Use Docker Containers with AWS EC2

Use Docker Containers with AWS EC2

Posted on |

When developing cloud-native apps, the Docker Compose CLI allows developers to utilise native Docker instructions to execute applications on Amazon EC2 Container Service (ECS).

The Docker and Amazon ECS connection enables developers to utilise the Docker Compose CLI to:

Set an AWS perspective in a single Docker operation, enabling you to simply and easily transition from a specific setting to a cloud domain and run apps.

Compose files facilitate multi-container software development on Amazon ECS.


You must fulfil the following conditions to launch Docker containers on ECS:

  • Install the most recent version of Docker Desktop.
  • Download for Mac
  • Download for Microsoft Windows
  • Run the Docker Compose CLI for Linux instead.
  • Ascertain that you do have an AWS account.

Docker not only allows developers to execute multi-container applications locally, and also to launch Docker containers on Amazon ECS using a Compose file and the docker-compose up command. The following subsections will walk you through the process of deploying your Compose application to Amazon ECS.

Execute an application based on ECS Requirements.

AWS Docker container has a fine-grained authorization architecture, with distinct roles assigned to each possible input and action.

You must verify that your AWS docker container enable access to the following AWS IAM permissions to guarantee that Docker ECS integration may allocate resources for your Compose implementation:

  • application-autoscaling:*
  • cloudformation:*
  • ec2:AuthorizeSecurityGroupIngress
  • ec2:CreateSecurityGroup
  • ec2:CreateTags
  • ec2:DeleteSecurityGroup
  • ec2:DescribeRouteTables
  • ec2:DescribeSecurityGroups
  • ec2:DescribeSubnets
  • ec2:DescribeVpcs
  • ec2:RevokeSecurityGroupIngress
  • ecs:CreateCluster
  • ecs:CreateService
  • ecs:DeleteCluster
  • ecs:DeleteService
  • ecs:DeregisterTaskDefinition
  • ecs:DescribeClusters
  • ecs:DescribeServices
  • ecs:DescribeTasks
  • ecs:ListAccountSettings
  • ecs:ListTasks
  • ecs:RegisterTaskDefinition
  • ecs:UpdateService
  • elasticloadbalancing:*
  • iam:AttachRolePolicy
  • iam:CreateRole
  • iam:DeleteRole
  • iam:DetachRolePolicy
  • iam:PassRole
  • logs:CreateLogGroup
  • logs:DeleteLogGroup
  • logs:DescribeLogGroups
  • logs:FilterLogEvents
  • route53:CreateHostedZone
  • route53:DeleteHostedZone
  • route53:GetHealthCheck
  • route53:GetHostedZone
  • route53:ListHostedZonesByName
  • servicediscovery:*

GPU capability, which uses EC2 instances to execute applications with associated GPU devices, necessitates a few extra permissions:

  • ec2:DescribeVpcs
  • autoscaling:*
  • iam:CreateInstanceProfile
  • iam:AddRoleToInstanceProfile
  • iam:RemoveRoleFromInstanceProfile
  • iam:DeleteInstanceProfile

Make an AWS context

To establish an Amazon ECS Docker context termed myecscontext, use the docker situation establishes ECS myecscontext function. Once you’ve properly configured the AWS CLI, the configuration function allows you to connect to Amazon using an established AWS docker container. In the meanwhile, you can establish a new profile by providing an AWS access key ID and a secret access key. Finally, you may set your ECS context to receive AWS credentials using AWS_* environment variables, which is a popular method for integrating with third-party applications and single-sign-on providers.

After you’ve created an AWS docker container, use the docker context ls command to see a list of your Docker contexts.

Start a Compose application.

To use the docker-compose tool, you may launch and control multi-container applications described in Compose scripts to Amazon ECS. To accomplish this, first:

Check that you’re utilising your ECS context. You may accomplish this by including the —context myecscontext parameter in your command or by changing the current perspective with the query docker environment using myecscontext.

During implementation, you could also clearly state a title for the Compose application by using the —project-name banner. When no name is supplied, the current directory will be used to generate one.

The Docker ECS integration transforms the Compose software application into a collection of Aws services known as a CloudFormation configuration. Technical material describes the actual mapping. If you execute docker composition up, you may evaluate the created template and track CloudFormation using this model from the AWS docker container, in parallel to CloudFormation activities being presented in your console.

