New – Amazon ECS Service Connect Enables Easy Communication Between Microservices

{"value":"[Microservices architectures](https://aws.amazon.com/microservices/) are a well-known software development approach to make applications composed of small independent services that communicate over well-defined application programming interfaces (APIs). Customers faced challenges when they started breaking down their monolith applications into microservices, as it required specialized networking knowledge to communicate internally with other microservices.\n\n[Amazon Elastic Container Services](https://aws.amazon.com/ecs/) ([Amazon ECS](https://aws.amazon.com/cn/ecs/?trk=cndc-detail)) customers have several solutions for service-to-service, but each one comes with some challenges and complications: 1) [Elastic Load Balancing](https://aws.amazon.com/elasticloadbalancing/) (ELB) needs to carefully plan for configuring infrastructure for high availability and incur additional infrastructure cost. 2) Using [Amazon ECS Service Discovery](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html) often requires developers to write custom application code for collecting traffic metrics and for making network calls resilient. 3) Service mesh solutions such as [Amazon Web Services App Mesh](https://aws.amazon.com/app-mesh/) run outside of [Amazon ECS](https://aws.amazon.com/cn/ecs/?trk=cndc-detail) despite having advanced traffic monitoring and routing features between services.\n\nToday, we are announcing the general availability of **[ Amazon ECS Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html)**, a new capability that simplifies building and operating resilient distributed applications. ECS Service Connect provides an easy network setup and seamless service communication deployed across multiple ECS clusters and virtual private clouds (VPCs). You can add a layer of resilience to your ECS service communication and get traffic insights with no changes to your application code.\n\n\n\nWith ECS Service Connect, you can refer and connect to your services by logical names using a namespace provided by [Amazon Web Services Cloud Map](https://aws.amazon.com/cloud-map/) and automatically distribute traffic between ECS tasks without deploying and configuring load balancers. You can set some safe defaults for traffic resilience, such as health checking, automatic retries for ```503``` errors, and connection draining, for each of your ECS services. Additionally, the [Amazon ECS](https://aws.amazon.com/cn/ecs/?trk=cndc-detail) console provides easy-to-use dashboards with real-time network traffic metrics for operational convenience and simplified debugging.\n\n### **++Getting Started with [Amazon ECS](https://aws.amazon.com/cn/ecs/?trk=cndc-detail) Service Connect++**\nTo get started with the ECS Service Connect, you can specify a namespace as part of creating an ECS cluster or create one in the Cloud Map. A namespace represents a way to structure your services and can span across multiple ECS clusters residing in different VPCs. All ECS services that belong to a specific namespace can communicate with existing services in the namespaces, provided existing network-level connectivity.\n\n\n\nYou can also see a list of Cloud Map namespaces in **Namespaces** in the left navigation pane of the [Amazon ECS](https://aws.amazon.com/cn/ecs/?trk=cndc-detail) console. When you select a namespace, it shows a list of services with the same namespace from two different ECS clusters with database services (```db-mysql```, ```db-redis```) and backend services (```webui```, ```appserver```).\n\n\n\nWhen you create an ECS cluster, you can select one of the namespaces in the **Default namespaces** of the **Networking** setting. ECS Service Connect is enabled for all new ECS services running in both [Amazon Web Services Fargate](https://aws.amazon.com/fargate/) and [Amazon EC2](https://aws.amazon.com/ec2) instances. To enable all existing services, you would need to redeploy with either a new version of ECS-optimized Amazon Machine Image (AMI), or with a new Fargate Agent that supports ECS Service Connect.\n\n\n\nOr, you can simply create a cluster via Amazon Web Services Command Line Interface (Amazon Web Services CLI) with ```service-connect-default```\n parameter and a default Cloud Map namespace name for service discovery purposes.