AWS FIS able to restrict fargate targets to separate regular ECS from Fargate Batch Jobs?

0

Hi all!

With regards to AWS Fault Injection Simulator when working with ecs:stop-task or ecs:drain-containers actions, is there a way for the target to distinguish:

  • Batch job oriented fargate tasks/ecs clusters
  • Non-Batch (normal) fargate tasks/ecs clusters

Thanks!

已提問 2 年前檢視次數 363 次
2 個答案
0
已接受的答案

Hello,

Warm Greetings !

When working with Fault Injection Simulator, there are following ways to identity the target resources and you can choose anyone depending on the one which best full-fills your use-case:

  1. Resources IDs: When configuring the target for resource type such as “aws:ecs:cluster”, you can select the target cluster using the “Resource IDs” dropdown which will show you all the existing clusters in that region. This allows you to selectively choose specific clusters as targets for your use-case.

  2. Resource Tags: Adding different tags to different resources can also be used to determine the target. So, adding same tags to similar cluster or tasks can help you to easily select multiple similar target at once when configuring target within FIS.

  3. Resource filters: This method allows you to use specific attribute of a resource to select your target. For example, in case we are talking about “aws:ecs:cluster”, so DescribeClusters [1] is the API call which can be used to get the details of a particular cluster. In your case if you call this API for your two different clusters and if there is a certain attribute which is different for these two types of cluster, then you can use that attribute to construct a “Resource filter” and select your targets.

For more details & examples around the above mentioned ways to Identify target resources, please refer the documentation link [2].

Additionally, I just wanted to share an additional details as you mentioned Fargate i.e. currently FIS supports container services as targets the ones with the EC2 Launch Type only [3]. You might receive an error such as "Unable to drain all container instances. The following targeted clusters do not contain ECS container instances: [clsuter-name] " if you target a ECS cluster Fargate resource.


== References ==

[1] https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DescribeClusters.html

[2] https://docs.aws.amazon.com/fis/latest/userguide/targets.html#target-identification

[3] https://docs.aws.amazon.com/fis/latest/userguide/fis-actions-reference.html#ecs-actions-reference

AWS
支援工程師
已回答 2 年前
  • Thanks, I can see how those options could make it work, but requires significant pre-setup by teams to get assets tagged the way desired....which at scale (say, 20 application ecs clusters and 5 batch job ecs clusters) was hoping for a more explicit and reusable way so that -other teams- could leverage such a solution other than bespoke tagging.

  • Additional potential - are there filters for subnets, such that if batch job ecs clusters (or tasks for the stop-task version) were in different array/list of subnets.

0

Gurjot_S: "I just wanted to share an additional details as you mentioned Fargate i.e. currently FIS supports container services as targets the ones with the EC2 Launch Type only [3]. You might receive an error such as "Unable to drain all container instances. The following targeted clusters do not contain ECS container instances: [clsuter-name] " if you target a ECS cluster Fargate resource.

-- thanks...that's kind of a big deal considering 100% of at least my ECS workload is Fargate

已回答 2 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南