My first look at AWS container service

First of all, unfortunately AWS ECS (EC2 Container Service) currently is not available in Australia. I guess it is not a surprise. As it happened to some other AWS products in the past as well.

Simply speaking, ECS provides container (docker) service on top of EC2 without extra cost. So most EC2 supported features are available in ECS as well, eg. clustering, ELB, auto scale and monitoring.

I created my first ECS container instance in the US region, and had a bit play with it. Here are my notes:

1) AWS provides ECS-optimized AMI. It basically is a EC2 instance – Amazon Linux with docker installed, and has the ecs agent which itself is a container as well. User should be able to use their own AMI as ECS container instance, as long as docker (1.5+) and AWS ECS container agent are installed. Also the ecs-agent container needs to be created as following (the cluster name is kept in the file /etc/ecs/ecs.config). I will try to use RHEL7 as the container host on AWS, see how it goes.

touch /etc/ecs/ecs.config; mkdir -p /var/log/ecs; docker run –name ecs-agent -d -v /var/run/docker.sock:/var/run/docker.sock -v /var/log/ecs:/log -p –env-file /etc/ecs/ecs.config -e ECS_LOGFILE=/log/ecs-agent.log amazon/amazon-ecs-agent

2) ECS uses json file to create task definition which includes one or more containers, it allows allocating CPU/RAM usage to each container, inter-connection between containers, mounting volume from host or other containers on the same host, port mapping… This is a sample of a task definition. It has two containers, one is the web server, the other is the busy box which generates a simple html page to display on the web-server container.

“taskDefinitionArn”: “arn:aws:ecs:us-west-2:092666830250:task-definition/console-sample-app-static:1”,
“revision”: 1,
“containerDefinitions”: [
“volumesFrom”: [],
“portMappings”: [
“hostPort”: 80,
“containerPort”: 80
“command”: null,
“environment”: [],
“essential”: true,
“entryPoint”: null,
“links”: [],
“mountPoints”: [
“containerPath”: “/usr/local/apache2/htdocs”,
“sourceVolume”: “my-vol”,
“readOnly”: null
“memory”: 300,
“name”: “simple-app”,
“cpu”: 10,
“image”: “httpd:2.4”
“volumesFrom”: [
“readOnly”: null,
“sourceContainer”: “simple-app”
“portMappings”: [],
“command”: [
“/bin/sh -c \”while true; do echo ‘Amazon ECS Sample App

Amazon ECS Sample App


Your application is now running on a container in Amazon ECS.

‘ > top; /bin/date > date ; echo ‘

‘ > bottom; cat top date bottom > /usr/local/apache2/htdocs/index.html ; sleep 1; done\””
“environment”: [],
“essential”: false,
“entryPoint”: [
“links”: [],
“mountPoints”: [],
“memory”: 200,
“name”: “busybox”,
“cpu”: 10,
“image”: “busybox”
“volumes”: [
“host”: {
“sourcePath”: null
“name”: “my-vol”
“family”: “console-sample-app-static”

3) I guess you can not patch the container that is created from AWS docker images, as I don’t see any yum file or directory within the container that is based on httpd:latest image. Replacing the container with a new one might be their way. In the in-house environment, I can patch the container that is created from the Redhat provided RHEL docker image.

This is on AWS:
hostname; ip addr show eth0
44: eth0: <BROADCAST,UP,LOWER_UP> mtu 9001 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:17 brd ff:ff:ff:ff:ff:ff
inet scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:17/64 scope link
valid_lft forever preferred_lft forever
ls /etc/yum*
ls: cannot access /etc/yum*: No such file or directory

This is in-house environment:
hostname; ip addr show eth0
48: eth0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:18 brd ff:ff:ff:ff:ff:ff
inet scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:18/64 scope link
valid_lft forever preferred_lft foreveryum update
Loaded plugins: product-id, subscription-manager
Resolving Dependencies
–> Running transaction check
—> Package libxml2.x86_64 0:2.9.1-5.el7_0.1 will be updated
—> Package libxml2.x86_64 0:2.9.1-5.el7_1.2 will be an update
—> Package libxml2-python.x86_64 0:2.9.1-5.el7_0.1 will be updated

4) I noticed that the task/containers that has been deleted from the AWS console are actually still on the host, but with ‘exited’ status. I can start the container in the host by typing ‘docker start ‘, but the AWS console does not show the manually started container. So always using the console might be a better idea to keep the environment consistent.