To use the docker-compose ps function, you can see the processes generated for the Compose app on Amazon ECS as well as their current condition.

To start and end a complete Compose application, use docker-compose up and docker-compose down.

By default, docker-compose up utilises the current folder’s compose.YAML or docker-compose.YAML file. The operating directory can be specified with the —workdir parameter, or the Compose file can be specified directly with docker-compose —file mycomposefile.yaml up.

Continuous updating

You can simply run docker-compose up on the new Compose project to update your application without disrupting the flow of production. Your ECS services are built with a setup that allows for rolling updates. When you run docker-compose up with a changed Compose document, the stack is revised to say the modifications, and certain services are replaced if necessary. This method will adhere to the rolling-update settings specified by your services deploy.update config configuration.

AWS ECS defines the number of containers to operate or close down during a continuous update using a per cent-based methodology. The Docker Compose CLI generates a rolling updates configuration based on the concurrency and replicas parameters.

Alternatively, you may opt to specify a rolling update directly using the extension fields x-aws-min per cent and x-aws-max per cent. The former specifies the minimum percentage of containers that must be running for service, while the latter specifies the maximum percentage of additional containers that must be started before prior versions are deleted.

By configuration, the ECS rolling update is configured to operate twice as many instances for service (200 percent), with the flexibility to shut down all containers throughout the upgrade.

Examine the application logs

The AWS CloudWatch Logs service is configured for your containers using the Docker Compose CLI. By configuration, you can view logs from your composed application in the same manner that you can view logs from local installations.

Docker-compose/application name> creates a log stream for the operation, and log channels are produced for each function and container in your platform as application name>/service name>/container ID>.

You may fine-tune AWS CloudWatch Logs by setting the amount of log event storage cycles in your Compose document by using the extension parameter x-aws-logs retention. The default setting is to keep a record indefinitely.

AWS logs options may also be sent to your container as regular Compose file logging. driver opts for parts. Details about various log driver options may be found in the AWS documentation.

Docker files for private use

The Docker Compose CLI configures authorisation automatically so that you may retrieve private pictures from the Amazon ECR registry on the very same AWS docker container.

To retrieve private pictures from some other registry, such as Docker Hub, you must first create a Username + Password (or Username + Token) secret on the AWS Secrets Manager api.

For your comfort, the Docker Compose CLI includes the docker hidden command, which allows you to handle secrets generated on AWS SMS without installing the AWS CLI.

To begin, build a token.json file in which you will define your DockerHub login and access token.

See Managing user credentials for details on how to create these.

Localization of simulation

When you publish your service to ECS, you may also use other AWS services. In such circumstances, your programmes must include the AWS SDK and get API keys at runtime. AWS docker container provides a credentials discovery approach that is completely supported by the SDK and is based on querying a metadata service through a fixed IP address.

When you choose this strategy, it might be difficult to execute your application locally for testing or debugging. As a result, we included a context creation option to establish the ECS-local context in order to maintain program mobility between the local desktop and the AWS public cloud.

Executing the docker-compose up command when you specify a local simulation setting does not deploy your program to ECS. As a result, you must execute it locally, with your Compose software automatically updating to incorporate the ECS local destinations. This enables application code to utilise the AWS SDK to attend a local dummy container as “AWS metadata API” and obtain passwords from your own config file.


DataServerMarket can assist you in locating networking capabilities for your IT problems. DataServerMarket creates shared facilities that a variety of clients can use on-site.

Some of the services provided by DataServerMarket are as follows:

  • For parallel-connected, DataServerMarket connects various clouds and computer memory sites.
  • DataServerMarket provides enterprises with data and processing connectivity alternatives.
  • In addition, DataServerMarket provides skilled professional assistance, as well as digital flexibility and system includes.
  • Cloud video conferencing, worldwide communications technologies, and IP communication among clients and Service Providers are also available from DataServerMarket.
  • DataServerMarket offers storage, Vpn Networks, private email address solutions, migration, and data transfer services.

DataserverMarket creates shared rooms that a variety of users may use on-site. For speedier communication, DataserverMarket links many databases and centralized data sites. DataServerMarket also provides cloud video, worldwide telecom services, and IP connectivity to clients and Service Providers. DataServerMarket offers storage, Vpn Clouds, separate email services, migration, and data transfer services.

Leave a Reply

Your email address will not be published. Required fields are marked *