Builder's Diary Vol. 5: ECS Anywhere

Andreas Wittig – 22 Dec 2022

Get insights into the day-to-day challenges of builders. In this issue, Samia Rabah from our partner DEMICON talks about ECS Anywhere to orchestrate containers on-premises and in the cloud.

Builder's Diary

If you prefer a video or podcast instead of reading, here you go.

Do you prefer listening to a podcast episode over reading a blog post? Here you go!

cloudonaut: You joined DEMICON as a DevOps and Cloud Consultant in July 2022. How has your career gone up to this point?

Samia Rabah: After graduating with a master’s degree in machine learning, I started my career as a Python developer. Later, I joined KM.ON as a full stack developer and contributed to one of their data science projects. As a full-stack developer, I came in contact with the cloud and the endless possibilities fascinated me. So I was looking for a new job where I could focus on my cloud skills. That’s how I found out about an open position at DEMICON.

cloudonaut: DEMICON is a remote-first company, so what did the onboarding process look like?

Samia Rabah: The onboarding process was welcoming and well-structured. For example, I had remote coffee meetings during the first week with many of my new colleagues. Also, all my hardware and credentials arrived even before I started my new position to ensure a seamless start. Besides that, I had the opportunity to meet my team and others who were beginning fresh at DEMICON in person.

cloudonaut: In our experience, being a developer is different from being a consultant. How did you get into the role of a consultant at DEMICON?

Samia Rabah: I worked on improving an internal project during the first weeks. I also prepared for and passed the AWS Certified Developer Associate exams. After that, I conducted a workshop at the customer’s site for the first time. And later, I worked on my first client project, which is where I implemented a solution based on ECS Anywhere.

cloudonaut: What was the challenge you faced in your first project?

Samia Rabah: My customer was already running a workload consisting of an API and batch processing layer on ECS. The batch processing required GPUs and was therefore running on expensive EC2 instances. The customer wanted to use underutilized on-premises machines to reduce costs instead of running the entire GPU workload on AWS.

cloudonaut: What is ECS Anywhere?

Samia Rabah: The Elastic Container Service (ECS) orchestrates containers on EC2 instances or Fargate. With ECS Anywhere, you can run containers on bare-metal or virtual machines. All you need to do is install and configure the SSM and ECS agent.

cloudonaut: Could you please share the architecture for the API and batch processing workload running on ECS, Fargate, and ECS Anywhere?

Samia Rabah: The following figure illustrates the components of the architecture.

  • ECS orchestrates the services, tasks, and containers.
  • ALB forwards requests to the API service.
  • Fargate provides the compute capacity for the API service and allows running batch processes in the cloud during peak hours.
  • ECS Anywhere runs containers on on-premises machines.
  • EFS is used to load the input and persist the output of batch jobs.

ECS Anywhere Architecture

cloudonaut: How does monitoring and logging work for containers running on-premises?

Samia Rabah: ECS Anywhere supports the awslogs log driver. Therefore, each container is capable of sending its logs to a CloudWatch log group. Doing so is highly recommended, as centralized logging is crucial for debugging issues. Note that ECS Anywhere also supports task and task execution roles. Therefore, attaching IAM roles to your tasks/containers is possible to grant access to other AWS services.

cloudonaut: That sounds great. Logging and IAM roles are very helpful. But, does ECS Anywhere come with any limitations?

Samia Rabah: Yes. The network mode awsvpc is not supported, as the workload is running on-premises. If necessary, you need to peer your on-premises network with your VPC. For example, we have been using a site-to-site VPN connection. Besides that, AWS Anywhere does not support Elastic Load Balancing. Also, the native integration for EFS volumes is not supported. Instead, you need to mount the EFS volume on the on-premises machines and use local container volumes.

cloudonaut: Do you recommend ECS Anywhere for other scenarios as well?

Samia Rabah: In general, I’m a huge fan of ECS Anywhere. It worked very well and enabled hybrid cloud scenarios. ECS Anywhere is a good fit for batch processing or similar workloads that do not require inbound traffic. I can also imagine using ECS Anywhere in scenarios where the whole workload runs outside of AWS, for example, to process data at the edge.

cloudonaut: Thanks a lot for sharing your insights into ECS Anywhere with us, Samia!

Andreas Wittig

Andreas Wittig

I’ve been building on AWS since 2012 together with my brother Michael. We are sharing our insights into all things AWS on cloudonaut and have written the book AWS in Action. Besides that, we’re currently working on bucketAV,HyperEnv for GitHub Actions, and marbot.

Here are the contact options for feedback and questions.