1
00:00:00,330 --> 00:00:01,930
‫So welcome to the first part

2
00:00:01,930 --> 00:00:05,910
‫of this ECS demo. And to create an ECS service,

3
00:00:05,910 --> 00:00:09,180
‫I first need to go ahead and create a task definition.

4
00:00:09,180 --> 00:00:11,490
‫So let's create a new task definition

5
00:00:11,490 --> 00:00:16,230
‫and task definition indicates how to create an ECS task.

6
00:00:16,230 --> 00:00:21,160
‫So this one will be nginxdemos-hello.

7
00:00:21,160 --> 00:00:23,200
‫And that's the name of the image I'm going to use.

8
00:00:23,200 --> 00:00:25,600
‫So if you type nginxdemos-hello,

9
00:00:25,600 --> 00:00:28,090
‫you find a docker image from dockerhub.

10
00:00:28,090 --> 00:00:29,430
‫And this image we're going to be using.

11
00:00:29,430 --> 00:00:32,180
‫So I can copy this right here.

12
00:00:32,180 --> 00:00:35,107
‫So the name of this is

13
00:00:35,107 --> 00:00:37,820
‫nginxdemos-hello.

14
00:00:37,820 --> 00:00:38,840
‫And the image URI,

15
00:00:38,840 --> 00:00:40,870
‫I have the one thing that I copy and pasted

16
00:00:40,870 --> 00:00:42,320
‫including the slash.

17
00:00:42,320 --> 00:00:45,130
‫So that's my first and only essential container

18
00:00:45,130 --> 00:00:48,390
‫in this definition and it's going to create

19
00:00:48,390 --> 00:00:51,230
‫an HTTP server that will be binded to port 80.

20
00:00:51,230 --> 00:00:53,500
‫So I could have container port as 80.

21
00:00:53,500 --> 00:00:55,760
‫I will not add any environment variables

22
00:00:55,760 --> 00:00:57,450
‫and I will not add any more containers.

23
00:00:57,450 --> 00:00:59,520
‫So I will leave everything as default.

24
00:00:59,520 --> 00:01:00,720
‫Then for the app environment

25
00:01:00,720 --> 00:01:04,430
‫I can choose either Fargate or Amazon EC2 instances.

26
00:01:04,430 --> 00:01:06,730
‫So if we set Fargate, we're going to launch task directly

27
00:01:06,730 --> 00:01:09,520
‫in serverless mode or Amazon instances,

28
00:01:09,520 --> 00:01:11,890
‫we're going to launch a task on Amazon EC2 instances

29
00:01:11,890 --> 00:01:13,930
‫that we launched before.

30
00:01:13,930 --> 00:01:14,810
‫To keep things simple,

31
00:01:14,810 --> 00:01:17,753
‫I'm going to use only the AWS Fargate mode right here.

32
00:01:18,750 --> 00:01:21,550
‫Next we need to choose a system, so Linux is great.

33
00:01:21,550 --> 00:01:25,410
‫And then a task size, so I can choose 0.5 CPU

34
00:01:25,410 --> 00:01:27,627
‫as well as one gigabytes of RAM. Okay.

35
00:01:27,627 --> 00:01:32,120
‫So this is how much CPU and RAM we allocate to each task.

36
00:01:32,120 --> 00:01:34,740
‫We could go less, but this is a good idea.

37
00:01:34,740 --> 00:01:37,150
‫And if you wanted to have more memory, of course

38
00:01:37,150 --> 00:01:39,980
‫you could scroll down and add up to 30 gigabytes of memory,

39
00:01:39,980 --> 00:01:42,980
‫for example. Okay. More importantly,

40
00:01:42,980 --> 00:01:44,880
‫if that task was, for example

41
00:01:44,880 --> 00:01:47,400
‫doing API calls into Amazon S3,

42
00:01:47,400 --> 00:01:49,920
‫then we could add an IAM task role.

43
00:01:49,920 --> 00:01:53,460
‫And this IAM task role would allow us to run API calls

44
00:01:53,460 --> 00:01:55,290
‫against the AWS services.

45
00:01:55,290 --> 00:01:56,750
‫But right now, because we're just running

46
00:01:56,750 --> 00:02:01,120
‫a simple HTTP server, we don't need to do anything else.

47
00:02:01,120 --> 00:02:03,160
‫In terms of storage, we can leave everything as is.

48
00:02:03,160 --> 00:02:04,950
‫The task will come with 20 gigabytes

49
00:02:04,950 --> 00:02:08,920
‫of ephemeral storage from Fargate, so we're good.

50
00:02:08,920 --> 00:02:12,830
‫And in terms of everything else, we won't touch it.

51
00:02:12,830 --> 00:02:13,820
‫So we review and create

52
00:02:13,820 --> 00:02:16,830
‫and we have defined our first task definition family

53
00:02:16,830 --> 00:02:18,753
‫called the nginxdemos-hello.