\n\n```\\n\$ aws ecs create-cluster\\n --cluster \\"svc-cluster-2\\"\\n --service-connect-defaults {\\n \\"namespace\\": \\"svc-namespace\\"\\n}\\n```\n\nThis command will create an ECS cluster with the namespace on Amazon Web Services’s behalf. If you would like to use an already existing Cloud Map namespace, you can simply pass the name of the existing namespace here.\n\nNext, let’s create a service using an existing task definition that’s called ```webui-svc-cluster```and expose your web user-interface server using ECS Service Connect. To use Service Connect, you need to add port names in your task definition. For the following command, the port name is ```webui-port```in the task definition.\n\n```\\n\$ aws ecs create-service \\\\\\n--cluster \\"svc-cluster-2\\" \\\\\\n--service-name \\"webui\\" \\\\\\n--desired-count 1 \\\\\\n--task-definition \\"webui-svc-cluster\\" \\\\\\n--service-connect-configuration '{\\n \\"enabled\\": true,\\n \\"namespace\\": \\"svc-namespace\\",\\n \\"services\\":\\n [\\n {\\n \\"portName\\": \\"webui-port\\",\\n \\"clientAliases\\": [\\n {\\n \\"port\\": 80,\\n \\"dnsName\\": \\"webui\\"\\n }\\n ]\\n }\\n ]\\n}'\\n```\n\nIn this command, ```portName```represents a reference to the container port, and ```clientAliases```assigns the port number and DNS name, overriding the discovery name that is used in the endpoint. Each service has an endpoint URL that contains the protocol, a DNS name, and the port. You can select the protocol and port name in the task definition or the ECS service configuration. For example, an endpoint could be```http://webui:80```, ```grpc://appserver:8080```, or ```http://db-redis:8888```.\n\nIn the ECS console, you can see this configuration of ECS Service Connect for the ```webui```service in the ```svc-cluster-2 cluster```\n.\n\n\n\n\nAs you can see, you can run the same workloads across different clusters with the same ```clientAlias```and namespace name for high availability. ECS Service Connect will intelligently load balance the traffic to the ECS tasks. To connect to services running in different ECS clusters, you need to specify the same namespace name for all your ECS services that need to talk to each other. ECS Service Connect will make your services discoverable to all other services in the same namespace.\n\n### ++Improving Service Resilience with Observability Data++\nYou can collect traffic metrics with ECS Service Connect observability capabilities. By default, for each ECS service, you can see the number of healthy and unhealthy endpoints, along with inbound and outbound traffic volume.\n\nECS Service Connect supports HTTP/1, HTTP/2, gRPC, and TCP protocols. So, you can collect the number of requests, number of HTTP errors, and average call latency. For gRPC and TCP, you can see the total number of active connections. All of these metrics are pushed to [Amazon CloudWatch](https://aws.amazon.com/cloudwatch/) or other Amazon Web Services analytics services via [custom log routing](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html)\n\nIn the **Advanced** menu, you can publish ECS Service Connect Agent logs for help in debugging in case of issues.\n\n\n\nThese metrics are only visible in the original interface of the CloudWatch console. When you use the CloudWatch console, switch to the original interface to see the additional metric dimensions of “discovery name” and “target discovery name” under the ECS grouping.\n\nThe default settings provide you with a starting point for building resilient applications, and you can fine-tune parameters to limit the impact of failures, latency spikes, and network fluctuations on your application behavior using Amazon Web Services Management Console or dedicated ECS APIs.\n\n### **Now Available**\n[Amazon ECS](https://aws.amazon.com/cn/ecs/?trk=cndc-detail) Service Connect is available in all commercial Regions, except China, where [Amazon ECS](https://aws.amazon.com/cn/ecs/?trk=cndc-detail) is available. ECS Service Connect is fully supported in [Amazon Web Services CloudFormation](https://aws.amazon.com/cloudformation/), [Amazon Web Services CDK](https://aws.amazon.com/cdk/), [Amazon Web Services Copilot](https://aws.amazon.com/containers/copilot/), and [Amazon Web Services Proton](https://aws.amazon.com/proton/) for infrastructure provisioning, code deployments, and monitoring of your services. To learn more, see the [Amazon ECS Service Connect Developer Guide](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html).