Guide: AWS ECS

This page will show you how to create API models when your service runs in Amazon Elastic Container Service (ECS) on a Linux cluster you have created.

ECS does not support attaching one container directly to another's network stack. We recommend attaching Akita to the host network instead. This requires few changes to deploy, and it can be run alongside your existing ECS containers. The configuration we describe will end up looking like the following diagram, and ensure only one Akita CLI instance is running per host.

715715

An alternative is to run the Akita CLI inside each container you create; see the Docker/ECS instructions.

❗️

This configuration will not work with ECS on Fargate, because containers running on Fargate cannot access the host network. See these instructions instead.

Write a Docker-Compose file for the Akita CLI

The following Docker-Compose file defines an Akita agent that captures on a continuous basis. You should fill in your own Akita credentials, and the workspace name you have created in the Akita web console.

version: '3'
services:
  akita:
    image: public.ecr.aws/akitasoftware/akita-cli:latest
    environment:
      - AKITA_API_KEY_ID=apk_XXXXXXXXXX
      - AKITA_API_KEY_SECRET=XXXXXXXXXX
    entrypoint: /akita apidump --service my-workspace-name

For production use, you may wish to capture the logs by adding a logging section in the definition. The example configuration above uses our public ECR repository, to avoid rate-limiting problems pulling from Dockerhub.

You may also want to replace akita-cli:latest with a specific version of the CLI, to make upgrades deterministic.

Write an ECS configuration file for the Akita CLI

ECS-specific settings go into a separate file (by default called ecs-params.yaml). The ones necessary for Akita are:

version: 1
task_definition:
  ecs_network_mode: host
run_params:
  task_placement:
    constraints:
      - type: distinctInstance

These settings cause the Akita agent to capture all traffic on the host, and ensure that only one Akita container is run per host.

Create a new ECS project to launch the Akita CLI

Once these configuration files are in place, start monitoring using the following ECS CLI command:

$ ecs-cli compose -p akita-capture -f akita-compose.yaml --ecs-params akita-params.yaml service up  --cluster-config <mycluster>

This creates a new project named akita-capture and configures a service based on the previous two YAML files. The service is initialized with a desired container count of 1.

You can verify that the container has started with ecs-cli ps, or view its log output if you configured a logging section in the UI. In the Akita web console, you should be able to see a new trace in the Traces tab, or list them with the akita get trace CLI command. You can then wait for an automatically created model to appear.

Scaling up

Once you have verified that traffic is successfully being captured, you can scale up to more capture agents using

$ ecs-cli compose -p akita-capture service scale NNN

If you capture from many different hosts, you may want to lower the --rate-limit flag to the Akita container's command, to limit the amount of upstream traffic that Akita sends. See apidump for more information.


What’s Next
Did this page help you?