First of all, unfortunately AWS ECS (EC2 Container Service) currently is not available in Australia. I guess it is not a surprise. As it happened to some other AWS products in the past as well.
I created my first ECS container instance in the US region, and had a bit play with it. Here are my notes:
1) AWS provides ECS-optimized AMI. It basically is a EC2 instance – Amazon Linux with docker installed, and has the ecs agent which itself is a container as well. User should be able to use their own AMI as ECS container instance, as long as docker (1.5+) and AWS ECS container agent are installed. Also the ecs-agent container needs to be created as following (the cluster name is kept in the file /etc/ecs/ecs.config). I will try to use RHEL7 as the container host on AWS, see how it goes.
touch /etc/ecs/ecs.config; mkdir -p /var/log/ecs; docker run –name ecs-agent -d -v /var/run/docker.sock:/var/run/docker.sock -v /var/log/ecs:/log -p 127.0.0.1:51678:51678 –env-file /etc/ecs/ecs.config -e ECS_LOGFILE=/log/ecs-agent.log amazon/amazon-ecs-agent
2) ECS uses json file to create task definition which includes one or more containers, it allows allocating CPU/RAM usage to each container, inter-connection between containers, mounting volume from host or other containers on the same host, port mapping… This is a sample of a task definition. It has two containers, one is the web server, the other is the busy box which generates a simple html page to display on the web-server container.
{
“taskDefinitionArn”: “arn:aws:ecs:us-west-2:092666830250:task-definition/console-sample-app-static:1”,
“revision”: 1,
“containerDefinitions”: [
{
“volumesFrom”: [],
“portMappings”: [
{
“hostPort”: 80,
“containerPort”: 80
}
],
“command”: null,
“environment”: [],
“essential”: true,
“entryPoint”: null,
“links”: [],
“mountPoints”: [
{
“containerPath”: “/usr/local/apache2/htdocs”,
“sourceVolume”: “my-vol”,
“readOnly”: null
}
],
“memory”: 300,
“name”: “simple-app”,
“cpu”: 10,
“image”: “httpd:2.4”
},
{
“volumesFrom”: [
{
“readOnly”: null,
“sourceContainer”: “simple-app”
}
],
“portMappings”: [],
“command”: [
“/bin/sh -c \”while true; do echo ‘Amazon ECS Sample App
Amazon ECS Sample App
Congratulations!
Your application is now running on a container in Amazon ECS.
‘ > top; /bin/date > date ; echo ‘
‘ > bottom; cat top date bottom > /usr/local/apache2/htdocs/index.html ; sleep 1; done\””
],
“environment”: [],
“essential”: false,
“entryPoint”: [
“sh”,
“-c”
],
“links”: [],
“mountPoints”: [],
“memory”: 200,
“name”: “busybox”,
“cpu”: 10,
“image”: “busybox”
}
],
“volumes”: [
{
“host”: {
“sourcePath”: null
},
“name”: “my-vol”
}
],
“family”: “console-sample-app-static”
}
3) I guess you can not patch the container that is created from AWS docker images, as I don’t see any yum file or directory within the container that is based on httpd:latest image. Replacing the container with a new one might be their way. In the in-house environment, I can patch the container that is created from the Redhat provided RHEL docker image.
This is on AWS:
hostname; ip addr show eth0
6ecda488108c
44: eth0: <BROADCAST,UP,LOWER_UP> mtu 9001 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:17 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.23/16 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:17/64 scope link
valid_lft forever preferred_lft forever
ls /etc/yum*
ls: cannot access /etc/yum*: No such file or directory
hostname; ip addr show eth0
fa3339efba15
48: eth0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:18 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.24/16 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:18/64 scope link
valid_lft forever preferred_lft foreveryum update
Loaded plugins: product-id, subscription-manager
Resolving Dependencies
–> Running transaction check
—> Package libxml2.x86_64 0:2.9.1-5.el7_0.1 will be updated
—> Package libxml2.x86_64 0:2.9.1-5.el7_1.2 will be an update
—> Package libxml2-python.x86_64 0:2.9.1-5.el7_0.1 will be updated
4) I noticed that the task/containers that has been deleted from the AWS console are actually still on the host, but with ‘exited’ status. I can start the container in the host by typing ‘docker start ‘, but the AWS console does not show the manually started container. So always using the console might be a better idea to keep the environment consistent.