\n\nMy colleagues, Hemanth AVS, Senior Container Specialist SA, and Satya Vajrapu, Senior DevOps Consultant, prepared a hands-on workshop to demonstrate an example of the ECS Service Connect. Join **CON303 Networking, service mesh, and service discovery with [Amazon ECS](https://aws.amazon.com/cn/ecs/?trk=cndc-detail)** when you attend Amazon Web Services re:Invent 2022.\n\nGive it a try, and please send feedback to [Amazon Web Services re:Post for Amazon ECS](https://repost.aws/tags/TAefn4YSprR-uCBYmbofOpHw/amazon-elastic-container-service) or through your usual Amazon Web Services support contacts.\n\n– [Channy](https://twitter.com/)\n\n**Update November 28, 2022 – in an effort to improve customer experience, we have made a minor edit to the cluster creation via Amazon Web Services CLI section of this post for clarity.**\n\n\n\n\n### **[Channy Yun](https://aws.amazon.com/blogs/aws/author/channy-yun/)**\nChanny Yun is a Principal Developer Advocate for Amazon Web Services, and passionate about helping developers to build modern applications on latest Amazon Web Services services. A pragmatic developer and blogger at heart, he loves community-driven learning and sharing of technology, which has funneled developers to global Amazon Web Services Usergroups. His main topics are open-source, container, storage, network & security, and IoT. Follow him on Twitter at @channyun.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n","render":"<p><a href=\\"https://aws.amazon.com/microservices/\\" target=\\"_blank\\">Microservices architectures</a> are a well-known software development approach to make applications composed of small independent services that communicate over well-defined application programming interfaces (APIs). Customers faced challenges when they started breaking down their monolith applications into microservices, as it required specialized networking knowledge to communicate internally with other microservices.</p>\\n<p><a href=\\"https://aws.amazon.com/ecs/\\" target=\\"_blank\\">Amazon Elastic Container Services</a> ([Amazon ECS](https://aws.amazon.com/cn/ecs/?trk=cndc-detail)) customers have several solutions for service-to-service, but each one comes with some challenges and complications: 1) <a href=\\"https://aws.amazon.com/elasticloadbalancing/\\" target=\\"_blank\\">Elastic Load Balancing</a> (ELB) needs to carefully plan for configuring infrastructure for high availability and incur additional infrastructure cost. 2) Using <a href=\\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html\\" target=\\"_blank\\">Amazon ECS Service Discovery</a> often requires developers to write custom application code for collecting traffic metrics and for making network calls resilient. 3) Service mesh solutions such as <a href=\\"https://aws.amazon.com/app-mesh/\\" target=\\"_blank\\">Amazon Web Services App Mesh</a> run outside of [Amazon ECS](https://aws.amazon.com/cn/ecs/?trk=cndc-detail) despite having advanced traffic monitoring and routing features between services.</p>\\n<p>Today, we are announcing the general availability of <strong><a href=\\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html\\" target=\\"_blank\\"> Amazon ECS Service Connect</a></strong>, a new capability that simplifies building and operating resilient distributed applications. ECS Service Connect provides an easy network setup and seamless service communication deployed across multiple ECS clusters and virtual private clouds (VPCs). You can add a layer of resilience to your ECS service communication and get traffic insights with no changes to your application code.</p>\n<p><img src=\\"https://dev-media.amazoncloud.cn/d56e22b2a57548d7be127b102c25b32b_image.png\\" alt=\\"image.png\\" /></p>\n<p>With ECS Service Connect, you can refer and connect to your services by logical names using a namespace provided by <a href=\\"https://aws.amazon.com/cloud-map/\\" target=\\"_blank\\">Amazon Web Services Cloud Map</a> and automatically distribute traffic between ECS tasks without deploying and configuring load balancers. You can set some safe defaults for traffic resilience, such as health checking, automatic retries for <code>503</code> errors, and connection draining, for each of your ECS services. Additionally, the [Amazon ECS](https://aws.amazon.com/cn/ecs/?trk=cndc-detail) console provides easy-to-use dashboards with real-time network traffic metrics for operational convenience and simplified debugging.