Consul on AWS Elastic Container Service (ECS) overview

This overview provides information about connecting your workloads managed by AWS Elastic Container Service (ECS) to a Consul service mesh. A Consul service mesh automates service-to-service authorization and encryption across your Consul services. You can use a service mesh in ECS networks to secure communication between ECS tasks and communication between tasks and external services.

Workflow

You can install Consul on ECS with the HashiCorp Terraform modules or by manually configuring the task definition. We strongly recommend using the Terraform modules and resources because Terraform automatically builds and enables Consul service mesh containers for your workloads. The Terraform module installation method also allows you to add your existing ECS task definitions to the Consul service mesh without additional configuration.

Terraform module installation

1. Create and run a Terraform configuration that includes the ECS task, modules, and resources.
2. Configure routes between ECS tasks in your cluster. Once the service mesh is built, you must define paths for traffic between services.
3. Configure the ECS bind address. Binding to the loopback address allows the sidecar proxy running in the same task to only make requests within the service mesh.

Manual installation

To manually install Consul, you must create definitions for each container that operates in the ECS cluster. Refer to Architecture for information about the Consul containers you must deploy. Note that there is no manual process for creating gateway task containers. Gateways enable you to connect multiple datacenters or admin partitions. You must use Terraform if you want to deploy gateways to your network.

Guidance

Refer to the following documentation and tutorials for additional guidance.

Tutorials

• Integrate your AWS ECS services into Consul service mesh: Shows how to use Terraform to run Consul service mesh applications on ECS with self-managed Enterprise or HCP Consul Dedicated.

You can also refer to the following example configurations:

• Examples on GitHub
• Consul with dev server on ECS using the Fargate launch type
• Consul with dev server onn ECS using the EC2 launch type

Documentation

• Install Consul on ECS with Terraform
• Configure routes between ECS tasks
• Configure the ECS task bind address
• Install Consul on ECS manually

Reference

• Architecture
• Technical specifications
• Task configuration reference
• Cross-compatibility reference
• Consul server JSON schema reference