Amazon Elastic Container Service (ECS) with a Load Balancer | AWS Tutorial with New ECS Experience
Ғылым және технология
In a prior video ( • Containers with Amazon... ), I introduced you to the basics of working with the Elastic Container Service (ECS) on AWS. But in that video, we only used a single container, accessing it from the container’s public IP address.
In this video, we’ll make things more real-world, by running multiple containers and balancing traffic across them using an Application Load Balancer (ALB).
In a hands-on tutorial, we’ll create two security groups-one for the ALB and one for the ECS service. Then we’ll create an ECS cluster and task definition that pulls in an NGINX container from the Amazon Elastic Container Registry (ECR) Public Gallery. From there, we’ll create the ECS service, and while doing that, we’ll create the Application Load Balancer. But there’s a gotcha here! Make sure you stay to the end to find out how to get the load balancing working properly.
🌟🌟If you’re interested in getting AWS certifications, check out these full courses. They include lots of hands-on demos, quizzes and full practice exams. Use FRIENDS10 for a 10% discount!
- AWS Certified Cloud Practitioner: academy.zerotomastery.io/a/af...
- AWS Certified Solutions Architect Associate: academy.zerotomastery.io/a/af...
00:00 - Overviewing what we’ll be building, and the need for a load balancer with ECS
01:38 - Understanding the security groups we need to get the load balancer working in ECS
02:43 - Creating two security groups in the AWS Console
04:43 - Creating an ECS Cluster
05:38 - Creating a new task definition for NGINX
07:12 - Deploying the ECS service
08:30 - Creating the load balancer to work with the ECS service (warning: There’s a gotcha here!)
10:08 - Testing our load balancer
10:34 - The load balancer doesn’t work!
10:58 - Fixing the security groups so that our load balancer works
12:00 - Now the load balancer works with our ECS containers!
12:22 - Summarizing what we’ve built
12:33 - IMPORTANT!! Deleting your ECS task, service, cluster, task definition, load balancer and security groups
Пікірлер: 162
I love the way tutorials are structured with the concepts and some theory explained beyond the practice. Thanks!
@TinyTechnicalTutorials
Жыл бұрын
Awww, thanks so much for the nice comment! Glad they're helpful! 😊🙏
Man this is a really good breakdown of what you plan to do before you do it. Very good teaching style. I also like the fact that you always do a clean up of resources at the end. Keep it up.
@TinyTechnicalTutorials
Жыл бұрын
Thanks for such a nice comment, Derrick! So glad you're enjoying the videos. 😊
the explanation about the security groups and how they work was essential to my understanding about some issues I was facing during a ECS service setup. You rock! Nice job!
@TinyTechnicalTutorials
Жыл бұрын
Oh wonderful! I'm so glad it helped. Security groups are super important in AWS land. Thanks for watching! 😊
You rock!. The way you explain, I believe even anyone without any aws knowledge will understand easily how to setup things in aws. Your voice is so clear and interesting to follow. Please keep it up
@TinyTechnicalTutorials
Жыл бұрын
Thanks so much, Suresh!! Really appreciate the nice comment! 😊
Hi, just wanted to drop a comment to say thank you for this excellent tutorial. Your clear instructions saved my day at work! I really appreciate the effort you put into making these complex concepts so easy to understand. Keep up the great work!
@TinyTechnicalTutorials
Жыл бұрын
Hey Arif! 😊 Thanks so much for the nice comment...made my day! 🌟🙏🔥
Awesome video; thanks for sharing. I've been fighting with my task to make it accessible since yesterday, and then I found this, straight to the point and fixed my issue!
@TinyTechnicalTutorials
Жыл бұрын
Oh, fantastic! I'm so glad it helped. Thanks for watching! 😊
This is very good; a crystal clear explanation. I found it very useful to understand a training course I am doing. In the course, we constructed a more complex setup. A load balancer connected to a node.js container which in turn talks to a mongodb database. The database, however, is linked to another AWS resource; EFS, elastic file system. This saves the database data so that if the mongodb container goes down or is stopped, which would cause data stored within to be lost, the data is still held in the EFS.