</p>\\n<h3><a id=\\"Getting_Started_with_Amazon_ECS_Service_Connect_10\\"></a><strong><ins>Getting Started with Amazon ECS Service Connect</ins></strong></h3>\n<p>To get started with the ECS Service Connect, you can specify a namespace as part of creating an ECS cluster or create one in the Cloud Map. A namespace represents a way to structure your services and can span across multiple ECS clusters residing in different VPCs. All ECS services that belong to a specific namespace can communicate with existing services in the namespaces, provided existing network-level connectivity.</p>\n<p><img src=\\"https://dev-media.amazoncloud.cn/c448e01afabb45569287b1393d308261_image.png\\" alt=\\"image.png\\" /></p>\n<p>You can also see a list of Cloud Map namespaces in <strong>Namespaces</strong> in the left navigation pane of the [Amazon ECS](https://aws.amazon.com/cn/ecs/?trk=cndc-detail) console. When you select a namespace, it shows a list of services with the same namespace from two different ECS clusters with database services (<code>db-mysql</code>, <code>db-redis</code>) and backend services (<code>webui</code>, <code>appserver</code>).</p>\\n<p><img src=\\"https://dev-media.amazoncloud.cn/6aa8bf24310c494388c291e89bb9883f_image.png\\" alt=\\"image.png\\" /></p>\n<p>When you create an ECS cluster, you can select one of the namespaces in the <strong>Default namespaces</strong> of the <strong>Networking</strong> setting. ECS Service Connect is enabled for all new ECS services running in both <a href=\\"https://aws.amazon.com/fargate/\\" target=\\"_blank\\">Amazon Web Services Fargate</a> and <a href=\\"https://aws.amazon.com/ec2\\" target=\\"_blank\\">Amazon EC2</a> instances. To enable all existing services, you would need to redeploy with either a new version of ECS-optimized Amazon Machine Image (AMI), or with a new Fargate Agent that supports ECS Service Connect.</p>\\n<p><img src=\\"https://dev-media.amazoncloud.cn/ec3f2462e7d14f108e288917a537ec8a_image.png\\" alt=\\"image.png\\" /></p>\n<p>Or, you can simply create a cluster via Amazon Web Services Command Line Interface (Amazon Web Services CLI) with <code>service-connect-default</code><br />\\nparameter and a default Cloud Map namespace name for service discovery purposes.</p>\n<pre><code class=\\"lang-\\">\$ aws ecs create-cluster\\n --cluster &quot;svc-cluster-2&quot;\\n --service-connect-defaults {\\n &quot;namespace&quot;: &quot;svc-namespace&quot;\\n}\\n</code></pre>\\n<p>This command will create an ECS cluster with the namespace on Amazon Web Services’s behalf. If you would like to use an already existing Cloud Map namespace, you can simply pass the name of the existing namespace here.</p>\n<p>Next, let’s create a service using an existing task definition that’s called <code>webui-svc-cluster</code>and expose your web user-interface server using ECS Service Connect. To use Service Connect, you need to add port names in your task definition. For the following command, the port name is <code>webui-port</code>in the task definition.</p>\\n<pre><code class=\\"lang-\\">\$ aws ecs create-service \\\\\\n--cluster &quot;svc-cluster-2&quot; \\\\\\n--service-name &quot;webui&quot; \\\\\\n--desired-count 1 \\\\\\n--task-definition &quot;webui-svc-cluster&quot; \\\\\\n--service-connect-configuration '{\\n &quot;enabled&quot;: true,\\n &quot;namespace&quot;: &quot;svc-namespace&quot;,\\n &quot;services&quot;:\\n [\\n {\\n &quot;portName&quot;: &quot;webui-port&quot;,\\n &quot;clientAliases&quot;: [\\n {\\n &quot;port&quot;: 80,\\n &quot;dnsName&quot;: &quot;webui&quot;\\n }\\n ]\\n }\\n ]\\n}'\\n</code></pre>\\n<p>In this command, <code>portName</code>represents a reference to the container port, and <code>clientAliases</code>assigns the port number and DNS name, overriding the discovery name that is used in the endpoint. Each service has an endpoint URL that contains the protocol, a DNS name, and the port. You can select the protocol and port name in the task definition or the ECS service configuration. For example, an endpoint could be<code>http://webui:80</code>, <code>grpc://appserver:8080</code>, or <code>http://db-redis:8888</code>.</p>\\n<p>In the ECS console, you can see this configuration of ECS Service Connect for the <code>webui</code>service in the <code>svc-cluster-2 cluster</code><br />\\n.</p>\n<p><img src=\\"https://dev-media.amazoncloud.cn/38259a74240b47c59e9d3b1c0c6574b2_image.png\\" alt=\\"image.png\\" /></p>\n<p>As you can see, you can run the same workloads across different clusters with the same <code>clientAlias</code>and namespace name for high availability. ECS Service Connect will intelligently load balance the traffic to the ECS tasks. To connect to services running in different ECS clusters, you need to specify the same namespace name for all your ECS services that need to talk to each other. ECS Service Connect will make your services discoverable to all other services in the same namespace.