{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecs:*",
"ecr:*",
"iam:PassRole",
"ec2:*",
"elasticloadbalancing:*"
],
"Resource": "*"
}
]
}# Descargar el instalador
curl -o amazon-ecs-cli.exe https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-windows-amd64-latest.exe
# Mover al PATH
move amazon-ecs-cli.exe C:\Windows\System32\# Descargar el binario
sudo curl -Lo /usr/local/bin/ecs-cli https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-$(uname -s | tr '[:upper:]' '[:lower:]')-amd64-latest
# Dar permisos de ejecución
sudo chmod +x /usr/local/bin/ecs-cli
# Verificar instalación
ecs-cli --version# Configurar credenciales
ecs-cli configure profile --profile-name mi-perfil \
--access-key AWS_ACCESS_KEY_ID \
--secret-key AWS_SECRET_ACCESS_KEY
# Configurar cluster
ecs-cli configure --cluster mi-cluster \
--default-launch-type EC2 \
--region us-east-1 \
--config-name mi-configuracion# Crear cluster con EC2
ecs-cli up --capability-iam --size 2 \
--instance-type t2.micro \
--cluster-config mi-configuracion \
--ecs-profile mi-perfil
# Para Fargate
ecs-cli up --launch-type FARGATE \
--cluster-config mi-configuracion \
--ecs-profile mi-perfil# Listar clusters
ecs-cli ps --cluster-config mi-configuracion
# Verificar estado de las instancias
ecs-cli ps --cluster-config mi-configuracion --desired-status RUNNING
# Escalar cluster
ecs-cli scale --capability-iam --size 3 \
--cluster-config mi-configuracion# Crear servicio
ecs-cli compose --project-name mi-proyecto service up \
--cluster-config mi-configuracion \
--ecs-profile mi-perfil
# Actualizar servicio
ecs-cli compose --project-name mi-proyecto service up \
--force-deployment
# Eliminar servicio
ecs-cli compose --project-name mi-proyecto service downversion: '3'
services:
web:
image: nginx:latest
ports:
- "80:80"
logging:
driver: awslogs
options:
awslogs-group: mi-grupo-logs
awslogs-region: us-east-1
awslogs-stream-prefix: web
api:
image: node:14
ports:
- "3000:3000"
environment:
- NODE_ENV=productionversion: 1
task_definition:
task_execution_role: ecsTaskExecutionRole
ecs_network_mode: awsvpc
task_size:
mem_limit: 0.5GB
cpu_limit: 256
run_params:
network_configuration:
awsvpc_configuration:
subnets:
- subnet-xxxxxxxx
- subnet-yyyyyyyy
security_groups:
- sg-xxxxxxxx
assign_public_ip: ENABLED# Crear y ejecutar task
ecs-cli compose --project-name mi-proyecto \
--file docker-compose.yml \
--ecs-params ecs-params.yml \
service up \
--deployment-max-percent 200 \
--deployment-min-healthy-percent 100
# Verificar estado
ecs-cli compose --project-name mi-proyecto service ps# Crear servicio con load balancer
ecs-cli compose --project-name mi-proyecto \
service up \
--target-group-arn arn:aws:elasticloadbalancing:region:account:targetgroup/target-group-name/xxx \
--container-name web \
--container-port 80# Ver eventos del cluster
ecs-cli logs --container-name web \
--task-id task-id \
--follow
# Verificar estado de tareas
ecs-cli ps --cluster-config mi-configuracion# CloudWatch Logs en docker-compose.yml
logging:
driver: awslogs
options:
awslogs-group: /ecs/mi-aplicacion
awslogs-region: us-east-1
awslogs-stream-prefix: ecsmi-proyecto/
├── docker-compose.yml
├── ecs-params.yml
├── .env
└── config/
├── prod/
│ ├── docker-compose.prod.yml
│ └── ecs-params.prod.yml
└── dev/
├── docker-compose.dev.yml
└── ecs-params.dev.yml#!/bin/bash
# deploy.sh
ENVIRONMENT=$1
ecs-cli compose \
--project-name mi-proyecto \
--file docker-compose.yml \
--file config/$ENVIRONMENT/docker-compose.$ENVIRONMENT.yml \
--ecs-params config/$ENVIRONMENT/ecs-params.$ENVIRONMENT.yml \
service up \
--cluster-config mi-configuracion \
--ecs-profile mi-perfil# Verificar conectividad
ecs-cli check-attributes
# Diagnosticar problemas de red
ecs-cli compose --project-name mi-proyecto service ps
# Verificar logs
ecs-cli logs --container-name web --task-id TASK_ID# Ajustar en ecs-params.yml
task_definition:
task_size:
mem_limit: 1GB
cpu_limit: 512# Verificar security groups
aws ec2 describe-security-groups --group-ids sg-xxxxxxxx
# Verificar subnets
aws ec2 describe-subnets --subnet-ids subnet-xxxxxxxx# Listar tareas
ecs-cli ps --cluster-config mi-configuracion
# Ejecutar comando en contenedor
ecs-cli execute --cluster-config mi-configuracion \
--task-id TASK_ID \
--container web \
--command "/bin/bash"
# Limpiar recursos
ecs-cli down --force# Usar AWS Secrets Manager
aws secretsmanager create-secret \
--name mi-secreto \
--secret-string '{"username":"user","password":"pass"}'{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"secretsmanager:GetSecretValue"
],
"Resource": "arn:aws:secretsmanager:region:account:secret:mi-secreto-*"
}
]
}Esta guía proporciona una base sólida para trabajar con ECS CLI. Recuerda mantener actualizadas las herramientas y seguir las mejores prácticas de seguridad de AWS.