Now that you have successfully created an ECS service, let's examine how ECS manages new deployments of container applications. It is important to understand that ECS task definitions are immutable—that is, you cannot modify a task definition once it has been created, and instead you need to either create a completely new task definition or create a revision of your current task definition, which you can think of as a new version of a given task definition.
ECS defines the logical name of an ECS task definition as the family, and a given revision of an ECS task definition is expressed in the form family:revision—for example, my-task-definition:3 refers to revision 3 from the my-task-definition family.
This means that in order to deploy a new version of a container application, you need to perform a couple of steps:
- Create a new revision of your ECS task definition with configuration settings that have been changed for the new version of your application. This often will just be the image tag associated with the Docker images you build for your applications, however any configuration change, such as a change in allocated memory or CPU resource, will result in a new revision of your ECS task definition being created.
- Update your ECS service to use the new revision of the ECS task definition. Whenever you update an ECS service in this manner, ECS will automatically perform a rolling update of your application, attempting to gracefully replace each running container that comprises your ECS service with new containers based on the new ECS task definition revision.
To demonstrate this behavior, let's now modify the ECS task definition you created earlier in this chapter and update the ECS service by performing the following steps:
- In the ECS console, select Task Definitions from the left and click on the simple-web task definition you created earlier.
- Notice that a single revision of the task definition currently exists—the revision number is denoted after the colon following the task definition name. For example, simple-web:1 refers to revision 1 of a simple-web task definition. Select the current task definition revision, and then click Create new revision to create a new revision based on the existing task definition revision.
- The Create new revision of Task Definition screen is displayed, which is very similar to the Create new Task Definition screen you configured earlier. Scroll down to the Container Definitions section and click on the Nginx container to modify the Nginx container definition.
- The change we will make to the task definition is to modify the port mapping from the current static host mapping of port 80 to a dynamic port mapping on the host. This can be achieved by simply leaving the host port setting empty, in which case the Docker Engine will assign a dynamic port from the ephemeral port range on underlying ECS container instances. For the Amazon Linux AMI we are using, this port range is between 32768 and 60999. The benefit of dynamic port mapping is that we can run multiple instances of our container on the same host—if the static port mapping was in place, only one container could be launched, as subsequent containers would attempt to bind to the already-in-use port 80. Once you have completed the configuration change, click on the Update button to continue.
- Click the Create button at the bottom of the Create new revision of Task Definition screen to complete creation of the new revision.
At this point, a new revision (revision 2) has been created from your ECS task definition. Now you need to update your ECS service to use the new task definition revision by completing the following steps:
- In the ECS console, select Clusters from the left and select your test-cluster. On the Services tab, select the checkbox next to your ECS service and click the Update button.
- In the Task Definition drop-down on the Configure service screen, you should be able to select the new revision (simple-web:2) of the task definition you just created. Once complete, keep on clicking the Next step button until you reach the Review screen, at which point you can click the Update Service button to complete your configuration changes:
- Similar to what you saw previously when you created your ECS service, the Launch Status screen will be displayed. If you click on the View Service button, you will be taken to the ECS service details screen, and if you select the Deployments tab, you should see the new version of your task definition being deployed:
Notice that there are two deployments—the ACTIVE deployment shows the existing ECS service deployment, and indicates there is currently a single running container. The PRIMARY deployment shows the new ECS service deployment based on the new revision, and indicates a desired count of 1 but notice the running count is not yet 1.
If you periodically refresh the deploy status, you will be able to observe the various state changes as the new task definition revision is deployed:
- The PRIMARY deployment should indicate a pending count of 1, meaning the new version of the container is about to start.
- The PRIMARY deployment will next transition to a running count of 1, meaning the new version of the container is running alongside the existing container:
- At this point, the existing container can now be stopped, so you should see the ACTIVE deployment running count drop to zero:
- The ACTIVE deployment disappears from the Deployments tab and the rolling deployment is complete:
At this point, we have successfully performed a rolling update of an ECS service, and it is worthwhile to point out that the new dynamic port-mapping configuration means that your Nginx web server is no longer listening on port 80 to the outside world, and instead is listening on a port dynamically chosen by the ECS container instance.
You can verify this by attempting to browse to your Nginx web server public IP address—this should result in a connection failure as the web server is no longer operational on port 80. If you select the Tasks tab for the simple-web ECS service, you can click on the task to find out which port our web server is now listening on.
After expanding the Nginx container which is shown as follows, you can see that in this case port 32775 on the ECS container instance host is mapped to port 80 on the Nginx container, which you won't be able to reach from the Internet, given the security group assigned to the ECS container instance only permits inbound access on port 80.
