Terraform: Right way to run docker containers on AWS
Can you advice what is the right way to run container on AWS instances? For example I need two instances with running containers on it:
- instance1: image1 + image2
- instance2: image3
If I understood correctly docker provider can connect only to one docker host. Or I should exec provisioners like _docker run ...._ for this?
mkabischev
All 7 comments
This question is not related with Terraform. You should ask the question to AWS forum.
ozbillwang
on 12 Mar 2016
@sydOps Why its not related? Question is not about how to run container on aws, its about how to do it with terraform. Now Im using puppet for configuring my instances, but its not very comfortable for us. And I`m looking for some tools that can help us to describe our infrastructure.
From docs I got how to configure instances, security groups etc via terraform, but running containers isn`t very clear for me.
mkabischev
on 12 Mar 2016
Ok.
did you read https://www.terraform.io/docs/providers/aws/r/ecs_cluster.html# first?
ozbillwang
on 12 Mar 2016
+1 to looking at ECS for what your after.
Nathan Sullivan
Sent from a mobile device
On 12 Mar 2016, at 9:14 PM, Bill W [email protected] wrote:
Ok.
did you read https://www.terraform.io/docs/providers/aws/r/ecs_cluster.html# first?
—
Reply to this email directly or view it on GitHub.
CpuID
on 12 Mar 2016
@mkabischev docker is the wrong provider for this, unless you want to manage the docker daemon yourself. Otherwise you have to use ecs.
An example on how to setup an ecs cluster in terraform would look like this, assuming your using the aws marketplace ecs image:
# setup an ecs cluster
# the cluster has a configurable asg & alc. the security group is accessible only
# via SSH by default. To use this you need to make sure that ecs IAM roles exist
# see http://docs.aws.amazon.com/AmazonECS/latest/developerguide/get-set-up-for-amazon-ecs.html
#
# the module assumes that the following roles have already been created
#
# ecsInstanceRole: AmazonEC2ContainerServiceforEC2Role
# trust policy: ec2.amazonaws.com
# {
# "Version": "2012-10-17",
# "Statement": [
# {
# "Effect": "Allow",
# "Action": [
# "ecs:CreateCluster",
# "ecs:DeregisterContainerInstance",
# "ecs:DiscoverPollEndpoint",
# "ecs:Poll",
# "ecs:RegisterContainerInstance",
# "ecs:StartTelemetrySession",
# "ecs:Submit*"
# ],
# "Resource": "*"
# }
# ]
# }
#
# ecsServiceRole: AmazonEC2ContainerServiceRole
# trust policy: ecs.amazonaws.com
# {
# "Version": "2012-10-17",
# "Statement": [
# {
# "Effect": "Allow",
# "Action": [
# "ec2:AuthorizeSecurityGroupIngress",
# "ec2:Describe*",
# "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
# "elasticloadbalancing:Describe*",
# "elasticloadbalancing:RegisterInstancesWithLoadBalancer"
# ],
# "Resource": "*"
# }
# ]
# }
#
resource "aws_ecs_cluster" "cluster" {
name = "${var.cluster_name}"
}
resource "aws_autoscaling_group" "cluster" {
name = "${var.application}-ecs-${var.environment}-2"
availability_zones = ["eu-west-1a"]
max_size = "${var.max_instance_count}"
min_size = "${var.min_instance_count}"
health_check_grace_period = 300
health_check_type = "ELB"
desired_capacity = "${var.desired_capacity}"
force_delete = true
launch_configuration = "${aws_launch_configuration.cluster.name}"
depends_on = ["aws_launch_configuration.cluster"]
}
resource "aws_iam_instance_profile" "cluster" {
name = "${var.application}-ecs-${var.environment}"
roles = ["ecsInstanceRole"]
}
resource "template_file" "packages" {
template = "${path.module}/templates/cloud-init.tpl"
vars = {
cluster_name = "${aws_ecs_cluster.cluster.name}"
docker_hub_username = "${var.docker_hub_username}"
docker_hub_password = "${var.docker_hub_password}"
docker_hub_email = "${var.docker_hub_email}"
aws_access_key = "${aws_iam_access_key.cloudwatchlogs.id}"
aws_secret_key = "${aws_iam_access_key.cloudwatchlogs.secret}"
aws_region = "${var.aws_region}"
awslogs_log_group = "${aws_ecs_cluster.cluster.name}"
}
}
resource "aws_launch_configuration" "cluster" {
name = "${var.application}-ecs-${var.environment}"
image_id = "${var.instance_ami}"
key_name = "${var.instance_key_name}"
instance_type = "${var.instance_type}"
iam_instance_profile = "${aws_iam_instance_profile.cluster.id}"
user_data = "${template_file.packages.rendered}"
security_groups = ["${aws_security_group.cluster.id}"]
associate_public_ip_address = true
lifecycle {
create_before_destroy = true
}
}
then you can let ecs schedule containers in your cluster using aws_ecs_task_definition and aws_ecs_service. Hope it helps!
nicolai86
on 13 Mar 2016
I believe this answer is sufficiently answered.
mitchellh
on 4 Dec 2016
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 19 Apr 2020
Related issues
ncraike
·
77Comments
radeksimko
·
80Comments
kklipsch
·
95Comments
jszwedko
·
77Comments
shubhambhartiya
·
72Comments
Most helpful comment
@mkabischev docker is the wrong provider for this, unless you want to manage the docker daemon yourself. Otherwise you have to use ecs.
An example on how to setup an ecs cluster in terraform would look like this, assuming your using the aws marketplace ecs image:
then you can let ecs schedule containers in your cluster using
aws_ecs_task_definitionandaws_ecs_service. Hope it helps!