Creating an Amazon ECS cluster for the Amazon EC2 launch type
You create a cluster to define the infrastructure your tasks and services run on.
Before you begin, be sure that you've completed the steps in Set up to use Amazon ECS and assign the appropriate IAM permission. For more information, see Amazon ECS cluster examples. The Amazon ECS console provides a simple way to create the resources that are needed by an Amazon ECS cluster by creating a AWS CloudFormation stack.
To make the cluster creation process as easy as possible, the console has default selections for many choices which we describe below. There are also help panels available for most of the sections in the console which provide further context.
You can register Amazon EC2 instances when you create the cluster or register additional instances with the cluster after it has been created.
You can modify the following default options:
-
Change the subnets where your instances launch
-
Change the security groups used to control traffic to the container instances
-
Change the default namespace associated with the cluster.
A namespace allows services that you create in the cluster can connect to the other services in the namespace without additional configuration. The default namespace is the same as the cluster name. For more information, see Interconnect Amazon ECS services.
-
Turn on Container Insights with enhanced observability, or Container Insights .
CloudWatch Container Insights collects, aggregates, and summarizes metrics and logs from your containerized applications and microservices. Container Insights also provides diagnostic information, such as container restart failures, that you use to isolate issues and resolve them quickly. For more information, see Monitor Amazon ECS containers using Container Insights with enhanced observability.
On December 2, 2024, AWS released Container Insights with enhanced observability for Amazon ECS. This version supports enhanced observability for Amazon ECS clusters using the Amazon EC2 and Fargate launch types. After you configure Container Insights with enhanced observability on Amazon ECS, Container Insights auto-collects detailed infrastructure telemetry from the cluster level down to the container level in your environment and displays your data in dashboards that show you a variety of metrics and dimensions. You can then use these out-of-the-box dashboards on the Container Insights console to better understand your container health and performance, and to mitigate issues faster by identifying anomalies.
We recommend that you use Container Insights with enhanced observability instead of Container Insights because it provides detailed visibility in your container environment, reducing the mean time to resolution.
-
Add tags to help you identify your cluster.
Auto Scaling group options
When you use Amazon EC2 instances, you must specify an Auto Scaling group to manage the infrastructure that your tasks and services run on.
When you choose to create a new Auto Scaling group, it is automatically configured for the following behavior:
-
Amazon ECS manages the scale-in and scale-out actions of the Auto Scaling group.
-
Amazon ECS will not prevent Amazon EC2 instances that contain tasks and that are in an Auto Scaling group from being terminated during a scale-in action. For more information, see Instance Protection in the AWS Auto Scaling User Guide.
You configure the following Auto Scaling group properties which determine the type and number of instances to launch for the group:
-
The Amazon ECS-optimized AMI.
-
The instance type.
-
The SSH key pair that proves your identity when you connect to the instance. For information about how to create SSH keys, see Amazon EC2 key pairs and Linux instances in the Amazon EC2 User Guide.
-
The minimum number of instances to launch for the Auto Scaling group.
-
The maximum number of instances that are started for the Auto Scaling group.
In order for the group to scale out, the maximum must be greater than 0.
Amazon ECS creates an Amazon EC2 Auto Scaling launch template and Auto Scaling group on your behalf as part of the AWS CloudFormation
stack. The values that you specified for the AMI, the instance types, and the SSH key pair
are part of the launch template. The templates are prefixed with
EC2ContainerService-<
, which
makes them easy to identify. The Auto Scaling groups are prefixed with
ClusterName
><
.ClusterName
>-ECS-Infra-ECSAutoScalingGroup
Instances launched for the Auto Scaling group use the launch template.
Networking options
By default instances are launched into the default subnets for the Region. The security groups, which control the traffic to your container instances, currently associated with the subnets are used. You can changed the subnets and security groups for the instances.
You can choose an existing subnet. You can either use an existing security group, or create a new one, When you create a new security group, you need to specify at least one inbound rule.
The inbound rules determine what traffic can reach your container instances and include the following properties:
-
The protocol to allow
-
The range of ports to allow
-
The inbound traffic (source)
To allow inbound traffic from a specific address or CIDR block, use Custom for Source with the allowed CIDR.
