Effortless service-to-service connectivity: ECS Service Connect

Saqib Mehraj

Challenges of Service-to-Service Communications: 

Upon embracing ECS for running diverse ECS services, a new hurdle emerges. It is in the form of service-to-service communications. Establishing communication channels between services has been a persistent challenge in the complicated domain of microservices. Traditional methods used Load Balancers, service discovery, and AWS App Mesh. This not only took time, but also involved complex technical For example details in service discovery requires additional logic for retries and handling connection failures. DNS caching can lead to delays in updating records, necessitating application-level retry mechanisms, or for internal load balancer  incur additional costs due to resource redundancy across Availability Zones. However, cost overheads can be mitigated by sharing load balancers among multiple services, especially for REST services using path-based routing rules. Moreover, these conventional approaches lacked comprehensive monitoring metrics, thereby complicating the task of obtaining insights into the performance and health of the microservices architecture.

The Evolutionary Leap with ECS Service Connect:

Amidst these challenges, ECS Service Connect is a transformative solution.ECS Service Connect revolutionizes service-to-service communication for containerized applications. Unlike traditional methods, it’s lightweight, user-friendly, and streamlines setup.  Furthermore, ECS Service Connect eliminates the need for manual service discovery by managing namespaces and tasks internally. This significantly reduces DevOps overhead, enhancing overall efficiency and management ease.

 

Interesting Insights into ECS Service Connect

    • The app protocol specification includes specific metrics. This deepens understanding of communication dynamics. If not explicitly defined, it defaults to TCP.
    • Service Connect has a flexible client port configuration. The client port can vary from the container port specified in the task definition. This flexibility is crucial as the port serves as a contract rather than a rigid constraint.
    • The DNS name serves as a friendly and easily recognizable identifier. It simplifies the communication process.
    • A crucial caveat lies in deployment order significance. Services deployed earlier may not discover those deployed subsequently. New services can seamlessly interact with those deployed earlier. 
    • Leverage DNS names during migration for seamless transition without altering existing endpoints. This can prove invaluable in migration scenarios.
    • The downstream technique enhances connectivity. It optimizes the flow of communication between services.
    • Managed Service Mesh Characteristics: Service Connect can be aptly described as a managed service mesh. It offers default configurations for streamlined orchestration.
    • Service Connect maintains a persistent connection to ECS. This makes it easy to detect new services as they are introduced.
    • Resource Scaling for Service Connect involves allocating more CPU and memory resources to it. The performance is optimized with a minimum requirement of 0.25 vCPU and 64 MB.
    • Cloud Map is an endpoint registry. Endpoints are registered here, ensuring high availability and throughput for Service Connect.
    • Service Connect provides cost-free metrics. They offer valuable insights without financial implications.
    • Presently, accessing services across Cloud Map namespaces is not supported. This highlights a current limitation.
    • Service Connect allows namespaces to span across different clusters. It gives flexibility in their placement.
    • Retries on 503 Responses are configured specifically for 503 responses. This enhances the resilience of communication.
    • AWS manages the configurability of retries. This ensures optimal performance in varied scenarios.
    • DNS often encounters 503 responses. Using retries and Envoy strengthens resilience in the face of challenges.
    • Direct DNS records cannot be altered. This ensures stability and security in the communication framework.
    • The utilization of ECS Service Connect incurs no additional cost. This makes it a cost-effective solution for service communication.
    • In instances where no value is set for the parameter, TCP is employed. Notably, Amazon ECS doesn’t introduce protocol-specific telemetry for TCP.


Key Advantages of ECS Service Connect:

  1. ECS Service Connect is lightweight and easy to set up. It simplifies the complexities associated with service communications. Its lightweight nature ensures a seamless setup process. This reduces the burden of manual configurations.

  2. ECS Service Connect has a distinctive feature: it can provide comprehensive insights about DNS metrics. This allows for a deeper understanding of the communication patterns. It also helps identify performance metrics within the microservices architecture.

  3. ECS Service Connect introduces efficient monitoring capabilities. Unlike conventional methods, it lacked robust monitoring metrics. This ensures users have real-time visibility into their containerized applications’ health and performance. It also ensures that users have real-time visibility into the routing health.

  4. ECS Service Connect is simple and efficient. It saves time and resources. Service Connect consumes very little compute. In most cases, it uses only 0.1 to 0.25 vCPU and at most 60 megabytes of memory. It eliminates the need for complex manual configurations. It empowers users to focus on building and enhancing their microservices. They don’t need to manage complex communication setups.


Resilient Functionality of Service Connect:

Service Connect uses the power of Envoy. The managed layer encapsulates the envoy. It operates as a separate container or side container with comprehensive routing details. This dedicated Envoy container has routing protocols. It also has load balancing rules, and functionalities for retries and resilience. All ingress and egress data traverses through this Envoy container, enabling seamless communication. Notably, the envoy container captures and transmits all metrics to CloudWatch.

This sidecar Envoy boasts automatic retry capabilities, ensuring continuous network availability for applications. The configuration for retries is not customizable. This emphasizes the service’s steadfast failure resilience. Service Connect has a feature called connection training. It ensures that every existing connection request is fulfilled. It does this before starting the graceful exit process. This optimizes the service’s overall reliability.


Diagrammatic Representation of Service Connect Network:

Configuration Steps for ECS Service Connect:

To harness the power of ECS Service Connect for a group of related services, follow these key steps:

  1. Port Mappings and Layer 7 Protocol:
    • Add port names to port mappings in task definitions.
    • Identify the layer 7 protocol of the application for additional metrics.

