Learn With Me: AWS ECS Network Modes (Part 1)
Getting My Head Around AWS ECS
Hi, cosmonauts! 🧑🚀👋
Apparently, I’ve written one post, and what I thought was short is definitely a long one.
Anyway, let’s jump straight into it.
Since I’ve watched Adrian Cantrill’s SAA-C03 videos about Containers & ECS, it definitely reminded me of my past mentor.
“Ivan, what made you think of your past mentor?”
He advised me to make use of Elastic Container Service (ECS) instead of having to manage my own EC2 Docker instances.
“Really?!?”
Let the man cook…
Intro to Amazon Elastic Container Service (ECS)
According to AWS documentation,
“Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service that helps you to more efficiently deploy, manage, and scale containerized applications.”
Of course, after reading that one full-packed sentence…
I went to the AWS console, tried ECS, and…
Ooooh, hell no!
“Ivan, should we proceed?”
Yes, but before we dive in, it's important to note that ECS supports two launch types: Fargate and EC2.
In this guide, we will be focusing on ECS running on EC2 instances—where you manage the infrastructure while ECS handles container orchestration.
Now, let’s start by covering how network mode works in ECS and introduce awsvpc, the AWS-recommended network mode.
Network Mode and awsvpc
Network mode determines how networking is configured for your containerized applications in ECS.
As I would define it, the awsvpc network mode assigns each task an Elastic Network Interface (ENI), which is then attached to the underlying EC2 instance running the task. This allows the task to have its own private IP address within the Virtual Private Cloud (VPC).
Let me show you a simple illustration.
When you create a new task, a new ENI is allocated to the task and attached to the EC2 instance hosting it.
You can verify this by checking the Network Interfaces section of the selected EC2 instance in the AWS console.
For example, here’s a curl response from an isolated task with a web app running on port 8080.
API Failure
While creating the awsvpc tasks, you may encounter a similar problem that says, “Reason: RESOURCE: ENI.”
“Wooo, how were you able to solve it, Ivan?”
It means that the ENI to be created has already exceeded its instance type limit.
E.g., if you have a t2.micro, you can only have a maximum of 2 network interfaces. This means you can only run 1 awsvpc task on a t2.micro instance.
For more info about the limits of the network interfaces per instance type, you can check this AWS documentation.
Wrapping Up
In this newsletter, we explored how Amazon Elastic Container Service (ECS) allows you to run containerized applications without manually managing EC2 Docker instances. We also examined network mode, particularly awsvpc.
Recap
Amazon ECS: A fully managed container orchestration service that lets you deploy, manage, and scale containerized applications.
Network Mode: Defines how networking is configured for your containerized applications in ECS.
awsvpc: A network mode that assigns each task an Elastic Network Interface (ENI), providing it with a dedicated private IP address within your VPC, just like an EC2 instance.
Never forget, cosmonauts—keep launching and learning! 🚀
References
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/Welcome.html
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/api_failures_messages.html
https://docs.aws.amazon.com/ec2/latest/instancetypes/gp.html#gp_network