@TinyTechnicalTutorials
Жыл бұрын
Oh, interesting! Nice redundancy there! 😎
Fantastic video, this is exactly what I was looking for. Thank you so much
@TinyTechnicalTutorials
Жыл бұрын
I'm so glad it helped! Thanks for watching! 😊
I love your teaching style. Less word but whatever you explain is relevant to the topic. Neat & explanation with demo. Appreciate your effort.
@TinyTechnicalTutorials
9 ай бұрын
Oh, you're very kind!!! Thanks so much for the support! 🙏🌟🤓
omg you just made this so easy, I've been suffering with all of this for months now, THANK YOU!!!
@TinyTechnicalTutorials
11 ай бұрын
YAY!!! I'm so glad it helped! Thanks for the nice comment. 🙏🌟🤓
The part about the two security groups save my life...
@TinyTechnicalTutorials
Жыл бұрын
I'm so glad!! :)
That was a great tutorial, I really appreciate it. Keep up the good work.
@TinyTechnicalTutorials
Жыл бұрын
Thanks so much, Marcin! Really glad it helped! 😊
Fantastic Video, coming from a Network Architect that's never used AWS before!
@TinyTechnicalTutorials
6 ай бұрын
Oh wonderful! I'm so glad it helped. Thanks for watching! 🙏🌟🤓
Hey thank you for the video and efforts! Loved it, first time finding you out, will definitely be sticking around for the other aws videos! 🔥
@TinyTechnicalTutorials
Жыл бұрын
Yay! Welcome to the channel, Liger! 😊
this is really helpful and it's working fine, you save me today- Thank you so much
@TinyTechnicalTutorials
Жыл бұрын
Great to hear!
This is very helpful tutorial. appreciated. Keep up the good work.
@TinyTechnicalTutorials
Жыл бұрын
Thanks for supporting the channel, Sandeep! 😊
Thanks , u saved my day I was stuck on it for 2 days and everytime the task failed but now following this tutorial it's is up and running
@TinyTechnicalTutorials
10 ай бұрын
Oh, I'm so glad!! That makes it all worth it! 🥰🔥
12/10 - This is so good! Thank you making it!! Subbed
@TinyTechnicalTutorials
7 ай бұрын
Thank you so much!! 🤓🌟🙏 Welcome to the channel!
Great Tutorial, clear and sweet voice.
@TinyTechnicalTutorials
7 ай бұрын
Thank you kindly!!! 😊🙏🌟
you are doing a great job
@TinyTechnicalTutorials
7 ай бұрын
Wow, thanks so much!! Really appreciate the support! 🙏🌟😊
Thanks! This is a really great tutorial video for beginners.
@TinyTechnicalTutorials
6 ай бұрын
Glad it was helpful! Thanks for watching! 🙏🤓🌟
Well explained , very helpful
@TinyTechnicalTutorials
4 ай бұрын
I'm so glad it helped!! Thanks for watching! 🤓🌟🙏
Thanks, it helped a lot
@TinyTechnicalTutorials
5 ай бұрын
I'm so glad! Thanks for watching! 🙏🌟🤓
Thank you so much! That was very helpful!
@TinyTechnicalTutorials
Жыл бұрын
I'm so glad! Thanks for watching! 😊🙏🥰
Great video! Thank you so much!
@TinyTechnicalTutorials
Жыл бұрын
Thanks so much for watching! Glad it was helpful! 😊
Amazing amazing content with excellent explaination
@TinyTechnicalTutorials
8 ай бұрын
Oh wow...thanks SO much!! This made my day. 🙏🌟🤓
Well explained...i understood easily. thank u so much .
@TinyTechnicalTutorials
Жыл бұрын
You bet! Thanks for watching! 😊🙏
What an amazing tutorial mam. Made me a fan of you. Thanks a lot.
@TinyTechnicalTutorials
10 ай бұрын
Thanks a lot!! 😊 Much appreciated.
@mrtalhaaa
10 ай бұрын
It's a request that please make a tutorial on managing EC2 cluster for ECS (alternative to Fargate) @@TinyTechnicalTutorials
@TinyTechnicalTutorials
10 ай бұрын
Great suggestion, Talha! I'll add this to my list. Thank you! 🙏🌟🤓
great teaching skill
@TinyTechnicalTutorials
6 ай бұрын
You're too kind!! Thanks so much for watching! 🙏🌟🤓
The best 👍🏼
@TinyTechnicalTutorials
3 ай бұрын
You're very kind!!! Thanks for watching! 🤓🙏🌟
You saved my life!
