 Okay, so can we make this full screen? Okay, uh, sorry 15 minutes, right? Hello everybody. My name is Kai Hendry. I'm co-organizing this music group. So just so you know, I am an AWS fanboy and I also can be wrong and I'm also pretty opinionated and the things I'm talking about are kind of disguised to wild you so that we can maybe have a good question time or you can punch me in the face or something. But yeah, I've got some things to bitch about. So this talk is about ECS. Who's familiar with ECS? It means something, something, something. It's basically running Docker images. Do we know what Docker images are? It's basically the shitty version of AMIs just so you know. AMIs block little Docker images are just, I don't know what they are, layers of bullshit. But, but here's a tip for you, use AMIs. But if you have to use a Docker image, you probably want to use something like ECS. So, oh, the whole one step thing came as a nod to Joel on software. He's a, I don't know, this blog post is like from 2000. I think, I think there's more contemporary guides now like the 12 factor app. But I like the Joel test. Who's familiar with Joel on software? The Stack Overflow guy. It's just a couple of you. Jesus Christ, how do you get stuff done without Stack Overflow? Okay, now I am, something I wrote a while back. But it doesn't actually account for everything. Like, I don't think I account for AMIs. But I guess when you're, when you're hosting a service or something, you probably started off doing it manually. Then you might have got smarter and sort of using Chef or Puppet. And then you might even got smarter still and started using something like Dockoo or Heroku. And then maybe the next phase was maybe doing something like, I guess AMIs and stuff would fall under four or just doing it yourself with Dockoo. And then I see the next step is using something like ECS. And then the ultimate come serverless. But I'm kind of, I'm kind of interested to hear where you guys are. Who's, who's playing pets with their services? I mean, we've all been there. No one. Okay, one or a couple. I mean, I guess most people are in the configuration management thing, perhaps. You guys log into your, your AMIs and fiddle around with shit like you're not supposed to do. Well, anyway, you, it's okay to, to, to evolve. You have to start manual, otherwise you can't see the benefit of probably hitting serverless. But I, anyway, let me just talk about why Dockoo sucks. Fuck it sucks. Like how do you, how do you inspect images of five years? There's, there's other things I just hate about Dockoo images. Like if you use like a base image or something else, like Ubuntu or something or something less reputable, shall we say, the whole thing can change underneath you and break your, your image, which I've always, I just hated. And I had this one instance when my whole environment went down because one of the, the guys, the images that I was using changed his port. Anyway, there's just so many of these little problems I've had with Dockoo that I, I'm not going to cry. I'm going to cry. Don't cry. Don't in front of these strangers. No. I mean, who's had problems with Dockoo? I mean, I can't be the only idiot. Okay, it's not, it's not as easy as people make it out, out say. But I think the fundamental, the fundamental problem with Dockoo is, is something that it allows people to basically bringing complexity into their architecture. Oh, I can bring in this MariaDB image. Oh, I can bring in this Mongo image, or I can bring in this other image. It's, it's a fantastic way of fucking up things, basically. That is why, well, that's probably where the reason why people like to use Dockoo is that it allows you to bring dependencies. But bringing dependencies is a bad thing in my book. It's bad. It's bad. So why, why do you need to use Dockoo? You probably have a legacy app that doesn't have a clean interface. So you can't map it to serverless very well. You, you might, yeah, same point again, really, it doesn't really have a restful interface. The app might just take forever to start up. Or, I think like Rails, ModPoil. Actually, the solution that I've done here is for a company called Unity. We're using ECS. It works pretty well. But there's some applications. I'm sure you have many of them where you can't run, you can't port that, that, you can't run that, that software in, in serverless. So you have to use something like this, sadly. And I encourage you to think about how you can migrate your app from being bullshit to being cool like serverless. So from being, from, to being stateless and, and being fast and basically doing just what it needs to do to get the job done. But of course, there's some things at the very end I mentioned that you have to, like, you know, sometimes you need to keep sockets open. You can't do that on, on Lambda. You know, there's, there's various limits, like not opening a socket or something. So, so how do you deploy Docker images on AWS? Has anyone done it? Out of interest? A couple. Okay. You probably have to do it one day. So there's a couple of ways of doing it. The DIY method I, like Docker, Ryan or something like that, which works, I guess, but it has a whole host of problems, like, like, how do you update it and, or manage it when you have several images, several instances and things like that. There's ECS, which I'm talking about now, I think, Elastic Container Service. And then these new services that are in beta, I believe, or preview. What's the difference between beta and preview? But the, but the, there's, there's a couple of new services coming along, like Amazon support for Kubernetes, which I'm not a fan of, because the last time I looked at Kubernetes, it was, it was terribly complex. So I really can't say I'm the expert of Kubernetes, but I think it's over-engineered crap. And I wouldn't want to use it because I spent so much time using ECS now that I'm not going to, I'm not going to let go, I'm not going to let go of ECS. But, but in all honesty, it might, so might solve the problem. And then Amazon Fargate is allegedly going to solve the problem, make it less, less complex. Because there aren't, to be honest, a lot of pitfalls with ECS. But if you follow my advice, you should avoid most of the stuff. So just a brief overview of ECS. You have a cluster that sounds like, I always think clusters sound like huge star constellations, and they're really complicated. They're just a name for a grouping of EC2 instances. Similarly, a service is just a way of grouping tasks that map onto a load balancer. And a task is basically what you docker run. I think that's the easiest way. That's my mental model. Hopefully it's not incorrect, because then I'll be screwed. It seems to work to suffer a lot. So it's not as complicated as it sounds. But when you look at Amazon documentation, it sucks, I'm going to say. How much time have I got? So I must admit cloud formation is a pain. Who's done stuff in cloud formation? I want to shake your hand. How do you manage it? I find it quite difficult. So it's one of those services. I dare say cloud front is in the same category. It's easier for me to set up a cloud front distribution, just tapping away in the console. The minute I have to do it in a terraform or something else, I find it actually more complicated or painful to do it. But perhaps I haven't invested enough time in terraform or cloud formation for that matter. So I dare say ECS is one of those things where you actually kind of rely on the console to make your life a little bit easier. And I don't think everyone is like Paul. Paul has to build out 50 fricking environments for a demo. What? Copyface, whatever. But what I'm trying to say is the console, if you do things in the console, don't feel like a schmuck, because you probably only have to do it once or twice, and that's okay for most people. I mean, once you build an ECS cluster once or twice, it's like we have a staging demo or production environment. Hopefully, you don't have to do it. You don't have to create an environment every day. So I sometimes think, is it worth investing all this time getting into cloud formation when you're only going to have three clusters or accounts or whatever you structure it? So that's the way I'm defending myself of staying in the graphical environment. Who's with me in the console? Console power. But of course, you can't fricking drive the console to do things like deployments and builds and all the rest of stuff. You have to break into this black world of the console eventually. And this is why you need to use something like ECS CLI. And ECS CLI basically churns a Docker compose file. Who's familiar with Docker compose? It's just basic stuff, really. I mean, you can probably figure it out. You have the image there. You can specify things like all the environment variables. The important thing here is to specify with my beer. It's a specify like use cloud watch. Cloud watch is like a great thing to use with ECS. And also there's parameters to change the memory limit. Actually, memory limit stuff is very, very important with ECS. It caught me out a few times. So depending on the instance you use, you want to tweak the way the memory is used with your images. So that's ECS CLI. Lots of text to help you automate things. Furthermore, ECS CLI doesn't do everything. Sooner or later, you're going to have to whip out your Bash shell script. Who's with me? Bash. Bash forever. Fastest language known to man. I love Bash. It's underrated. ZSH? No, it's for losers. Rises. Bloatware. Don't use ZSH. But Bash is like a million lines of code too. So there is a script here deployed at SH. It's just text. It's just shell. Meaning to maintain different