amazon-ecs

Given a process that creates a large linux kernel page cache via mmap'd files, running in a docker container (cgroup) with a memory limit causes kernel slab allocation errors: Jul 18 21:29:01 ip-10-10-17-135 kernel: [186998.252395] SLUB: Unable to allocate memory on node -1 (gfp=0x2080020) Jul 18 21:29:01 ip-10-10-17-135 kernel: [186998.252402] cache: kmalloc-2048(2412:6c2c4ef2026a77599d279450517cb061545fa963ff9faab731daab2a1f672915), object size: 2048, buffer size: 2048, default order: 3, min order: 0 Jul 18 21:29:01 ip-10-10-17-135 kernel: [186998.252407] node 0: slabs: 135, objs: 1950, free

I am running docker-nginx on ECS server. My nginx service is suddenly stopped because the proxy_path of one of the servers got unreachable. The error is as follows: [emerg] 1#1: host not found in upstream "dev-example.io" in /etc/nginx/conf.d/default.conf:988 My config file is as below: server { listen 80; server_name test.com; location / { proxy_pass http://dev-exapmle.io:5016/; proxy_redirect off; ##proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 10m; client_body_buffer_size 128k; proxy

I have a cluster in AWS EC2 Container Service. When I've set it up, I used t2.micro instances because those were sufficient for development. Now I'd like to use more powerful instances, like m4.large. I would like to know whether it is possible to change the instance types only, so I don't need to recreate the whole cluster. I could not find how to do this. Yes, this is possible. The instance types in your cluster are determined by the 'Instance Type' setting within your Launch Configuration. To update the instance type without having to recreate the cluster: Make a copy of the cluster Launch

I'm confused about the purpose of having both hard and soft memory limits for ECS task definitions. IIRC the soft limit is how much memory the scheduler reserves on an instance for the task to run, and the hard limit is how much memory a container can use before it is murdered. My issue is that if the ECS scheduler allocates tasks to instances based on the soft limit, you could have a situation where a task that is using memory above the soft limit but below the hard limit could cause the instance to exceed its max memory (assuming all other tasks are using memory slightly below or equal to

In all tutorials for ECS you need to create a cluster and after that an autoscaling group, that will spawn instances. Somehow in all these tutorials the instances magically show up in the cluster, but noone gives a hint what's connecting the autoscaling group and the cluster. my autoscaling group spawns instances as expected, but they just dont show up on my ecs cluster, who holds my docker definitions. Where is the connection I'm missing? I was struggling with this for a while. The key to getting the instances in the autoscaling group associated with your ECS cluster is in the user data. When

I'm building a system consisting of an Angular2 single page app and a REST API running on ECS. The API runs on .Net/ Nancy , but that might well change. I would like to give Cognito a try and this is how I imagined the authentication workflow: SPA signs in user and receives a JWT SPA sends JWT to REST API with every request REST API verfies that the JWT is authentic My question is about step 3. How can my server (or rather: my stateless, auto-scaled, load-balanced Docker containers) verify that the token is authentic? Since the "server" hasn't issued the JWT itself, it can't use its own secret

I'm just getting started on AWS EC2. I understand that EC2 is like a remote computer where I can do pretty much everything I want. Then I found out about ECS. I know it uses Docker, but I'm confused about the relationship between these two. Is ECS just a Docker install in EC2? If I already have an EC2 and I start an ECS, does it mean I have two instances? Nabeel Ahmed Your question Is ECS just a docker install in EC2? If I already have a EC2, then I start a ECS, does it mean I have two instance? No. AWS ECS is just a logical grouping (cluster) of EC2 instances, and all the EC2 instances part

Docker containers behind ELB get dynamic ports which are auto registered with ELB so that they can get traffic redirected to them. In order to make your web servers accessible to ELB you have to open all these ports 1024 - 65535 originating from within your security group. Is there a way to not to have to open up a security group to a range of port but only to the pots that ELB is using? Security groups are never modified by AWS as this might cause conflicts and security issues. The only exception would be services such as Elastic Beanstalk. You'd likely have to do what the forum says and