Docker Releases Plugin for Simplified Deployments into AWS ECS and Fargate


Docker has announced the public beta of their enhanced integration of Docker with AWS Elastic Container Service and AWS Fargate. The release of the ECS plugin allows for developers to work within the Docker experience to create the necessary infrastructure to operate within AWS.

The current beta user experience requires the use of the ecs syntax in Docker commands as the plugin is being leveraged directly in the short term. For example, executing docker ecs compose up will create the application and all resources needed within AWS as described within the compose.yaml file. This removes the need to separately create the AWS ECS resources that are not part of the Compose specification such as VPCs, ECS clusters, and ECS task definitions.

The ECS Docker plugin requires an AWS profile to be set up to select the necessary AWS API credentials from. Once created, the AWS profile and region are stored within the Docker context. This can be initiated via the docker ecs setup command.

The plugin will parse the compose.yaml file and convert it into the appropriate CloudFormation template. This template is then used to create the application resources in the prescribed order. Resources can be cleaned up via the down command or will be automatically cleaned up in the event of a deployment failure.

The ECS integration executes a four step process. The Load phase relies on compose-go to load and parse the compose.yaml file. In the Validate phase, ECS defaults are injected into the compose-go model and the compose.yaml file is validated to ensure it does not include unsupported features. The Convert phase produces a CloudFormation template that defines all the application resources needed to implement the application model on AWS. Finally, the Apply phase does the apply of the CloudFormation template, either by exporting to a stack file or to deploy on AWS.

The Compose services are mapped to ECS services during this process. Since Compose doesn't support multi-container services, such as Kubernetes pods or sidecars, a custom Compose extension (i.e. x-aws-*) is used to expose ECS features as a service-level feature.

The network abstraction is mapped from the Compose model into AWS security groups. The application is created within a single VPC with security groups being created per Compose network, including the implicit default one. Services are then attached according to how the networks are declared in the Compose model. This enables services attached to a common security group to communicate with each other.

A Cloud Map private namespace is also created for each application as {project}.local. AWS Cloud Map is a resource discovery service. It allows for the registration of any application resources with custom names. Cloud Map will then check the health of registered resources to ensure their location is up-to-date.

The GA release is expected later this year and will move the plugin into being part of Docker Contexts. Docker Contexts provide a way for a single CLI instance to have multiple contexts. Each context contains all the necessary endpoints and security information required to manage the cluster or node. For example, there could be a developer context and a production context on the same laptop. The command docker context use <context-name> can be used to switch between contexts.

To get started, a Docker ID is needed along with Docker Desktop Edge version 2.3.3.0. There is a demo application available within the GitHub repo. Docker is also looking for feature requests to be submitted to the roadmap.