To allow inbound traffic from all destinations, use Anywhere for Source. This automatically adds the 0.0.0.0/0 IPv4 CIDR block and ::/0 IPv6 CIDR block.
To allow inbound traffic from your local computer, use Source group for Source. This automatically adds the current IP address of your local computer as the allowed source.
To create a new cluster (Amazon ECS console)
Before you begin, assign the appropriate IAM permission. For more information, see Amazon ECS cluster examples.
Open the console at https://console.aws.amazon.com/ecs/v2
. -
From the navigation bar, select the Region to use.
-
In the navigation pane, choose Clusters.
-
On the Clusters page, choose Create cluster.
-
Under Cluster configuration, configure the following:
-
For Cluster name, enter a unique name.
The name can contain up to 255 letters (uppercase and lowercase), numbers, and hyphens.
-
(Optional) To have the namespace used for Service Connect be different from the cluster name, for Namespace, enter a unique name.
-
-
Add Amazon EC2 instances to your cluster, expand Infrastructure, clear AWS Fargate (serverless), and then select Amazon EC2 instances. Next, configure the Auto Scaling group which acts as the capacity provider:
-
To using an existing Auto Scaling group, from Auto Scaling group (ASG), select the group.
-
To create a Auto Scaling group, from Auto Scaling group (ASG), select Create new group, and then provide the following details about the group:
-
For Provisioning model, choose whether to use On-demand instances or Spot Instances.
-
If you choose to use Spot Instances, for Allocation Strategy, choose what Spot capacity pools (instance types and Availability Zones) are used for the instances.
For most workloads, you can choose Price capacity optimized.
For more information, see Allocation strategies for Spot Instances in the Amazon EC2 User Guide.
-
For Operating system/Architecture, choose the Amazon ECS-optimized AMI for the Auto Scaling group instances.
-
For EC2 instance type, choose the instance type for your workloads.
Managed scaling works best if your Auto Scaling group uses the same or similar instance types.
-
For EC2 instance role, choose an existing container instance role, or you can create a new one.
For more information, see Amazon ECS container instance IAM role.
-
For Capacity, enter the minimum number and the maximum number of instances to launch in the Auto Scaling group.
-
For SSH key pair, choose the pair that proves your identity when you connect to the instance.
-
To allow for larger image and storage, for Root EBS volume size, enter the value in GiB.
-
-
-
(Optional) To change the VPC and subnets, under Networking for Amazon EC2 instances, perform any of the following operations:
-
To remove a subnet, under Subnets, choose X for each subnet that you want to remove.
-
To change to a VPC other than the default VPC, under VPC, choose an existing VPC, and then under Subnets, choose the subnets.
-
Choose the security groups. Under Security group, choose one of the following options:
-
To use an existing security group, choose Use an existing security group, and then choose the security group.
-
To create a security group, choose Create a new security group. Then, choose Add rule for each inbound rule.
For information about inbound rules, see Networking options.
-
-
To automatically assign public IP addresses to your Amazon EC2 container instances, for Auto-assign public IP, choose one of the following options:
-
Use subnet setting – Assign a public IP address to the instances when the subnet that the instances launch in are a public subnet.
-
Turn on – Assign a public IP address to the instances.
-
-
-
(Optional) Use Container Insights, expand Monitoring, and then choose one of the following options:
-
To use the recommended Container Insights with enhanced observability, choose Container Insights with enhanced observability.
-
To use Container Insights, choose Container Insights.
-
-
(Optional)
If you use Runtime Monitoring with the manual option and you want to have this cluster monitored by GuardDuty, choose Add tag and do the following:
-
For Key, enter
guardDutyRuntimeMonitoringManaged
-
For Value, enter
true
.
-
-
(Optional) To manage the cluster tags, expand Tags, and then perform one of the following operations:
[Add a tag] Choose Add tag and do the following:
-
For Key, enter the key name.
-
For Value, enter the key value.
[Remove a tag] Choose Remove to the right of the tag’s Key and Value.
-
-
Choose Create.
Next steps
After you create the cluster, you can create task definitions for your applications and then run them as standalone tasks, or as part of a service. For more information, see the following: