Skip to main content

ECS

CatalogDiscovery

Summary

ECS is a fully managed container orchestration service that makes it easy for you to deploy, manage, and scale containerized applications. You can use ECS to drive insights into values such as:

  • Service Discovery
  • Deployment, container, and events details

Setup

In order to connect Cortex to your AWS resources, you’ll need to add your AWS Account ID and IAM Role in Settings → AWS.

caution

If you do not see the settings page you're looking for, you likely don't have the proper permissions and need to contact your admin.

  1. Log onto the AWS management console and navigate to IAM
  2. Create a new IAM policy by navigating to Policies | Create Policy.
  3. Switch to the JSON editor and insert the following policy: 
    {
      "Version":"2012-10-17",
      "Statement": [
        {
          "Action": [
            "ecs:Describe*",
            "ecs:List*",
            "rds:Describe*",
            "rds:List*",
            "s3:Describe*",
            "s3:List*",
            "s3:GetBucketLocation",
            "s3:GetBucketTagging"
          ],
          "Effect":"Allow",
          "Resource":"*"
        }
      ]
    }
  4. Click Review Policy, name it whatever you like, then Create Policy.

Cloud

  1. Next, let's create a new role and attach the new policy to it. Navigate to Roles | Create Role.
  2. Select Another AWS account as the trusted entity type.
  3. For Account ID, fill in the Cortex AWS account ID from Settings | AWS.
  4. Click Require External ID and insert the Cortex external ID from Settings | AWS, then click Next: Permissions.
  5. Select your newly created policy, and click Next: Tags, if you'd like to add any, otherwise skip the next page with Next: Review.
  6. Name your role, and click Create Role.
  7. Finally, copy your new role name and AWS account ID into the Cortex AWS settings page.

On-prem

Set AMAZON_ACCESS_KEY_ID and AMAZON_ACCESS_KEY_SECRET environment variables to an account that has the role created above.

Registration

Discovery

Cortex can associate ECS services with existing entities in Cortex using AWS tags.

x-cortex-infra:
  aws:
    tags:
      - key: service
        value: payments
      - key: service
        value: billing

This will automatically link any ECS service with the matching tags.

Entity descriptor

Cortex uses a combination of Service ARN and Cluster ARN to look up catalog entities in your AWS account. You can tie multiple ECS services to a single entity within Cortex.

x-cortex-infra:
  aws:
    ecs:
      - clusterArn: abcd
        serviceArn: efgh
      - clusterArn: stuv
        serviceArn: wxyz

The value for clusterArn and serviceArn are defined in ECS.