5) To support ECS, AWS CLI has to be 1.7.21 or greater.

[jchen@mylab]$ aws –version
aws-cli/1.7.23 Python/2.7.8 Linux/3.19.3-100.fc20.x86_64

[jchen@mylab software]$ aws ecs list-clusters
“clusterArns”: [
[jchen@mylab software]$ aws ecs list-services
“serviceArns”: [

Below are some details on AWS ECS container instalance
[ec2-user@ip-10-0-0-176 ~]$ uname -an
Linux ip-10-0-0-176 3.14.35-28.38.amzn1.x86_64 #1 SMP Wed Mar 11 22:50:37 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux[ec2-user@ip-10-0-0-176 ~]$ docker version
Client version: 1.5.0
Client API version: 1.17
Go version (client): go1.3.3
Git commit (client): a8a31ef/1.5.0
OS/Arch (client): linux/amd64
Server version: 1.5.0
Server API version: 1.17
Go version (server): go1.3.3
Git commit (server): a8a31ef/1.5.0

[ec2-user@ip-10-0-0-176 ~]$ rpm -qa | wc -l

[ec2-user@ip-10-0-0-176 ~]$ rpm -qa | grep docker

[ec2-user@ip-10-0-0-176 ~]$ yum repolist
Loaded plugins: priorities, update-motd, upgrade-helper
repo id                                                           repo name                                                     status
!amzn-main/2015.03                                                amzn-main-Base                                                5,302
!amzn-updates/2015.03                                             amzn-updates-Base                                               226
repolist: 5,528

[root@ip-10-0-0-176 ecs]# docker ps
CONTAINER ID        IMAGE                            COMMAND                CREATED             STATUS              PORTS                        NAMES
ffc669160db2        busybox:buildroot-2014.02        “\”sh -c ‘/bin/sh -c   6 minutes ago       Up 6 minutes                                     ecs-console-sample-app-static-3-busybox-eaabb4a8c3a8f0926300
d739dcd26c1a        httpd:2                          “httpd-foreground”     6 minutes ago       Up 6 minutes>80/tcp           ecs-console-sample-app-static-3-simple-app-caddc3cac587e492a601
2bd7532a4c3d        amazon/amazon-ecs-agent:latest   “/agent”               58 minutes ago      Up 58 minutes>51678/tcp   ecs-agent

[root@ip-10-0-0-176 ecs]# docker exec -it ecs-agent /agent -version
Amazon ECS Agent:
Version: 1.0.0
Commit: 4023248
DockerVersion: 1.5.0

[root@ip-10-0-0-176 ecs]# netstat -anp | grep 51678
tcp        0      0   *                   LISTEN      2401/docker-proxy

[root@ip-10-0-0-176 ecs]# ps aux | grep docker-proxy
root      2401  0.0  0.5 219392  6084 ?        Sl   02:20   0:00 docker-proxy -proto tcp -host-ip -host-port 51678 -container-ip -container-port 51678
root      3367  0.0  0.5 219392  6092 ?        Sl   03:11   0:00 docker-proxy -proto tcp -host-ip -host-port 80 -container-ip -container-port 80

[root@ip-10-0-0-176 ecs]# docker stats $(docker ps -qa)
CONTAINER           CPU %               MEM USAGE/LIMIT       MEM %               NET I/O
0598c1994e7c        0.00%               0 B/0 B               0.00%               0 B/0 B
2bd7532a4c3d        0.07%               10.07 MiB/996.3 MiB   1.01%               124.2 KiB/60.43 KiB
d739dcd26c1a        0.04%               8.773 MiB/300 MiB     2.92%               1.56 KiB/1.674 KiB
ffc669160db2        0.06%               1.246 MiB/200 MiB     0.62%               550 B/648 B


One thought on “My first look at AWS container service

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s