@TinyTechnicalTutorials
Ай бұрын
Yay! I'm so glad it was helpful. Thanks for watching, and for the nice comment! 🙏🌟🤓
very good, thanks
@TinyTechnicalTutorials
8 ай бұрын
You bet! Glad it helped! 🤓
amazing teaching skill. And I have been being an engineer for like 10 years : )
@TinyTechnicalTutorials
3 ай бұрын
Wow, thanks! Really appreciate the nice comment!! Thank you for watching! 🙏🤓🌟
Really appreciate it.
@TinyTechnicalTutorials
Жыл бұрын
You bet! Thanks for watching! 😊
Thank you really helpfull !!
@TinyTechnicalTutorials
Ай бұрын
Yay! I'm so glad it was helpful. Thanks for watching, and for the nice comment! 🙏🌟🤓
The best ever
@TinyTechnicalTutorials
10 ай бұрын
THANK YOU!!! 🙏🤓🌟
Thank you woman, you're amei-zing
@TinyTechnicalTutorials
2 ай бұрын
Thank you so much!! 🙏🌟🤓
Thank you , thank you You solve my biggest problem
@TinyTechnicalTutorials
Жыл бұрын
Oh, I'm so glad! Thanks for watching! 😊
I didnt know Meryl Streep is so knowledgeable with AWS! Hehe. Great video :)
@TinyTechnicalTutorials
6 ай бұрын
LOL!! That's the nicest compliment ever!! A belated thank you! 🥰🙏🌟
Thank you for putting together such a great, well-paced and narrated video on this topic. Is there any chance you would cover this same topic except for those situations where we might be launching into an Amazon ECS Optimized EC2 instance? I’m having some difficulty at the moment and am having difficulty finding any good documentation or videos explaining how to properly set things up. I’ve subscribed as I really enjoy your teaching style and hope to see you come out with more content!
@TinyTechnicalTutorials
Жыл бұрын
Thanks for such a nice comment! 🥰 Glad it was helpful. And I'll add your suggestions to my list for future videos. I appreciate the suggestion!
This video is out of amazon playlist
@TinyTechnicalTutorials
Жыл бұрын
Ooh, great catch! Just added it to the playlist. Thanks so much for letting me know! 🙏
Very clearly demonstrated. I guess the only criticism you might make, and it's slight, is that running an ALB constantly sort of defeats the purpose of using Fargate.
@TinyTechnicalTutorials
9 ай бұрын
Fair point! 👍🤓
Thank you. It's better than the best seller aws developer certification course on udemy.
@TinyTechnicalTutorials
11 ай бұрын
Wow, thanks! Really appreciate the nice comment! 😊🔥😎
I watched multiple videos for how ECS work, After watch this ..ya i got clarity Now, how to do AND your way of demo appreciate....So good and clear explanation ...... Thank you so much ...
@TinyTechnicalTutorials
Жыл бұрын
Oh, I'm so glad it helped! 💪 Thanks for the nice comment! 😊
Thank you so much! Could you please make a video on ECS EC2 launch type?
@TinyTechnicalTutorials
5 ай бұрын
Thanks for watching, Aakash! 🙏🌟🤓 I'll add this to my list for future videos...thanks for the suggestion!
Thank a lot, mam...
@TinyTechnicalTutorials
7 күн бұрын
You're very welcome! Thanks for watching, and for the nice comment! 🙏🤓🌟
Nice explanation could you please make a viedo on this part how can we start the service on ecs container and also how can we increase the desired value on any particular service
@TinyTechnicalTutorials
9 ай бұрын
Great suggestion! I'll add it to my list for future videos. Thanks for watching! 🌟🤓🙏
This is great. Do you have any tutorial on how to setup https/SSL on the load balancer ?
