ECS
Summary
ECS is a fully managed container orchestration service that makes it easy for you to deploy, manage, and scale containerized applications. You can use ECS to drive insights into values such as:
- Service Discovery
- Deployment, container, and events details
Setup
In order to connect Cortex to your AWS resources, you’ll need to add your AWS Account ID and IAM Role in Settings → AWS.
If you do not see the Settings page you're looking for in the sidebar, you likely don't have the proper permissions and need to contact your admin.
- Log onto the AWS management console and navigate to IAM
- Create a new IAM policy by navigating to Policies | Create Policy.
- Switch to the JSON editor and insert the following policy:
{ "Version":"2012-10-17", "Statement": [ { "Action": [ "ecs:Describe*", "ecs:List*", "rds:Describe*", "rds:List*", "s3:Describe*", "s3:List*", "s3:GetBucketLocation", "s3:GetBucketTagging" ], "Effect":"Allow", "Resource":"*" } ] }
- Click Review Policy, name it whatever you like, then Create Policy.
Cloud
- Next, let's create a new role and attach the new policy to it. Navigate to Roles | Create Role.
- Select Another AWS account as the trusted entity type.
- For Account ID, fill in the Cortex AWS account ID from Settings | AWS.
- Click Require External ID and insert the Cortex external ID from Settings | AWS, then click Next: Permissions.
- Select your newly created policy, and click Next: Tags, if you'd like to add any, otherwise skip the next page with Next: Review.
- Name your role, and click Create Role.
- Finally, copy your new role name and AWS account ID into the Cortex AWS settings page.
On-Prem
Set AMAZON_ACCESS_KEY_ID
and AMAZON_ACCESS_KEY_SECRET
environment variables to an account that has the role created above.
Registration
Catalog Descriptor
Cortex uses a combination of Service ARN and Cluster ARN to look up catalog entities in your AWS account. You can tie multiple ECS services to a single entity within Cortex.
x-cortex-infra:
aws:
ecs:
- clusterArn: abcd
serviceArn: efgh
- clusterArn: stuv
serviceArn: wxyz
The value for clusterArn
and serviceArn
are defined in ECS.