5) To support ECS, AWS CLI has to be 1.7.21 or greater.
[jchen@mylab]$ aws –version
aws-cli/1.7.23 Python/2.7.8 Linux/3.19.3-100.fc20.x86_64
[jchen@mylab software]$ aws ecs list-clusters
{
“clusterArns”: [
“arn:aws:ecs:us-west-2:092666830250:cluster/default”
]
}
[jchen@mylab software]$ aws ecs list-services
{
“serviceArns”: [
“arn:aws:ecs:us-west-2:092666830250:service/sample-web”
]
}
————————————————————————-
Linux ip-10-0-0-176 3.14.35-28.38.amzn1.x86_64 #1 SMP Wed Mar 11 22:50:37 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux[ec2-user@ip-10-0-0-176 ~]$ docker version
Client version: 1.5.0
Client API version: 1.17
Go version (client): go1.3.3
Git commit (client): a8a31ef/1.5.0
OS/Arch (client): linux/amd64
Server version: 1.5.0
Server API version: 1.17
Go version (server): go1.3.3
Git commit (server): a8a31ef/1.5.0
[ec2-user@ip-10-0-0-176 ~]$ rpm -qa | wc -l
209
[ec2-user@ip-10-0-0-176 ~]$ rpm -qa | grep docker
docker-1.5.0-1.8.amzn1.x86_64
[ec2-user@ip-10-0-0-176 ~]$ yum repolist
Loaded plugins: priorities, update-motd, upgrade-helper
repo id repo name status
!amzn-main/2015.03 amzn-main-Base 5,302
!amzn-updates/2015.03 amzn-updates-Base 226
repolist: 5,528
[root@ip-10-0-0-176 ecs]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ffc669160db2 busybox:buildroot-2014.02 “\”sh -c ‘/bin/sh -c 6 minutes ago Up 6 minutes ecs-console-sample-app-static-3-busybox-eaabb4a8c3a8f0926300
d739dcd26c1a httpd:2 “httpd-foreground” 6 minutes ago Up 6 minutes 0.0.0.0:80->80/tcp ecs-console-sample-app-static-3-simple-app-caddc3cac587e492a601
2bd7532a4c3d amazon/amazon-ecs-agent:latest “/agent” 58 minutes ago Up 58 minutes 127.0.0.1:51678->51678/tcp ecs-agent
[root@ip-10-0-0-176 ecs]# docker exec -it ecs-agent /agent -version
Amazon ECS Agent:
Version: 1.0.0
Commit: 4023248
DockerVersion: 1.5.0
[root@ip-10-0-0-176 ecs]# netstat -anp | grep 51678
tcp 0 0 127.0.0.1:51678 0.0.0.0:* LISTEN 2401/docker-proxy
[root@ip-10-0-0-176 ecs]# ps aux | grep docker-proxy
root 2401 0.0 0.5 219392 6084 ? Sl 02:20 0:00 docker-proxy -proto tcp -host-ip 127.0.0.1 -host-port 51678 -container-ip 172.17.0.2 -container-port 51678
root 3367 0.0 0.5 219392 6092 ? Sl 03:11 0:00 docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.17.0.6 -container-port 80
[root@ip-10-0-0-176 ecs]# docker stats $(docker ps -qa)
CONTAINER CPU % MEM USAGE/LIMIT MEM % NET I/O
0598c1994e7c 0.00% 0 B/0 B 0.00% 0 B/0 B
2bd7532a4c3d 0.07% 10.07 MiB/996.3 MiB 1.01% 124.2 KiB/60.43 KiB
d739dcd26c1a 0.04% 8.773 MiB/300 MiB 2.92% 1.56 KiB/1.674 KiB
ffc669160db2 0.06% 1.246 MiB/200 MiB 0.62% 550 B/648 B
Jackie Chen's IT Workshop 
Thanks for sharing this- good stuff! Keep up the great work, we look forward to reading more from you in the future!