54
00:02:20,420 --> 00:02:22,380
‫So let's create this.

55
00:02:22,380 --> 00:02:24,923
‫And now the task definition is being created.

56
00:02:25,820 --> 00:02:27,230
‫So next what I want to do is

57
00:02:27,230 --> 00:02:30,350
‫to actually run this task definition in a service

58
00:02:30,350 --> 00:02:33,040
‫behind a load balancer, and as such,

59
00:02:33,040 --> 00:02:35,740
‫I need to define two kinds of security groups.

60
00:02:35,740 --> 00:02:37,180
‫So if I go into security groups,

61
00:02:37,180 --> 00:02:39,650
‫I'm going to create a new security group

62
00:02:39,650 --> 00:02:41,380
‫and I will call this one sg-alb-ecs

63
00:02:43,840 --> 00:02:47,630
‫which is my ALB for ECS SG.

64
00:02:47,630 --> 00:02:51,110
‫And in inbound rule, I will allow to connect to port 80

65
00:02:51,960 --> 00:02:56,130
‫from Anywhere- IPv6

66
00:02:56,130 --> 00:02:58,030
‫and Anywhere- IPv4

67
00:02:58,930 --> 00:03:00,383
‫to make sure I can connect.

68
00:03:02,090 --> 00:03:02,923
‫Okay.

69
00:03:03,840 --> 00:03:07,560
‫And then I will create this security group

70
00:03:07,560 --> 00:03:09,420
‫and it cannot begin by this.

71
00:03:09,420 --> 00:03:11,753
‫So alb-ecs-sg.

72
00:03:14,240 --> 00:03:17,370
‫Perfect. So this security group has been created.

73
00:03:17,370 --> 00:03:19,320
‫And the second security group I need to create

74
00:03:19,320 --> 00:03:21,470
‫is the one for my ECS task.

75
00:03:21,470 --> 00:03:26,470
‫So I'll call this one nginx-demo-sg

76
00:03:27,640 --> 00:03:31,030
‫and we're going to allow inbound rule on anywhere

77
00:03:32,321 --> 00:03:35,110
‫but coming from a specific security group

78
00:03:35,110 --> 00:03:36,730
‫which is my alb-ecs-sg.

79
00:03:38,100 --> 00:03:42,010
‫So allow traffic from the ALB, which is very similar setup

80
00:03:42,010 --> 00:03:44,790
‫to what we had when we had EC2 instances.

81
00:03:44,790 --> 00:03:48,040
‫Okay. And then I will choose all TCP.

82
00:03:48,040 --> 00:03:50,520
‫So all TCP on the security group.

83
00:03:50,520 --> 00:03:55,483
‫Okay. Let's create this one and SG for NGINX.

84
00:03:59,240 --> 00:04:01,070
‫So now that I've created two security groups,

85
00:04:01,070 --> 00:04:03,800
‫we can go ahead and create our first service.

86
00:04:03,800 --> 00:04:07,030
‫So back into ECS, I will go in clusters,

87
00:04:07,030 --> 00:04:12,030
‫find my DemoCluster, and then under services I will create

88
00:04:12,150 --> 00:04:14,270
‫and deploy a new service.

89
00:04:14,270 --> 00:04:17,180
‫So the deployment configuration is going to be

90
00:04:17,180 --> 00:04:19,470
‫of type 'service' because we are launching

91
00:04:19,470 --> 00:04:24,050
‫a long-running computing work that is a web application.

92
00:04:24,050 --> 00:04:26,760
‫But if you wanted to start a standalone task that runs

93
00:04:26,760 --> 00:04:28,930
‫and terminates, for example, a batch job,

94
00:04:28,930 --> 00:04:31,940
‫then you would use the 'task' application type.

95
00:04:31,940 --> 00:04:34,810
‫So we'll use service and we'll specify a family

96
00:04:34,810 --> 00:04:37,980
‫which is the one we created, the nginxdemos-hello,

97
00:04:37,980 --> 00:04:40,820
‫as well as a revision number, which is one, the latest.

98
00:04:40,820 --> 00:04:43,340
‫Service name is going to be called nginxdemos,

99
00:04:44,460 --> 00:04:48,490
‫and we for now want only one desired tasks.

100
00:04:48,490 --> 00:04:51,920
‫For deployment options, we can leave this as default.

101
00:04:51,920 --> 00:04:54,470
‫Now for load balancing, yes, we do want a load balancer

102
00:04:54,470 --> 00:04:57,460
‫and we want an application load balancer to be working

103
00:04:57,460 --> 00:04:59,820
‫and let's go ahead and create it.

104
00:04:59,820 --> 00:05:01,930
‫So I'll call this one DemoALBForECS.