accounts actually. I don't know about you, but I prefer to use accounts. I don't have like several clusters in one account. I separate everything in different accounts. I think that's the best way to isolate things. Who's using accounts? That's the white way. Isn't it, Gabe? Oh, shit. Next. My script checks that the credentials are set up. I think I use like AW CLI something. Just look at the script. And importantly, I substitute a million environment variables into the config. And then basically ECS CLI triggers ECS to take that new config and roll it out as a task. And this is especially... So who uses Travis or some other CI like Travis? Basically, I think... I mean, it took a while. I must say it wasn't an overnight success. But basically, the project gets built. And depending if it's like on the master branch or... No. Depending if it's tagged, then it gets deployed to production. And the demo environment, if it's not tagged, it's deployed to the staging thing. So basically, from a Git push, I'm deploying straight to staging, which I think is bloody marvelous for a Docker-based project. I don't know. I always find it in several steps. And so I'm pretty proud of this all works. And I can prove it to you somehow if we look at the build logs. The whole thing, unlike serverless, which takes a few seconds to deploy, on this, it only takes six minutes and 40 seconds. Whoo! That's good, isn't it? Have you... I think Kubernetes is slower than that. Give me some credit. Start clapping. That's amazing. I don't know if that's good. Anyway, it is bloody amazing to do something in one step to build and deploy. I think, I mean, it's just every what do you call it, development thing should be done in one step. Otherwise, your developers are going to be sad. But there are little issues. Little issues like I can't really roll back very easily. That's a bit painful. Okay. If you want to stop your phone from ringing. Okay. I don't know if you noticed here in the images. I mean, does anyone figured out how to roll back easily? Like, does people use... Do you guys use Docker tags? Because I don't. I find it too painful. Anyway, you could maybe use Docker tags to do that, but then other bits of the environment might not change. So rolling back is a bit tricky, especially since my images are layered. Oh, God. Don't try not to failure images. I really enjoy CloudWatch logs. Who's with me? CloudWatch logs forever. CloudWatch logs is such a killer feature with Amazon. Just being able to search for stuff and find out things. I haven't even started talking about the metrics yet. No. Exactly. And the cool thing about if you start pushing out JSON, you can do JSON queries, which blows my mind. Oh, shit. I'm almost finished. This is my last slide. I guess Terraform, I don't really know, does checks on your environment to make sure it's correct? Like, for example, one thing about the Unity project that I work on is that the cookie needs to be a sticky bit for the load balancer, because just the way bugzilla works. So basically, I wrote these shell scripts to check, to basically go through my clusters and check that the stickiness is enabled. You get my flow. Can you do this with Terraform? Like, check your load balancer has a particular setting. Okay, you can. Okay. I ended up just using AWS CLI because I found it easier. And what is the last thing? There's a blog on Unity all about my trials and tribulations with ECS. I highly recommend you read it. It's linked from my slides, which will be on this video. Hello, people on YouTube. And last but not least, the Canary metrics when you roll out ECS are HTTP code, 5XX. Basically, this will tell you if your Docker image is not building requests from the load balancer. If it's not building requests, you'll get like a 500 and you should plot that with CloudWatch metrics. And in fact, I forgot to monitor target response time is another important thing. Oh, shit, what is this? I don't know. Sorry, I should... But anyway, I think CloudWatch is amazing. You can do things like see... Oh gosh, this video. You can see the requests. Each request takes to run from start to finish. You can see if these 500 errors, you can see what the memory is, usages and all that stuff, all in one place. And furthermore, I'm looking forward to plotting Aurora query, putting in database query times in there too. That's the next level. But anyway, I think what... If you have to run a Docker image, I think there's no better solution than ECS, I dare say. I'm looking for alternatives. No, I'm not. This ECS is working pretty well. And one step deployment I'm also pretty proud of. I haven't seen a better solution. It'd be great to see what Fargate comes up with. But if you need to run Docker image, I present you this solution. And if you have any questions, I'm happy to field requests. That's it, guys. So does anyone run ECS?