How Do I Implement Sidecar Patterns in ECS?

Introduction

In this guide, we’ll explore setting up the sidecar pattern on Amazon ECS (Elastic Container Service). The sidecar pattern involves deploying helper containers alongside the primary application container within the same task definition. This approach is commonly used to offload certain tasks, like logging or proxy services, from the main application container.

We’ll create an ECS Task Definition with two containers: a primary application container and a sidecar container for logging.

Detailed Explanation

Key Resources

The implementation involves the following key resources:

• ECS Task Definition: Specifies both the main application and sidecar containers.
• IAM Role: Provides necessary permissions for ECS tasks.
• CloudWatch Log Group: Aggregates logs from the sidecar container.

Step-by-Step Implementation

1. Define the IAM Role:

   • Create an IAM role (ecs_task_execution_role) that ECS tasks can assume. This role allows the ECS service to perform actions on your behalf, such as pulling container images and writing logs to CloudWatch.

2. Attach the IAM Policy:

   • Attach the AmazonECSTaskExecutionRolePolicy to the IAM role. This policy grants permissions to execute ECS tasks.

3. Create a CloudWatch Log Group:

   • Define a log group (ecs_logs) in CloudWatch to collect and store logs generated by the containers.

4. Create the ECS Task Definition:

   • Define a task definition (app_with_sidecar) that includes two containers:
     • The primary application container uses the nginx image and is essential for the task.
     • The sidecar container uses the busybox image to handle logging, executing a simple loop that writes messages to the log.

5. Configure Logging:

   • Both containers are configured to use the awslogs log driver, directing their output to the CloudWatch log group created earlier.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const ecsTaskExecutionRole = new aws.iam.Role("ecs_task_execution_role", {
    name: "ecsTaskExecutionRole",
    assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "ecs-tasks.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
`,
});
const ecsTaskExecutionRolePolicy = new aws.iam.RolePolicyAttachment("ecs_task_execution_role_policy", {
    role: ecsTaskExecutionRole.name,
    policyArn: "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
});
const ecsLogs = new aws.cloudwatch.LogGroup("ecs_logs", {
    name: "/aws/ecs/containerlogs",
    retentionInDays: 7,
});
const appWithSidecar = new aws.ecs.TaskDefinition("app_with_sidecar", {
    family: "example-task-family",
    requiresCompatibilities: ["FARGATE"],
    networkMode: "awsvpc",
    cpu: "256",
    memory: "512",
    executionRoleArn: ecsTaskExecutionRole.arn,
    containerDefinitions: pulumi.interpolate`[
  {
    "name": "app",
    "image": "nginx",
    "essential": true,
    "logConfiguration": {
      "logDriver": "awslogs",
      "options": {
        "awslogs-group": "${ecsLogs.name}",
        "awslogs-region": "us-west-2",
        "awslogs-stream-prefix": "app"
      }
    }
  },
  {
    "name": "sidecar",
    "image": "busybox",
    "essential": false,
    "command": ["sh", "-c", "while true; do echo 'Hello from sidecar' >> /dev/stdout; sleep 5; done"],
    "logConfiguration": {
      "logDriver": "awslogs",
      "options": {
        "awslogs-group": "${ecsLogs.name}",
        "awslogs-region": "us-west-2",
        "awslogs-stream-prefix": "sidecar"
      }
    }
  }
]
`,
});
export const taskDefinitionArn = appWithSidecar.arn;

Conclusion

In this guide, we’ve successfully implemented the sidecar pattern in ECS by defining an ECS Task Definition with both a primary application container and a sidecar container. The sidecar container is responsible for auxiliary tasks such as logging, allowing the main application container to focus on core functionalities. This separation of concerns enhances the manageability and scalability of your ECS tasks.