amazon-ecs

问题 We are using ECS Farget container service for our ruby on rails containers. We have implemented NLB with HTTP health checks in the target group but as we know that "NLB Target Group health checks are out of control". This is consuming our CPU of each container up to 8% so we are thinking of to migrate HTTP HealthChecks to TCP HealthChecks. Can anyone comment on how TCP HealthCheck works??? Does it only connects to port for a health check or it's actually hit the API? Ref: NLB Target Group

问题 I've followed the AWS documentation on setting up XRAY for our Spring Boot application deployed on AWS ECS, but I'm not able to see the traces for my services in the AWS Console. Here's a high level view of the changes I've implemented: Added Role with Policy permissions to my EC2 "xray:BatchGetTraces", "xray:GetServiceGraph", "xray:GetTraceGraph", "xray:GetTraceSummaries", "xray:PutTelemetryRecords", "xray:PutTraceSegments" Added Tracing filter @Bean public Filter TracingFilter() { return

问题 I'm having trouble while trying to apply a modification on a ECS cluster. Particularities of the environment: Cluster has 2 services: blue and green. Currently both services are associated to an Application Load Balancer that is exposed to the Internet. What I want to do: add another ALB, in this case an internal one, to receive requests from private subnets in the VPC for the same service (same container, same port). When trying to apply those modifications I'm getting the following error:

问题 An AutoScalingGroup needs a LaunchConfiguration The problem is that the LaunchConfiguration requires things like ImageId and other parameters which I do not have since I am using containers. How should the LaunchConfiguration be configured when using ECS Fargate? AWS::AutoScaling::AutoScalingGroup https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html AWS::AutoScaling::LaunchConfiguration https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws

问题 I'm trying to access a S3 Bucket using the AWS JS SDK but without success. I got a task definition that uses a task role called Foo . This task role as an attached policy to access to the S3 Bucket: { "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject" ], "Resource": "arn:aws:s3:::foo-bucket" } ] } It says in the AWS Documentation about loading credentials from IAM roles for EC2 that I should configure my instance to use IAM roles

问题 We're using Amazon ECS for our services. We have a cluster called application and within that cluster, we have several services: - dev_app - dev_kafka - dev_zookeeper - qa_app - qa_kafka - qa_zookeeper - etc. And the services pull from task definitions that have correlating constraints, i.e., memberOf(attribute:env == qa), memberOf(attribute:role == zookeeper) We launch our instances via EC2 launch configurations + Autoscaling Groups. This means that our services can't actually auto-scale

问题 Even when I create EC2 instances in a private subnet, they must be able to send traffic to the Internet if I want to register them to a ECS cluster. I am using a NAT gateway to do this, but I still feel insecure that the instances can send private information to anywhere in case of takeover. What would be the most compact CIDR range that I can use for the instances' security group, instead of 0.0.0.0/0? 回答1: For the moment, you may have to rely on the list of public IP address ranges for AWS,

问题 I try to deploy and run a simple Dockerized Ruby backend using Amazon ECS by running a Task (defined by Task Definition) but it failed to run my command and returned this error: CannotPullContainerError: API error (400): invalid reference format I've tried to run a small Entrypoint command of echo "Hello" but it's returning the same error regardless it's exec form or shell form. I tried to run this command in my local terminal it's running well: $ docker-compose run job echo 'HELLO_WORLD'

问题 I have the following Terraform code to update a service with a new task definition: resource "aws_ecs_task_definition" "app_definition" { family = "my-family" container_definitions = "${data.template_file.task_definition.rendered}" network_mode = "bridge" } resource "aws_ecs_service" "app_service" { name = "my-service" cluster = "my-cluster" task_definition = "${aws_ecs_task_definition.app_definition.arn}" desired_count = "1" iam_role = "my-iam-role" } When updating my service, the last

问题 I would like to create a Managed Compute Environment for AWS Batch, but use EC2 User Data to configure the instances as they are brought into the ECS fleet that Batch is scheduling jobs onto. It shouldn't matter, but the purpose of the User Data script is to pull down large data files onto an InstanceStore that the Docker containers will reference. This is possible in ECS, but I have found no way to pass User Data to a Managed Batch Compute Environment. At most, I can specify the AMI. But