  2. ECS Cluster Configuration:
    • Create an ECS cluster with an AWS Cloud Map namespace or create the namespace separately.
    • Align the ECS cluster name with the namespace name for simplicity. This allows ECS to create a new HTTP namespace with the required configuration.

  3. Service Configuration:
    • Configure services to create ECS Service Connect endpoints within the designated namespace.

  4. Service Deployment:
    • Deploy services to create endpoints. ECS adds an ECS Service Connect proxy container to each task. This simplifies deployment and facilitates the creation of endpoints in AWS Cloud Map.

  5. Client App Deployment:
    • Deploy client applications as services to connect to the created endpoints.
    • ECS connects applications to ECS Service Connect endpoints through the ECS Service Connect proxy in each task.

  6. Proxy Usage:
    • Applications use the proxy to connect to ECS Service Connect endpoints. This requires no additional configuration.
    • The proxy performs round-robin load balancing, outlier detection, and retries.

  7. Monitoring:
    • Monitor traffic through the ECS Service Connect proxy. Use Amazon CloudWatch for comprehensive insights.


Considerations and Compatibility for ECS Service Connect:

  • Windows containers are not supported with ECS Service Connect.
  • Fargate tasks must use version 1.4.0 or higher of the Fargate Linux platform.
  • The ECS agent version on the container instance must be 1.67.2 or higher.
  • Container instances must run specific versions of the Amazon ECS-optimized Amazon Linux AMI. This is necessary to support ECS Service Connect.

Best Practices for ECS Service Connect:

  • ECS Service Connect recommends fine-grained task definitions, execution roles, and security groups.
  • Deployment should utilize rolling deployments. Blue/green and external deployment types aren’t supported.
  • Task definitions must set task memory limits for ECS Service Connect usage.

Getting Started with Amazon ECS Service Connect:

To initiate ECS Service Connect:

  1. Specify a namespace when creating an ECS cluster or create one in Cloud Map.
  2. A namespace represents a way to structure your services. It can span across multiple ECS clusters located in different VPCs. All ECS services that belong to a specific namespace can communicate with existing services in the namespaces. This is possible, provided that there is existing network-level connectivity.
  3. Create a new Amazon ECS task definition, or register a new revision to an existing task definition and use Service Connect.
  4. Create a new Amazon ECS service that uses Service Connect.

Creating a Service with ECS Service Connect:

Using AWS CLI, create a service “webui” with ECS Service Connect enabled:

bash

To create a service on AWS ECS:

$ aws ecs create-service \
–cluster “test-cluster” \
–service-name “testapp” \
–desired-count 1 \
–task-definition “testapp-svc-cluster” \
–service-connect-configuration ‘{
  “enabled”: true,
  “namespace”: “svc-namespace”,
  “services”:
   [
      {
         “portName”: “testapp-port”,
         “clientAliases”: [
           {
              “port”: 80,
              “dnsName”: “testapp”
            }
          ]
      }
    ]
}’

“portName” references the container port. “clientAliases” assigns the port number and DNS name. The ECS console displays the ECS Service Connect configuration for the “webui” service in the “test-cluster” cluster above.

Improving Service Resilience with Observability Data:

ECS Service Connect doesn’t just facilitate seamless service communication. It also empowers you with robust observability. Leverage ECS Service Connect to effortlessly collect a comprehensive set of traffic metrics. Gain deep insights into your microservices architecture traffic patterns. The observability capabilities cover various critical metrics. They provide a holistic view of your system’s health and performance.

Here’s a breakdown of the key metrics you can monitor:

  1. Gain visibility into the number of healthy endpoints. Also, see the number of unhealthy endpoints.
  2. Understand the volume of traffic entering and leaving your ECS services. This aids in network optimization.
  3. Use Request Metrics to track the number of requests made to your services. It helps you gauge the overall demand and workload on your microservices.
  4. Monitor the occurrence of HTTP errors. This enables quick identification and resolution of potential issues impacting your services.
  5. The average call latency measures the average time it takes for calls to be processed. It ensures optimal performance and responsiveness.
  6. For gRPC and TCP-based services, keep tabs on active connections. This helps manage resource allocation effectively.

These valuable metrics are seamlessly integrated into the ECS Service Connect ecosystem. The data is automatically pushed to Amazon CloudWatch. CloudWatch serves as a centralized hub for monitoring and managing AWS resources. It provides real-time insights into your ECS services.


Conclusion: Navigating Microservices with ECS Service Connect

ECS Service Connect emerges as a key player. It streamlines service-to-service communication within the AWS ECS environment. By adopting best practices, one can address infrastructure challenges with the power of ECS. They can also pave the way for modernization and improved performance.


It simplifies service-to-service communication. It also aligns with the evolving needs of microservices development. Organizations are moving ahead into a future dominated by microservices. ECS Service Connect is a great tool for unlocking the true potential of service connectivity. Businesses can survive in a landscape where effortless connectivity is the key to success. They can do this by staying informed, adapting to emerging trends, and embracing innovative solutions.

About Author

Saqib specializes in delivering complex cloud solutions, with a focus on modernization and security. With expertise in AWS, Terraform, Kubernetes, CI/CD pipelines, and microservices architecture, Saqib helps customers to excel by implementing solutions which are secure and efficient.

Take your company to the next level with our DevOps and Cloud solutions

We are just a click away

Related Post

ELG Setup Blog

Introduction: In today’s fast-paced digital landscape, efficient log management and analysis are crucial for businesses to maintain operational efficiency, security, and troubleshooting capabilities. The ELG

Read More »