</p>\\n<h3><a id=\\"Improving_Service_Resilience_with_Observability_Data_72\\"></a><ins>Improving Service Resilience with Observability Data</ins></h3>\\n<p>You can collect traffic metrics with ECS Service Connect observability capabilities. By default, for each ECS service, you can see the number of healthy and unhealthy endpoints, along with inbound and outbound traffic volume.</p>\n<p>ECS Service Connect supports HTTP/1, HTTP/2, gRPC, and TCP protocols. So, you can collect the number of requests, number of HTTP errors, and average call latency. For gRPC and TCP, you can see the total number of active connections. All of these metrics are pushed to <a href=\\"https://aws.amazon.com/cloudwatch/\\" target=\\"_blank\\">Amazon CloudWatch</a> or other Amazon Web Services analytics services via <a href=\\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html\\" target=\\"_blank\\">custom log routing</a></p>\\n<p>In the <strong>Advanced</strong> menu, you can publish ECS Service Connect Agent logs for help in debugging in case of issues.</p>\\n<p><img src=\\"https://dev-media.amazoncloud.cn/39979bd6359f48958517e066c99e89e8_image.png\\" alt=\\"image.png\\" /></p>\n<p>These metrics are only visible in the original interface of the CloudWatch console. When you use the CloudWatch console, switch to the original interface to see the additional metric dimensions of “discovery name” and “target discovery name” under the ECS grouping.</p>\n<p>The default settings provide you with a starting point for building resilient applications, and you can fine-tune parameters to limit the impact of failures, latency spikes, and network fluctuations on your application behavior using Amazon Web Services Management Console or dedicated ECS APIs.</p>\n<h3><a id=\\"Now_Available_85\\"></a><strong>Now Available</strong></h3>\\n<p>Amazon ECS Service Connect is available in all commercial Regions, except China, where Amazon ECS is available. ECS Service Connect is fully supported in <a href=\\"https://aws.amazon.com/cloudformation/\\" target=\\"_blank\\">Amazon Web Services CloudFormation</a>, <a href=\\"https://aws.amazon.com/cdk/\\" target=\\"_blank\\">Amazon Web Services CDK</a>, <a href=\\"https://aws.amazon.com/containers/copilot/\\" target=\\"_blank\\">Amazon Web Services Copilot</a>, and <a href=\\"https://aws.amazon.com/proton/\\" target=\\"_blank\\">Amazon Web Services Proton</a> for infrastructure provisioning, code deployments, and monitoring of your services. To learn more, see the <a href=\\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html\\" target=\\"_blank\\">Amazon ECS Service Connect Developer Guide</a>.</p>\\n<p>My colleagues, Hemanth AVS, Senior Container Specialist SA, and Satya Vajrapu, Senior DevOps Consultant, prepared a hands-on workshop to demonstrate an example of the ECS Service Connect. Join <strong>CON303 Networking, service mesh, and service discovery with Amazon ECS</strong> when you attend Amazon Web Services re:Invent 2022.</p>\\n<p>Give it a try, and please send feedback to <a href=\\"https://repost.aws/tags/TAefn4YSprR-uCBYmbofOpHw/amazon-elastic-container-service\\" target=\\"_blank\\">Amazon Web Services re:Post for Amazon ECS</a> or through your usual Amazon Web Services support contacts.</p>\\n<p>– <a href=\\"https://twitter.com/\\" target=\\"_blank\\">Channy</a></p>\\n<p><strong>Update November 28, 2022 – in an effort to improve customer experience, we have made a minor edit to the cluster creation via Amazon Web Services CLI section of this post for clarity.</strong></p>\\n<p><img src=\\"https://dev-media.amazoncloud.cn/ae56cd8c16cc4311ba85d25add94b3f5_image.png\\" alt=\\"image.png\\" /></p>\n<h3><a id=\\"Channy_Yunhttpsawsamazoncomblogsawsauthorchannyyun_99\\"></a><strong><a href=\\"https://aws.amazon.com/blogs/aws/author/channy-yun/\\" target=\\"_blank\\">Channy Yun</a></strong></h3>\n<p>Channy Yun is a Principal Developer Advocate for Amazon Web Services, and passionate about helping developers to build modern applications on latest Amazon Web Services services. A pragmatic developer and blogger at heart, he loves community-driven learning and sharing of technology, which has funneled developers to global Amazon Web Services Usergroups. His main topics are open-source, container, storage, network &amp; security, and IoT. Follow him on Twitter at @channyun.</p>\n"}