105
00:05:05,210 --> 00:05:07,330
‫It's going to listen on port 80

106
00:05:07,330 --> 00:05:09,490
‫and then we need to have a target group name.

107
00:05:09,490 --> 00:05:12,960
‫So this one is gonna be called nginx-ecs

108
00:05:12,960 --> 00:05:15,150
‫and the protocol as HTTP.

109
00:05:15,150 --> 00:05:16,983
‫The health check path is slash,

110
00:05:18,360 --> 00:05:22,483
‫and the health grace period is, let's say, 20 seconds.

111
00:05:24,120 --> 00:05:27,603
‫For networking, so this is for our ALB right here,

112
00:05:28,510 --> 00:05:33,340
‫and for networking, we can select a security group

113
00:05:33,340 --> 00:05:35,300
‫that is already existing.

114
00:05:35,300 --> 00:05:37,130
‫And the one that we are going to use

115
00:05:37,130 --> 00:05:40,820
‫is going to be the nginx-demo-sg, which is a security group

116
00:05:40,820 --> 00:05:44,113
‫that's going to be attached directly into our Fargate tasks.

117
00:05:45,040 --> 00:05:48,503
‫And we'll leave public IP enabled and now click on deploy.

118
00:05:49,550 --> 00:05:50,610
‫So what's going to happen now

119
00:05:50,610 --> 00:05:53,110
‫is that our service is going to be deployed,

120
00:05:53,110 --> 00:05:55,980
‫a load balancer is going to be created,

121
00:05:55,980 --> 00:05:58,740
‫and then let's observe the results.

122
00:05:58,740 --> 00:06:01,840
‫Okay, so my service has been deployed successfully.

123
00:06:01,840 --> 00:06:04,110
‫Now let's have a look to see if everything is working.

124
00:06:04,110 --> 00:06:06,690
‫So I'm gonna go under nginxdemos,

125
00:06:06,690 --> 00:06:10,100
‫and as you can see, one task is active

126
00:06:10,100 --> 00:06:12,470
‫and it looks like it was registered.

127
00:06:12,470 --> 00:06:15,780
‫So if we go back into the EC2 management console

128
00:06:15,780 --> 00:06:19,284
‫and go under load balancers,

129
00:06:19,284 --> 00:06:21,780
‫there's my load balancer right here.

130
00:06:21,780 --> 00:06:24,618
‫And if we look at the settings,

131
00:06:24,618 --> 00:06:26,870
‫the security group that was attached to it is the wrong one,

132
00:06:26,870 --> 00:06:29,130
‫it's the nginx-demo-sg.

133
00:06:29,130 --> 00:06:33,230
‫But we want to attach the alb-ecs-sg

134
00:06:33,230 --> 00:06:36,500
‫to be able to access our load balancer.

135
00:06:36,500 --> 00:06:39,480
‫Okay. So now we assigned the correct security group.

136
00:06:39,480 --> 00:06:44,193
‫Now let's go and open this URL for our load balancer.

137
00:06:46,890 --> 00:06:48,530
‫And now it says, refuse to connect.

138
00:06:48,530 --> 00:06:51,950
‫So that means that it's connecting to the ALB

139
00:06:51,950 --> 00:06:55,030
‫but the ALB is not connecting to the ECS tasks.

140
00:06:55,030 --> 00:06:56,970
‫So it took me a while to figure that one out.

141
00:06:56,970 --> 00:06:58,520
‫But if you go to listeners,

142
00:06:58,520 --> 00:07:02,010
‫somehow the listener ID was on port HTTP 79.

143
00:07:02,010 --> 00:07:05,660
‫I'm not sure why, maybe it's a bug from the new UI of ECS.

144
00:07:05,660 --> 00:07:10,030
‫But what I should be setting is port HTTP on port 80

145
00:07:10,030 --> 00:07:13,410
‫right here in my listener detail. And that should fix it.

146
00:07:13,410 --> 00:07:15,080
‫So let's save my changes.

147
00:07:15,080 --> 00:07:19,070
‫Now, my ALB is connected to the right listener port

148
00:07:20,180 --> 00:07:23,053
‫and let's go back in here and refresh this page.

149
00:07:25,130 --> 00:07:26,810
‫And very soon, I should wait a little bit.

150
00:07:26,810 --> 00:07:28,600
‫Here we go, perfect.

151
00:07:28,600 --> 00:07:31,280
‫We are connected to the nginx web server

152
00:07:31,280 --> 00:07:32,470
‫running on the ECS task.

153
00:07:32,470 --> 00:07:35,550
‫And we get the server address, the binding port,

154
00:07:35,550 --> 00:07:38,440
‫the server name, as well as the date right now.

155
00:07:38,440 --> 00:07:40,897
‫And the URL we hit. So if we hit slash test,

156
00:07:40,897 --> 00:07:44,450
‫we're going to get a slash test as well in here.