@TinyTechnicalTutorials
Жыл бұрын
Thanks, codegeek1001! So glad you liked it. :) I don't have any tutorials on setting up HTTPS/SSL for a load balancer, but maybe this will get you started? docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html
great explanation thank you, if i have two task definitions and deployed two services using those definitions, can i use the same load balancer to distribute the traffic to the correct service dependent on the host name ? note, launch type is ec2 asg
@TinyTechnicalTutorials
5 ай бұрын
Hey Ali! 👋 If I'm understanding the scenario, you should be able to do this using host-based rules on your load balancer/listener. Maybe this article will help? aws.plainenglish.io/host-based-routing-in-aws-application-load-balancers-d0e7b1e793ac
Helpful video, would recommend you expand on this where you use ECS with HTTPS / SSL since that is a common use-case and I don't see a good tutorial on KZread 👍
@TinyTechnicalTutorials
Жыл бұрын
Great suggestion--thanks, @joemac84! 😎🌟💪 I'll add this to my list!
Great job! I have a little question: It is possible to run a docker with multiple ports, for example backend have an API (:80) and WebSocket (:8099)? and then run all than on a Cluster/Service -> CloudFront -> Route53 to user access, or here you need to create 2 separated services? thanks.
@TinyTechnicalTutorials
Жыл бұрын
Thanks so much, Sasa! Glad you enjoyed it. :) Yes, it's possible to have multiple open ports on a container. Here's an article that might help: krishna-thotakura.medium.com/deploy-on-ecs-fargate-a-docker-container-that-exposes-multiple-ports-5c00035558e3
Hi, thank you for the great tutorial! One question: is that able to work if the load balancer and the Container have the same security group, which allows all traffic? It is not a good design, but I'd like to know if 2 different security groups are necessary for aws. Thanks!
@TinyTechnicalTutorials
6 ай бұрын
Thanks for watching, Chenyang! 🙏👋🌟 Yes, that should work. A security group is just a collection of protocols/ports, and can be used by different resources. But you're right...it would be better to keep them separate, so that if you need to change it for the load balancer, it won't break the containers. Hope that makes sense! 😊
Nice ✅
@TinyTechnicalTutorials
Жыл бұрын
Thanks! 🔥
@adventuresofa9jaguy322
Жыл бұрын
@@TinyTechnicalTutorials it's the first time Ill understand ECS. Kudos to you!
@TinyTechnicalTutorials
Жыл бұрын
I'm so glad! :)
Very nice demo! Liked!! Just the one part that you did not go over was the networking for the ECS service - the subnets.....were they public/private? I'm guessing they are private .. Overall, very nicely explained and I keep coming back to your channel for AWS demos !! Keep up the great work!
@TinyTechnicalTutorials
18 күн бұрын
Thanks for the kind words, Bhakta, and sorry for the slow response! 😊 You're right...I could have explained the networking setup better. I was just using the default VPC and its preconfigured subnets. By default, those are public subnets (with routes to an internet gateway). If your ECS app wasn't going to be handling internet traffic, then you could make them private subnets. Hope that helps! Thanks for watching! 🙏🌟🤓
Very tricky to open all TCP traffic from elb to ec2. Keep same ports open to avoid unnecessary attack vectors.
@TinyTechnicalTutorials
4 ай бұрын
Thanks, Constantine! 👍
These are super helpful. Can you do some terraform tutorials if possible please for AWS?
@TinyTechnicalTutorials
Жыл бұрын
Thanks for the kind words, Mineth! 😊 I definitely want to do some Terraform videos...it's on my list! Thanks for the suggestion!
I have node js app. Can you suggest which aws service i should pick to deploy my bot
@TinyTechnicalTutorials
Жыл бұрын
Hi soltsdev! 😊 As with most things in AWS, "it depends." If you don't want to deal with underlying infrastructure, you could use Elastic Beanstalk (basically just upload your code and go...AWS will provision everything else for you). AWS Amplify makes it easy to build full-stack apps, and again the underlying infrastructure is provisioned for you (if you have front end, back end, database and authentication components to your bot, this would be a good option). Or if you want a lot of control, you could create an EC2 instance and deploy your bot there. Lots of options!!
wowwww, your voice is so good to hear maate .. hey can u guide me , how to load balance between different services which are hostng different container or task ..
