This page will show you how to create API models when your service runs in Amazon Elastic Container Service (ECS) on a Linux cluster you have created.
ECS does not support attaching one container directly to another's network stack. We recommend attaching Akita to the host network instead. This requires few changes to deploy, and it can be run alongside your existing ECS containers. The configuration we describe will end up looking like the following diagram, and ensure only one Akita CLI instance is running per host.
An alternative is to run the Akita CLI inside each container you create; see the Docker/ECS instructions.
This configuration will not work with ECS on Fargate, because containers running on Fargate cannot access the host network. See these instructions instead.
The following Docker-Compose file defines an Akita agent that captures on a continuous basis. You should fill in your own Akita credentials, and the workspace name you have created in the Akita web console.
version: '3' services: akita: image: public.ecr.aws/akitasoftware/akita-cli:latest environment: - AKITA_API_KEY_ID=apk_XXXXXXXXXX - AKITA_API_KEY_SECRET=XXXXXXXXXX entrypoint: /akita apidump --service my-workspace-name
For production use, you may wish to capture the logs by adding a
logging section in the definition. The example configuration above uses our public ECR repository, to avoid rate-limiting problems pulling from Dockerhub.
You may also want to replace
akita-cli:latest with a specific version of the CLI, to make upgrades deterministic.
ECS-specific settings go into a separate file (by default called
ecs-params.yaml). The ones necessary for Akita are:
version: 1 task_definition: ecs_network_mode: host run_params: task_placement: constraints: - type: distinctInstance
These settings cause the Akita agent to capture all traffic on the host, and ensure that only one Akita container is run per host.
Once these configuration files are in place, start monitoring using the following ECS CLI command:
$ ecs-cli compose -p akita-capture -f akita-compose.yaml --ecs-params akita-params.yaml service up --cluster-config <mycluster>
This creates a new project named
akita-capture and configures a service based on the previous two YAML files. The service is initialized with a desired container count of 1.
You can verify that the container has started with
ecs-cli ps, or view its log output if you configured a
logging section in the UI. In the Akita web console, you should be able to see a new trace in the
Traces tab, or list them with the akita get trace CLI command. You can then wait for an automatically created model to appear.
Once you have verified that traffic is successfully being captured, you can scale up to more capture agents using
$ ecs-cli compose -p akita-capture service scale NNN
If you capture from many different hosts, you may want to lower the
--rate-limit flag to the Akita container's command, to limit the amount of upstream traffic that Akita sends. See apidump for more information.
Updated 29 days ago