157
00:07:44,450 --> 00:07:45,910
‫Okay. So that's pretty good.

158
00:07:45,910 --> 00:07:49,980
‫So we have one ECS task running behind our load balancer

159
00:07:49,980 --> 00:07:52,520
‫in our ECS service. Okay.

160
00:07:52,520 --> 00:07:54,650
‫So if I go to services right here, it's there.

161
00:07:54,650 --> 00:07:56,490
‫But I can click on services

162
00:07:56,490 --> 00:07:58,210
‫and we can start scaling our service.

163
00:07:58,210 --> 00:08:00,820
‫So I can do edits, and then instead of one task,

164
00:08:00,820 --> 00:08:03,600
‫and this is going to cost you money if you do it by the way,

165
00:08:03,600 --> 00:08:07,010
‫so if you don't want to spend a lot, then don't do this,

166
00:08:07,010 --> 00:08:10,180
‫but I'm going to specify four tasks and update.

167
00:08:10,180 --> 00:08:15,180
‫So now we're launching four tasks in our ECS services

168
00:08:15,630 --> 00:08:17,070
‫and they're all running on Fargate.

169
00:08:17,070 --> 00:08:19,740
‫So very, very quickly four tasks are going to

170
00:08:19,740 --> 00:08:22,140
‫launch run at one out of four. Okay.

171
00:08:22,140 --> 00:08:25,400
‫But very quickly three tasks are in the pending states.

172
00:08:25,400 --> 00:08:28,650
‫And very, very soon, because it's running on Fargate,

173
00:08:28,650 --> 00:08:31,250
‫it's going to be provisioned and run right away.

174
00:08:31,250 --> 00:08:33,520
‫So this is the whole power of Fargate, it's serverless,

175
00:08:33,520 --> 00:08:36,820
‫and we don't have to manage EC2 infrastructure

176
00:08:36,820 --> 00:08:38,800
‫behind the scene to make it work.

177
00:08:38,800 --> 00:08:40,862
‫So, as you can see now, one, two,

178
00:08:40,862 --> 00:08:44,683
‫and then a last task is going to run very, very soon.

179
00:08:45,640 --> 00:08:49,870
‫So as you can see, it's quite quick to scale an ECS service.

180
00:08:49,870 --> 00:08:54,330
‫And what I can do now is go back to my load balancer

181
00:08:54,330 --> 00:08:57,130
‫and refresh this page. And as I refresh this page,

182
00:08:57,130 --> 00:09:01,491
‫as you can see, I am switching between my various ECS tasks

183
00:09:01,491 --> 00:09:02,890
‫in the back end.

184
00:09:02,890 --> 00:09:05,950
‫So it's working just like we did for EC2 instances

185
00:09:05,950 --> 00:09:07,810
‫but now we run docker containers

186
00:09:07,810 --> 00:09:11,030
‫and these docker containers can be whatever we want.

187
00:09:11,030 --> 00:09:15,280
‫So super good. We have now four ECS task running.

188
00:09:15,280 --> 00:09:17,660
‫And so if I refresh this page many times

189
00:09:17,660 --> 00:09:20,660
‫I'm going to switch between four instances

190
00:09:20,660 --> 00:09:22,830
‫which I find pretty awesome.

191
00:09:22,830 --> 00:09:25,660
‫And we were able to, with a bit of struggle,

192
00:09:25,660 --> 00:09:28,640
‫to launch an ECS service, ECS task,

193
00:09:28,640 --> 00:09:31,660
‫link it to a load balancer, and so on.

194
00:09:31,660 --> 00:09:34,167
‫So just to scale back this demo and save on cost,

195
00:09:34,167 --> 00:09:37,760
‫I'm going to take my service, I will edit it,

196
00:09:37,760 --> 00:09:40,600
‫and I will say I want zero number of tasks

197
00:09:40,600 --> 00:09:44,450
‫as a specified number which will allow me to scale back

198
00:09:44,450 --> 00:09:47,480
‫all my tasks back to zero, but still keep my setup

199
00:09:47,480 --> 00:09:49,320
‫in case I need it later on.

200
00:09:49,320 --> 00:09:52,040
‫So you can keep the service at zero tasks

201
00:09:52,040 --> 00:09:53,880
‫and they all going to be terminated.

202
00:09:53,880 --> 00:09:55,710
‫And you can keep the ALB for now,

203
00:09:55,710 --> 00:09:57,920
‫if you have one ALB running in your account,

204
00:09:57,920 --> 00:09:58,900
‫it doesn't cost you any money,

205
00:09:58,900 --> 00:10:01,810
‫but if you have more than one, you could also delete it.

206
00:10:01,810 --> 00:10:03,460
‫Okay. That's it for this lecture.

207
00:10:03,460 --> 00:10:06,460
‫I hope you liked it. And I will see you in the next lecture.