@TinyTechnicalTutorials
Жыл бұрын
Thanks for the nice comment, Vishnu! 😊 To handle multiple services, maybe this will help? docs.aws.amazon.com/AmazonECS/latest/developerguide/register-multiple-targetgroups.html
Will this work with ec2 instead of fargate? No matter what I try, the only way it work if I allow all traffic in the container's security group. If not, ecs doesn't show the container instances
@TinyTechnicalTutorials
13 күн бұрын
Hi dark jean! 👋 Sorry for the SUPER slow response! If you're still looking for an answer, the yes, this should definitely work with EC2 launch types too. Here are some things to check... Security Groups: -Load Balancer Security Group: Ensure that the security group associated with your load balancer allows inbound traffic on the appropriate ports (e.g., port 80 for HTTP, port 443 for HTTPS). -EC2 Instance Security Group: The security group for your EC2 instances should allow inbound traffic from the security group of the load balancer on the ports your application uses. This is typically port 80 or 443. Task Definition and Service Configuration: -Port Mappings: Ensure that your ECS task definition specifies the correct container port mappings. -Target Group: When creating the ECS service, make sure to register your tasks with the appropriate target group of the load balancer. The target group should be configured to route traffic to the ports your containers are listening on.
What is the best practice to choose subnets for the cluster? Public or private?
@TinyTechnicalTutorials
6 ай бұрын
Hi @ozycozy! 👋 Apologies for the delayed response! Generally speaking, you want to put things in a private subnet unless they need to be accessed from the internet (and even in that case, you'll usually put a load balancer in front of them for the public access, then keep everything else private). But this thread actually brings up some other really good points: www.reddit.com/r/aws/comments/12qhwtc/ecs_fargate_why_bother_using_private_subnets_nat/. Hope that helps! 😊
This was a great tutorial, but I couldn't get it to work as described. I eventually created a "WideOpen" security group to allow all traffic between the load balancer and the service (not great practice, but since I was doing this as a skill builder and wasting lots of time trying to debug it, that was one way to get unblocked).
@TinyTechnicalTutorials
Жыл бұрын
Hi amylsFlexable! Sorry to hear you couldn't get it working (or not working without a "WideOpen" security group). I know I got tripped up with the multiple security groups, and the way it defaults to the wrong one about halfway through...it took me a couple tries to get it right myself. But hope you were still able to learn something new! Thanks for watching! 😊
@amyIsFlexable
Жыл бұрын
@@TinyTechnicalTutorials I think possibly the trick is the group may need both HTTP and TCP access to be able to pass through the content the container is delivering on port 80 (video shows just TCP), but that's just a guess. My theory is it needs TCP for the health check and HTTP to deliver the web content, but I wouldn't be watching your video if I were an expert :)
@TinyTechnicalTutorials
Жыл бұрын
Ahhh, interesting! I'll go back and double-check...
This is a nice presentation but I can not get it to work. Not sure how it can work using the default vps since the subnets are not associated with a routetable with a gateway.
@TinyTechnicalTutorials
10 ай бұрын
Hey David! I believe you answered this question in the other video, so closing this one. 😊
I have been going through many videos and this is exactly what i'm looking for, very clear, can you help us with * Postgres database shading on AWS RDS Proxy. thank you.
@TinyTechnicalTutorials
Жыл бұрын
Thanks for watching, Musa! 😊 I'll add this topic to my list for future videos.
@musadabra64
Жыл бұрын
@@TinyTechnicalTutorials thank you, notifications bell is turned on 🔔
What if I had 2 APIs running in separeted tasks in a single cluster? Do I need to create a ALB to each task (API) or I could do something else?
@TinyTechnicalTutorials
6 ай бұрын
Hi Victor! 👋 Apologies for the slow response. If you're still looking for an answer... When using a single ECS cluster with multiple services or tasks, the recommended approach is to use a single load balancer and create a target group for each process/task. This allows both processes to route traffic to the cluster independently while sharing the same load balancer infrastructure. Hope that helps 😊
@1234victorxD
6 ай бұрын
@@TinyTechnicalTutorials Yeah it helps a lot! it was the approach I took and things are working fine! thx!
I have one Que. if we set port 8080 for the container then what setting do we need to do for the security group ?
@TinyTechnicalTutorials
Жыл бұрын
Hi Abhijeet! The security group on the Service (which contains the tasks/containers) should accept incoming traffic from the OTHER security group (that sits on the load balancer). So that wouldn't change. You might be thinking about the "port mapping" section of the task definition, around @06:33 in the video? Maybe this will help? docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PortMapping.html stackoverflow.com/questions/65205267/containerport-and-hostport-which-one-is-used-by-the-web-application-interna
@rohanekar
Жыл бұрын
Can you create one video for the use application with different port and allocated the persistence storage
It didnt work as intended. I included an SSL certificate to allow https traffic on the load balancer port 433 but the LB URL returns a 503. The IP address from my container is assecible only via http and not https.
