search close

AWS Elastic Container Service (ECS) Setup

access_time Updated Sep 21, 2021

Introduction

This article shows how to create a deployment in AWS ECS to add Signal Sciences in a sidecar configuration. This deployment setup is compatible with both Fargate and EC2 launch types.

Instructions

  1. Create a new task definition. Select either Fargate or EC2.

  2. Add the Shared Volume for the containers to use for the Unix Socket file by clicking Add volume under “Volumes”.

  3. In the Add Volume modal, enter a name, select the type of Bind Mount, and click Add.

  4. On the main Task page, click Add Container.

  5. Specify the following:

    • Container Name: This can be any Display Name you would like, such as “example-app”.
    • Image: This will be the Docker Image, i.e. username/example-app:latest.
    • Port Mappings: Add any ports that should be available for the App.
  6. Scroll down in the Container Definition to Storage and Logging and select the volume created earlier in the Mount Points.

  7. Create the container.

  8. Add a second container for the Signal Sciences Agent:

    • Container Name: sigsci-agent
    • Image: signalsciences/sigsci-agent:latest
    • Port Mappings: Add any ports that should be available for the App.
    • Environment Variables:
      • Enter the Agent Access Key and Agent Secret Key for your site as environment variables named SIGSCI_ACCESSKEYID and SIGSCI_SECRETACCESSKEY: The environment variable fields with 'SIGSCI_ACCESSKEYID' and 'SIGSCI-SECRETACCESSKEY' entered as key names and 'REPLACEME' entered as key values.
        • The Agent Access Key and Agent Secret Key for your site are listed within the Signal Sciences console by going to Agents > View agent keys:

          The 'View agent keys' button.
        • The Agent Access Key and Agent Secret Key will be visible within the modal window:
          The agent keys window.

    • Mount Points: Select the same mount point as the previous Container.
  9. Create the container

  10. Finish creating the task definition

  11. After the task definition is created, in the Actions menu, select Run Task or Create Service and run on one of your configured clusters.

Example JSON Configuration

Note: You will need to replace all instances of REPLACEME and REPLACE_ME in this example JSON.

{
    "ipcMode": null,
    "executionRoleArn": "arn:aws:iam::REPLACEME:role/ecsTaskExecutionRole",
    "containerDefinitions": [
        {
            "dnsSearchDomains": null,
            "logConfiguration": {
                "logDriver": "awslogs",
                "secretOptions": null,
                "options": {
                    "awslogs-group": "/ecs/sigsci-example",
                    "awslogs-region": "us-west-1",
                    "awslogs-stream-prefix": "ecs"
                }
            },
            "entryPoint": null,
            "portMappings": [
                {
                    "hostPort": 8080,
                    "protocol": "tcp",
                    "containerPort": 8080
                }
            ],
            "command": null,
            "linuxParameters": null,
            "cpu": 0,
            "environment": [
                {
                    "name": "apache_port",
                    "value": "8080"
                },
                {
                    "name": "sigsci_rpc",
                    "value": "/var/run/sigsci.sock"
                }
            ],
            "ulimits": null,
            "dnsServers": null,
            "mountPoints": [
                {
                    "readOnly": null,
                    "containerPath": "/var/run",
                    "sourceVolume": "run"
                }
            ],
            "workingDirectory": null,
            "secrets": null,
            "dockerSecurityOptions": null,
            "memory": null,
            "memoryReservation": null,
            "volumesFrom": [],
            "stopTimeout": null,
            "image": "trickyhu/sigsci-apache-alpine:latest",
            "startTimeout": null,
            "firelensConfiguration": null,
            "dependsOn": null,
            "disableNetworking": null,
            "interactive": null,
            "healthCheck": null,
            "essential": true,
            "links": null,
            "hostname": null,
            "extraHosts": null,
            "pseudoTerminal": null,
            "user": null,
            "readonlyRootFilesystem": null,
            "dockerLabels": null,
            "systemControls": null,
            "privileged": null,
            "name": "apache"
        },
        {
            "dnsSearchDomains": null,
            "logConfiguration": {
                "logDriver": "awslogs",
                "secretOptions": null,
                "options": {
                    "awslogs-group": "/ecs/sigsci-example",
                    "awslogs-region": "us-west-1",
                    "awslogs-stream-prefix": "ecs"
                }
            },
            "entryPoint": null,
            "portMappings": [],
            "command": null,
            "linuxParameters": null,
            "cpu": 0,
            "environment": [
                {
                    "name": "SIGSCI_ACCESSKEYID",
                    "value": "REPLACEME"
                },
                {
                    "name": "SIGSCI_SECRETACCESSKEY",
                    "value": "REPLACEME"
                }
            ],
            "ulimits": null,
            "dnsServers": null,
            "mountPoints": [
                {
                    "readOnly": null,
                    "containerPath": "/var/run",
                    "sourceVolume": "run"
                }
            ],
            "workingDirectory": null,
            "secrets": null,
            "dockerSecurityOptions": null,
            "memory": null,
            "memoryReservation": null,
            "volumesFrom": [],
            "stopTimeout": null,
            "image": "trickyhu/sigsci-agent-alpine:latest",
            "startTimeout": null,
            "firelensConfiguration": null,
            "dependsOn": null,
            "disableNetworking": null,
            "interactive": null,
            "healthCheck": null,
            "essential": true,
            "links": null,
            "hostname": null,
            "extraHosts": null,
            "pseudoTerminal": null,
            "user": null,
            "readonlyRootFilesystem": null,
            "dockerLabels": null,
            "systemControls": null,
            "privileged": null,
            "name": "agent"
        }
    ],
    "memory": "4096",
    "taskRoleArn": "arn:aws:iam::REPLACEME:role/EcsServiceRole2",
    "family": "sigsci-example",
    "pidMode": null,
    "requiresCompatibilities": [
        "FARGATE"
    ],
    "networkMode": "host",
    "cpu": "2048",
    "inferenceAccelerators": null,
    "proxyConfiguration": null,
    "volumes": [
        {
            "efsVolumeConfiguration": null,
            "name": "run",
            "host": {
                "sourcePath": null
            },
            "dockerVolumeConfiguration": null
        }
    ],
    "tags": []
}