Book Image

Amazon Fargate Quick Start Guide

By : Deepak Vohra
Book Image

Amazon Fargate Quick Start Guide

By: Deepak Vohra

Overview of this book

Amazon Fargate is new launch type for the Amazon Elastic Container Service (ECS). ECS is an AWS service for Docker container orchestration. Docker is the de facto containerization framework and has revolutionized packaging and deployment of software. The introduction of Fargate has made the ECS platform serverless. The book takes you through how Amazon Fargate runs ECS services composed of tasks and Docker containers and exposes the containers to the user. Fargate has simplified the ECS platform. We will learn how Fargate creates an Elastic Network Interface (ENI) for each task and how auto scaling can be enabled for ECS tasks. You will also learn about using an IAM policy to download Docker images and send logs to CloudWatch. Finally, by the end of this book, you will have learned about how to use ECS CLI to create an ECS cluster and deploy tasks with Docker Compose.
Table of Contents (14 chapters)
Title Page
Copyright and Credits
Packt Upsell
Contributors
Preface
Index

Chapter 5. Using IAM

Amazon ECS is integrated with, and makes use of, several other AWS services, including Elastic Load Balancing and EC2. ECS makes use of service-linked roles, which are special types of roles associated with a service to provide access to the required AWS services without additional configuration. ECS makes use of the AWSServiceRoleForECS role to access other AWS services for managing EC2 network interfaces, registering/deregistering instances from a load balancer, and registering targets. A root user does not require any additional configuration to be able to use ECS with Fargate.

Problem: An IAM user does not have permission to create or modify ECS resources or invoke the ECS API by default. An IAM user also does not have permissions to use the ECS Console or the AWS CLI.

Solution: An IAM user must be granted permission to create the AWSServiceRoleForECS role. An IAM policy may be created and associated with an IAM user to grant the requisite permissions to use some of...