Scheduling tasks on Fargate is very similar to EC2. Here, we need to specify the launch-type value as FARGATE.
To schedule the same task on Fargate, run the following command:
$ ecs-cli compose up –create-log-groups –cluster cluster-1 –launch-type FARGATE FATA[0001] ClientException: Fargate only supports network mode ‘awsvpc’.
Oops! We have a problem! Well, it’s complaining about the network type. For a Fargate task, we must supply the network type as awsvpc instead of the default bridge network. The awsvpc network is an overlay network that implements the Container Network Interface (CNI). To understand more about Docker networking, please refer to Chapter 1, The Modern Way of DevOps. For now, let’s go ahead and configure the awsvpc network type. But before that, the Fargate task requires a few configurations.
To access the resources for this section, cd into the following directory:
$ cd ~/modern-devops/ch7/ECS/tasks/FARGATE/
First, we’ll have to assume a task execution role for the ECS agent to authenticate with the AWS API and interact with Fargate.
To do so, create the following task-execution-assume-role.json file:
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Sid”: “”,
“Effect”: “Allow”,
“Principal”: {
“Service”: “ecs-tasks.amazonaws.com”
},
“Action”: “sts:AssumeRole”
}
]
}
Then, use the following command to assume the task execution role:
$ aws iam –region us-east-1 create-role –role-name ecsTaskExecutionRole \ –assume-role-policy-document file://task-execution-assume-role.json
ECS provides a default role policy called AmazonECSTaskExecutionRolePolicy, which contains various permissions that help you interact with CloudWatch and Elastic Container Registry (ECR). The following JSON code outlines the permission that the policy has:
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: [
“ecr:GetAuthorizationToken”,
“ecr:BatchCheckLayerAvailability”,
“ecr:GetDownloadUrlForLayer”,
“ecr:BatchGetImage”,
“logs:CreateLogStream”,
“logs:PutLogEvents”
],
“Resource”: “*”
}
]
}
We have to assign this role policy to the ecsTaskExecution role we assumed previously by using the following command:
$ aws iam attach-role-policy \
–policy-arn arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy \ –role-name ecsTaskExecutionRole
Once we’ve assigned the policy to the ecsTaskExecution role, we need to source the ID of both subnets and the security group of the ECS cluster when we created it. You can find those details in the command-line output from when we created the cluster. We will use these details in the following ecs-params.yml file:
version: 1
task_definition:
task_execution_role: ecsTaskExecutionRole
ecs_network_mode: awsvpc
task_size:
mem_limit: 0.5GB
cpu_limit: 256
run_params:
network_configuration:
awsvpc_configuration:
subnets:
“subnet-088b52c91a6f40fd7”
“subnet-032cd63290da67271” security_groups:
“sg-097206175813aa7e7” assign_public_ip: ENABLED
The ecs-params.yml file consists of task_execution_role, which we created, and ecs_ network_mode set to awsvpc, as Fargate requires. We’ve defined task_size to have 0.5GB of memory and 256 millicores of CPU. So, since Fargate is a serverless solution, we only pay for the CPU cores and memory we consume. The run_params section consists of network_configuration, which contains awsvpc_configuration. Here, we specify both subnets created when we created the ECS cluster. We must also specify security_groups, which we created with the ECS cluster.
Note
Use the subnets and security groups of your ECS cluster instead of copying the ones in this example.
Now that we’re ready to fire the task on Fargate, let’s run the following command:
$ ecs-cli compose up –create-log-groups –cluster cluster-1 –launch-type FARGATE
Now, let’s check whether the task is running successfully by using the following command:
$ ecs-cli ps –cluster cluster-1 Name State cluster-1/8717a149/web RUNNING
Ports TaskDefinition
3.80.173.230:80 FARGATE:1
As we can see, the task is running on 3.80.173.230:80 as a Fargate task. Let’s curl this URL to see whether we get a response by using the following command:
$ curl 3.80.173.230:80
Welcome to nginx! …
As we can see, we get the default nginx home page.
Now, let’s go ahead and delete the task we created by using the following command:
$ ecs-cli compose down –cluster cluster-1
As we already know, tasks have a set life cycle, and once they stop, they stop. You cannot start the same task again. Therefore, we must create a service to ensure that a certain number of tasks are always running. We’ll create a service in the next section.
