ECS Workshop - ECS Service Connect

--- tags: ECS, Containers, AWS, Workshop --- # ECS Workshop - Amazon ECS service connect ![alt text](https://raw.githubusercontent.com/awslabs/aws-icons-for-plantuml/main/source/unofficial/AWS-Architecture-Icons_SVG_20200430/SVG%20Light/_Group%20Icons/AWS-Cloud-alt_light-bg.svg "Tech Series" =20x20) This workshop is aimed at software engineers and platform engineers who want to get hands-on experience with Amazon ECS service connect, and using them to build container solutions for ECS workloads. Amazon ECS service connect provides opinionated management of service-to-service communication. It does this by building opinionated management of both service discovery and a service mesh. This provides a unified way to refer to your services within namespaces, and standardized metrics and logs to monitor all of your applications on Amazon ECS. There is no additional infrastructure configuration required for service-to-service communication when using Amazon ECS service connect. Amazon ECS service connect configures each task for your applications to discover services. Now developers can reference and connect to their services by logical names, and ECS Service Connect will ensure that traffic is load balanced across healthy service endpoints. Operators can enjoy simplified infrastructure configuration, where load balancers are deployed only for external traffic. Additionally, all service communications inside VPCs are configured automatically, now with better insights into traffic right in the ECS Console, that simplifies both the operational and debugging experience. ## Download the cloud formation templates Log into the Cloud9 environment and with an open Terminal window complete the following steps to setup the labs ```bash= mkdir /tmp/serviceconnect && cd /tmp/serviceconnect curl 'https://static.us-east-1.prod.workshops.aws/public/c08d4e90-2c37-414f-8efb-ba325170cdc3/static/artifacts.zip' --output artifacts.zip unzip artifacts.zip && rm artifacts.zip ``` Deploy the Prereq ```bash= export SPATH="/tmp/serviceconnect" source $SPATH/scripts/env.sh cd ${SPATH}/scripts/base-infra-setup/ ./create-base-infra.sh ``` ## Lab Review The following architecture diagram illustrates the Infrastructure components which are pre-provisioned in the account (on which this workshop is built upon). ![alt text](https://static.us-east-1.prod.workshops.aws/public/c08d4e90-2c37-414f-8efb-ba325170cdc3/static/ecssc-cfn-yaml.png "Architecture") Following are the resources pre-provisioned by the CloudFormation stack called `ecsws-base-infra` * a VPC * pair of public and private subnets spread across two Availabilty Zones * an Internet Gateway, with a default route on the public subnets * a pair of NAT Gateways (one in each AZ) * a Cloud 9 IDE * default routes for the NAT Gateways in the private subnets * IAM Roles for the Yelb application tasks, task execution * Security Groups for the Yelb app service components * Service Discovery Namespaces for the yelb app components * External load balancer and target groups to expose the yelb ui app * Internal load balancer and target groups to expose the yelb app server ## Download Artifacts Download the artifacts and scripts used for the workshop. Execute the following command: ```bash= cd ~/environment mkdir ecsws && cd ecsws curl 'https://static.us-east-1.prod.workshops.aws/public/c08d4e90-2c37-414f-8efb-ba325170cdc3/static/artifacts.zip' --output artifacts.zip unzip artifacts.zip && rm artifacts.zip ``` Load the environment variables by running the following command: ```bash= export SPATH="/home/ec2-user/environment/ecsws" source $SPATH/scripts/env.sh ``` ## Install the tools Install the yaml helper tools and upgrade the AWS CLI version in the Cloud9 environment by executing the following script: ```bash= cd $SPATH sudo ./scripts/cloud9-setup.sh ./scripts/aws-ecs-sc.sh ``` Verify the installation by running the following command: ```bash= ytt --version yq --version aws --version ``` ## Load Cloudformation Outputs We need to export the cloudformation outputs and configure our service and task yaml template files to reflect the correct values. We have a ready script to do this configuration on the fly. ```bash= cd $SPATH ./scripts/export-cfn-values.sh awsRegion=$(yq '.awsRegion' ${YTT}/output/cfn-stack-exports.yaml) export AWS_DEFAULT_REGION=$awsRegion ``` :::danger :warning: You may get an error when running the script which is the consequence of running the line listed below. If you are running this workshop at the end of another ECS workshop, the role has been created for the original workshop. Therefor this is a false positive and you can move on. ``` aws iam create-service-linked-role --aws-service-name ecs.amazonaws.com ``` **Output**: An error occurred (InvalidInput) when calling the CreateServiceLinkedRole operation: Service role name AWSServiceRoleForECS has been taken in this account, please try a different suffix. ::: **You have now successfully setup your Cloud9 environment** Continue with the workshop via the following link https://catalog.workshops.aws/ecs-service-connect/en-US/environment-setup/yelb-application