Skip to main content

Install Upwind on Amazon ECS and Amazon EC2

Overview

This topic provides instructions for installing the Upwind components in an ECS cluster using the Amazon EC2 launch type.

Prerequisites

  1. An existing Amazon ECS cluster . To deploy one, see Getting started with Amazon ECS .
  2. Upwind Cluster Manager requires at least one private subnet with a NAT Gateway.
  3. The security group for the cluster manager must allow inbound traffic on port 8082 and 8444 from the EC2 instances in the cluster. By default, the cluster manager will use the default security group for the VPC.
  4. If the cluster EC2 instances are running on Linux kernel version 4 (for example Amazon Linux 2), you must set the sensor image to the bcc flavour. See installation methods for details.
  5. The hop limit for the IMDS service should be set to 2. See AWS documentation on configuring instance metadata options for more information.
  6. The minimum Docker version for reliable metrics is Docker version v20.10.13 and newer, which is included in Amazon ECS-optimized AMI 20220607 and newer.

Install

Step 1: Generate Credentials

note

This step is relevant only if you want to create new client credentials. If you already have client credentials, you can skip this step.

Select the + (plus) symbol at the top of the screen and select Connect ECS Cluster. Select Generate a new one to create a new client ID and client secret. Provide a name and select Generate. Alternatively, you can generate it in the Credentials page in the console. For more information review the documentation on Credentials .

After you have generated the secret, it will automatically be copied into step 3 and inserted into the UPWIND_CLIENT_ID and UPWIND_CLIENT_SECRET fields.

Step 2: Choose Installation Method

Select the appropriate installation method for your environment from the available options to continue with the setup.

Step 2.1: Connect Terraform

Copy the following Terraform Module, and save it to a file named main.tf:

provider "aws" {  
# For detailed instructions on configuring the AWS provider, please refer to:
# https://registry.terraform.io/providers/hashicorp/aws/latest/docs#authentication-and-configuration
region = "{ECS_CLUSTER_REGION}"
}

module "upwind_integration_aws_ecs_cluster" {
source = "https://get.upwind.io/terraform/modules/integrations/aws-ecs-sensor-0.11.0.tar.gz"
upwind_client_id = "{UPWIND_CLIENTID}"
upwind_client_secret = "{UPWIND_CLIENT_SECRET}"
ecs_cluster_name = "{ECS_CLUSTER_NAME}"
vpc_id = "{ECS_CLUSTER_VPC_ID}"
subnets = ["{ECS_CLUSTER_SUBNET_IDS}"]
}

Networking Configuration

Set ECS_CLUSTER_SUBNET_IDS to the IDs of one or more private subnets with routes to the NAT gateway that can be used to launch ENIs for Cluster Manager service tasks.

If the default security group for the VPC does not allow inbound traffic on ports 8082 and 8444 from one of the security groups applied to the instances in the cluster, create a security group that allows this traffic. Set the ID of the security group (e.g. sg-123456789) as the security_groups_cluster_manager parameter of the Terraform module.

Linux Kernel Compatibility

If the cluster EC2 instances are running on Linux kernel version 4 (for example Amazon Linux 2), you must set the image_sensor module parameter to:

image_sensor = {
registry = "registry.upwind.io"
repository = "images/agent"
tag = "0.93.0-bcc"
}

Step 2.2: Deploy Terraform

To finish the connection, run the following command:

terraform init && terraform apply

Test Connectivity

To verify the connectivity of your ECS cluster, run the following command:

aws ecs describe-services \
--cluster [your-cluster-name] \
--services upwind-sensor upwind-cluster-manager \
--query "services[*].{ \
ServiceName:serviceName, \
ServiceStatus:status, \
DesiredCount:desiredCount, \
RunningCount:runningCount, \
DeploymentStatuses:deployments[*].status, \
DeploymentsCount:length(deployments) \
}" \
--output json

Expected output:

[
{
"ServiceName": "upwind-sensor",
"ServiceStatus": "ACTIVE",
"DesiredCount": 1,
"RunningCount": 1,
"DeploymentStatuses": ["PRIMARY"],
"DeploymentsCount": 1
},
{
"ServiceName": "upwind-cluster-manager",
"ServiceStatus": "ACTIVE",
"DesiredCount": 1,
"RunningCount": 1,
"DeploymentStatuses": ["PRIMARY"],
"DeploymentsCount": 1
}
]
  • Ensure ServiceStatus is ACTIVE for both services.
  • Ensure DesiredCount and RunningCount are equal to instance count for the upwind-sensor service due to its daemon strategy.
  • Ensure DesiredCount and RunningCount are equal, typically set to 1, for the upwind-cluster-manager service.
  • Ensure DeploymentStatuses are PRIMARY for all deployments, and DeploymentCount match.

Troubleshooting

If you encounter any issues during the installation process, please click the chat button for live connection with an expert from Upwind.