Beanstalk (basically just upload your code and go...AWS will provision everything else for you). AWS Amplify makes it easy to build full-stack apps, and again the underlying infrastructure is provisioned for you (if you have front end, back end, database and authentication components to your bot, this would be a good option). Or if you want a lot of control, you could create an EC2 instance and deploy your bot there. Lots of options!!
This was a great tutorial, but I couldn't get it to work as described. I eventually created a "WideOpen" security group to allow all traffic between the load balancer and the service (not great practice, but since I was doing this as a skill builder and wasting lots of time trying to debug it, that was one way to get unblocked).
Hi amylsFlexable! Sorry to hear you couldn't get it working (or not working without a "WideOpen" security group). I know I got tripped up with the multiple security groups, and the way it defaults to the wrong one about halfway through...it took me a couple tries to get it right myself. But hope you were still able to learn something new! Thanks for watching! 😊
@@TinyTechnicalTutorials I think possibly the trick is the group may need both HTTP and TCP access to be able to pass through the content the container is delivering on port 80 (video shows just TCP), but that's just a guess. My theory is it needs TCP for the health check and HTTP to deliver the web content, but I wouldn't be watching your video if I were an expert :)
Ahhh, interesting! I'll go back and double-check...
WOW thanks...I guess Im going to donate some money cause this unblocked me... I also clarified some stuff; the diagrams are great. I love you
Oh, you're too kind!!! 🥰 I'm glad it helped! 🙏🌟🤓
What is the best practice to choose subnets for the cluster? Public or private?
Hi @ozycozy! 👋 Apologies for the delayed response! Generally speaking, you want to put things in a private subnet unless they need to be accessed from the internet (and even in that case, you'll usually put a load balancer in front of them for the public access, then keep everything else private). But this thread actually brings up some other really good points: www.reddit.com/r/aws/comments/12qhwtc/ecs_fargate_why_bother_using_private_subnets_nat/. Hope that helps! 😊
AWS went mad at 11:11
Yes, it did! 😄
This is a nice presentation but I can not get it to work. Not sure how it can work using the default vps since the subnets are not associated with a routetable with a gateway.
Hey David! I believe you answered this question in the other video, so closing this one. 😊
I have one Que. if we set port 8080 for the container then what setting do we need to do for the security group ?
Hi Abhijeet! The security group on the Service (which contains the tasks/containers) should accept incoming traffic from the OTHER security group (that sits on the load balancer). So that wouldn't change. You might be thinking about the "port mapping" section of the task definition, around @06:33 in the video?
Maybe this will help?
docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PortMapping.html
stackoverflow.com/questions/65205267/containerport-and-hostport-which-one-is-used-by-the-web-application-interna
Can you create one video for the use application with different port and allocated the persistence storage
I have been going through many videos and this is exactly what i'm looking for, very clear, can you help us with
* Postgres database shading on AWS RDS Proxy.
thank you.
Thanks for watching, Musa! 😊 I'll add this topic to my list for future videos.
@@TinyTechnicalTutorials thank you, notifications bell is turned on 🔔
It would be great if you could show how one could extend this solution such that an external client needs to use https (even though the container does not). Every attempt I make to do so fails (but AWS Console does not tell me why). I can only get an unsecure http client to work. There has got to be some trick perhaps hidden somewhere deep in the documentation that I am missing. I could not find a single tutorial that explains how one can have an https client - they are ALL http.
Great series by the way!!
And I had no idea one could create the load balancer, target group, and security groups from the EC2 page. Seeing that was a real breakthrough. There are a lot of 'gotchas' on the ECS. The challenge I am having when using https is configuring the listeners and security group incoming rules. I need https coming into ALB and http:8080 going to the container from ALB. Seems like it should be simple, but it is not!
Hi @Gyannea! 😊 The most obvious thing to check (which you might have already done) is that your load balancer has a security group that allows inbound 443 from the internet. And then add your SSL/TLS certificate to the load balancer too: repost.aws/knowledge-center/associate-acm-certificate-alb-nlb. But I'll also add this topic to my list for future videos. Thanks for the suggestion! 😎
@@TinyTechnicalTutorials Yes, I have done that but it still fails. There are a couple of caveats. My container health check will return a 401, not 200. However, there is no way to specify that BEFORE you create the service. After you create the service, race as fast as you can to the CloudFormation, click on resources, find the target group, edit the health check, click on the advanced, and then add the 401 (200,401). If you do it fast enough the service creation will not fail due to that reason. The other caveat is the ApplicationLoadBalancer. You cannot have a private and public network in the same 'region'. If you do, that will fail. I have addressed those two issues, but I hate the race to update the target group.
The failures I get after that I do not understand and cannot find any AWS logging about the failure or reason. It's been days of frustration and I am still working on it. Giving up on FARGATE. Don't want it in the end anyways.
What if I had 2 APIs running in separeted tasks in a single cluster? Do I need to create a ALB to each task (API) or I could do something else?
Hi Victor! 👋 Apologies for the slow response. If you're still looking for an answer...
When using a single ECS cluster with multiple services or tasks, the recommended approach is to use a single load balancer and create a target group for each process/task. This allows both processes to route traffic to the cluster independently while sharing the same load balancer infrastructure. Hope that helps 😊
@@TinyTechnicalTutorials Yeah it helps a lot! it was the approach I took and things are working fine! thx!
It didnt work as intended. I included an SSL certificate to allow https traffic on the load balancer port 433 but the LB URL returns a 503. The IP address from my container is assecible only via http and not https.
Hi Wunderlust! 👋 This might just be a typo in your comment, but did you mean port 443 (rather than 433)? SSL uses 443.
Yes I do. I set up the load balancer to allower traffic on port 433 and port 80. When i visit the Loadbalancer URL i get the response 503 service unavailable. Do you have a tutorial for https @@TinyTechnicalTutorials
Why are questions/comments being deleted?
Hey David! 👋 Are you maybe looking for your comment on this video? th-cam.com/video/86Ys0LnMSnY/w-d-xo.html
Ok, I can see it sorry.
I would have never got it running without your information about the security group needing to be edited after launch. Holy cow AWS is the worst system on the planet.
Haha! Yes, I spent a long time banging my head against the wall on that part. Glad it saved you some time! 🤓🌟
Why don't you teach the business properly in a way that is usable, why didn't you teach it with the https protocol? literally made the video useless
Oh no!! Sorry for that! 😢