@TinyTechnicalTutorials
5 ай бұрын
Hi Wunderlust! 👋 This might just be a typo in your comment, but did you mean port 443 (rather than 433)? SSL uses 443.
@wunderlust7252
5 ай бұрын
Yes I do. I set up the load balancer to allower traffic on port 433 and port 80. When i visit the Loadbalancer URL i get the response 503 service unavailable. Do you have a tutorial for https @@TinyTechnicalTutorials
AWS went mad at 11:11
@TinyTechnicalTutorials
8 ай бұрын
Yes, it did! 😄
It would be great if you could show how one could extend this solution such that an external client needs to use https (even though the container does not). Every attempt I make to do so fails (but AWS Console does not tell me why). I can only get an unsecure http client to work. There has got to be some trick perhaps hidden somewhere deep in the documentation that I am missing. I could not find a single tutorial that explains how one can have an https client - they are ALL http. Great series by the way!! And I had no idea one could create the load balancer, target group, and security groups from the EC2 page. Seeing that was a real breakthrough. There are a lot of 'gotchas' on the ECS. The challenge I am having when using https is configuring the listeners and security group incoming rules. I need https coming into ALB and http:8080 going to the container from ALB. Seems like it should be simple, but it is not!
@TinyTechnicalTutorials
Жыл бұрын
Hi @Gyannea! 😊 The most obvious thing to check (which you might have already done) is that your load balancer has a security group that allows inbound 443 from the internet. And then add your SSL/TLS certificate to the load balancer too: repost.aws/knowledge-center/associate-acm-certificate-alb-nlb. But I'll also add this topic to my list for future videos. Thanks for the suggestion! 😎
@Gyannea
Жыл бұрын
@@TinyTechnicalTutorials Yes, I have done that but it still fails. There are a couple of caveats. My container health check will return a 401, not 200. However, there is no way to specify that BEFORE you create the service. After you create the service, race as fast as you can to the CloudFormation, click on resources, find the target group, edit the health check, click on the advanced, and then add the 401 (200,401). If you do it fast enough the service creation will not fail due to that reason. The other caveat is the ApplicationLoadBalancer. You cannot have a private and public network in the same 'region'. If you do, that will fail. I have addressed those two issues, but I hate the race to update the target group. The failures I get after that I do not understand and cannot find any AWS logging about the failure or reason. It's been days of frustration and I am still working on it. Giving up on FARGATE. Don't want it in the end anyways.
WOW thanks...I guess Im going to donate some money cause this unblocked me... I also clarified some stuff; the diagrams are great. I love you
@TinyTechnicalTutorials
8 ай бұрын
Oh, you're too kind!!! 🥰 I'm glad it helped! 🙏🌟🤓
Why are questions/comments being deleted?
@TinyTechnicalTutorials
10 ай бұрын
Hey David! 👋 Are you maybe looking for your comment on this video? kzread.info/dash/bejne/amqN1ZKFnrC5nrw.html
@mriservice1671
10 ай бұрын
Ok, I can see it sorry.
can we connect need a small help @tiny
@TinyTechnicalTutorials
13 күн бұрын
Hi @HoneyHaiderMengha! 👋 I don't really do calls. Maybe something you can post in comments?
I would have never got it running without your information about the security group needing to be edited after launch. Holy cow AWS is the worst system on the planet.
@TinyTechnicalTutorials
7 ай бұрын
Haha! Yes, I spent a long time banging my head against the wall on that part. Glad it saved you some time! 🤓🌟
who's here following the tutorial and realized AWS changed its settings and on the edge of going mad...
@TinyTechnicalTutorials
5 күн бұрын
Argh...sorry for that! AWS changes their UI constantly...it's hard to keep up! 😞
Why don't you teach the business properly in a way that is usable, why didn't you teach it with the https protocol? literally made the video useless
@TinyTechnicalTutorials
3 ай бұрын
Oh no!! Sorry for that! 😢