Install Upwind on Amazon ECS and Amazon EC2
Overview
This page provides instructions for installing the Upwind components in an ECS cluster using the Amazon EC2 launch type.
Prerequisites
- An existing Amazon ECS cluster . To deploy one, see Getting started with Amazon ECS .
- Upwind Cluster Manager requires at least one private subnet with a NAT Gateway.
- The security group for the cluster manager must allow inbound traffic on port 8082 and 8444 from the EC2 instances in the cluster. By default, the cluster manager will use the default security group for the VPC.
- If the cluster EC2 instances are running on Linux kernel version 4 (for example Amazon Linux 2), you must set the sensor image to the
bccflavour. See installation methods for details. - The hop limit for the IMDS service should be set to 2. See AWS documentation on configuring instance metadata options for more information.
- The minimum Docker version for reliable metrics is Docker version v20.10.13 and newer, which is included in Amazon ECS-optimized AMI 20220607 and newer.
Install
Step 1: Generate Credentials
This step is relevant only if you want to create new client credentials. If you already have client credentials, you can skip this step.
Select the + (plus) symbol at the top of the screen and select Connect ECS Cluster. Select Generate a new one to create a new client ID and client secret. Provide a name and select Generate. Alternatively, you can generate it in the Credentials page in the console. For more information review the documentation on Credentials .
After you have generated the secret, it will automatically be copied into step 3 and inserted into the
UPWIND_CLIENT_ID and UPWIND_CLIENT_SECRET fields.
Step 2: Choose Installation Method
Select the appropriate installation method for your environment from the available options to continue with the setup.
- Terraform (Recommended)
- AWS CloudFormation
Step 2.1: Connect Terraform
Copy the following Terraform Module, and save it to a file named main.tf:
provider "aws" {
# For detailed instructions on configuring the AWS provider, please refer to:
# https://registry.terraform.io/providers/hashicorp/aws/latest/docs#authentication-and-configuration
region = "{ECS_CLUSTER_REGION}"
}
module "upwind_integration_aws_ecs_cluster" {
source = "https://terraform.upwind.io/modules/integrations/aws-ecs-sensor-0.6.0.tar.gz"
upwind_client_id = "{UPWIND_CLIENTID}"
upwind_client_secret = "{UPWIND_CLIENT_SECRET}"
ecs_cluster_name = "{ECS_CLUSTER_NAME}"
vpc_id = "{ECS_CLUSTER_VPC_ID}"
subnets = ["{ECS_CLUSTER_SUBNET_IDS}"]
}
Set ECS_CLUSTER_SUBNET_IDS to the IDs of one or more private subnets with routes to the NAT gateway that can be used to launch ENIs for Cluster Manager service tasks.
If the cluster EC2 instances are running on Linux kernel version 4 (for example Amazon Linux 2), you must set the image_sensor module parameter to:
image_sensor = {
registry = "registry.upwind.io"
repository = "images/agent"
tag = "0.79.0-bcc"
}
Step 2.2: Deploy Terraform
To finish the connection, run the following command:
terraform init && terraform apply
Step 2.1: Log in to AWS Console
Open your web browser and navigate to the AWS Management Console . Enter your login credentials to access the desired account.
Step 2.2: Run AWS CloudFormation Template
The CloudFormation template will deploy the Upwind ECS service and set task definitions to support EC2 workloads and tasks on your ECS cluster.
To connect a cluster, manually enter the VPC ID and Subnet IDs (one or more private subnets with routes to the NAT gateway).
If the EC2 instances in the cluster are running Linux kernel version 4, set the SensorContainerImage parameter to:
registry.upwind.io/images/agent:stable-bcc
If the default security group for the VPC does not allow inbound traffic on port 8080 and 8082 from the EC2 instances in the cluster, create a security group that does and set it as the ClusterManagerSecurityGroup stack parameter.
Test Connectivity
To verify the connectivity of your ECS cluster, run the following command:
aws ecs describe-services \
--cluster [your-cluster-name] \
--services upwind-sensor upwind-cluster-manager \
--query "services[*].{ \
ServiceName:serviceName, \
ServiceStatus:status, \
DesiredCount:desiredCount, \
RunningCount:runningCount, \
DeploymentStatuses:deployments[*].status, \
DeploymentsCount:length(deployments) \
}" \
--output json
Expected output:
[
{
"ServiceName": "upwind-sensor",
"ServiceStatus": "ACTIVE",
"DesiredCount": 1,
"RunningCount": 1,
"DeploymentStatuses": ["PRIMARY"],
"DeploymentsCount": 1
},
{
"ServiceName": "upwind-cluster-manager",
"ServiceStatus": "ACTIVE",
"DesiredCount": 1,
"RunningCount": 1,
"DeploymentStatuses": ["PRIMARY"],
"DeploymentsCount": 1
}
]
- Ensure ServiceStatus is ACTIVE for both services.
- Ensure DesiredCount and RunningCount are equal to instance count for the
upwind-sensorservice due to its daemon strategy. - Ensure DesiredCount and RunningCount are equal, typically set to 1, for the
upwind-cluster-managerservice. - Ensure DeploymentStatuses are PRIMARY for all deployments, and DeploymentCount match.
Troubleshooting
If you encounter any issues during the installation process, please click the chat button for live connection with an expert from Upwind.