Using shared Amazon Cloud Map namespaces with Amazon ECS Service Connect - Amazon Elastic Container Service
Step 1: Create the Amazon Cloud Map namespaceStep 2: Share the namespace using Amazon RAMStep 3: Accept the resource shareStep 4: Configure an Amazon ECS service with the shared namespace
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Using shared Amazon Cloud Map namespaces with Amazon ECS Service Connect

Setting up shared Amazon Cloud Map namespaces for Service Connect involves the following steps: Namespace owner creating the namespace, owner sharing it through Amazon Resource Access Manager (Amazon RAM), consumer accepting the resource share, and consumer configuring Service Connect to use the shared namespace.

Step 1: Create the Amazon Cloud Map namespace

The namespace owner creates a Amazon Cloud Map namespace that will be shared with other accounts.

To create a namespace for sharing using the Amazon Web Services Management Console

  1. Open the Amazon Cloud Map console at https://console.aws.amazon.com/cloudmap/.

  2. Choose Create namespace.

  3. Enter a Namespace name. This name will be used by services across all participating accounts.

  4. For Namespace type, choose the appropriate type for your use case:

    • API calls ‐ HTTP namespaces for service discovery without DNS functionality.

    • API calls and DNS queries in VPCs ‐ Private DNS namespaces for service discovery with private DNS queries in a VPC.

    • API calls and public DNS queries ‐ Public DNS namespaces for service discovery with public DNS queries.

  5. Choose Create namespace.

Step 2: Share the namespace using Amazon RAM

The namespace owner uses Amazon RAM to share the namespace with other Amazon Web Services accounts.

To share a namespace using the Amazon RAM console

  1. Open the Amazon RAM console at https://console.aws.amazon.com/ram/.

  2. Choose Create resource share.

  3. For Name, enter a descriptive name for the resource share.

  4. In the Resources section:

    1. For Resource type, choose Cloud Map Namespaces.

    2. Select the namespace you created in the previous step.

  5. In the Managed permissions section, specify AWSRAMPermissionCloudMapECSFullPermission.

    Important

    You must use the AWSRAMPermissionCloudMapECSFullPermission managed permission to share the namespace for Service Connect to work properly with the namespace.

  6. In the Principals section, specify the Amazon Web Services accounts you want to share the namespace with. You can enter account IDs or organizational unit IDs.

  7. Choose Create resource share.

Step 3: Accept the resource share

Namespace consumer accounts must accept the resource share invitation to use the shared namespace.

To accept a resource share invitation using the Amazon RAM console

  1. In the consumer account, open the Amazon RAM console at https://console.aws.amazon.com/ram/.

  2. In the navigation pane, choose Shared with me, then choose Resource shares.

  3. Select the resource share invitation and choose Accept resource share.

  4. After accepting, note the shared namespace ARN from the resource details. You'll use this ARN when configuring Service Connect services.

Step 4: Configure an Amazon ECS service with the shared namespace

After accepting the shared namespace, the namespace consumer can configure Amazon ECS services to use the shared namespace. The configuration is similar to using a regular namespace, but you must specify the namespace ARN instead of the name. For a detailed service creation procedure, see Creating an Amazon ECS rolling update deployment.

To create a service with a shared namespace using the Amazon Web Services Management Console

  1. Open the console at https://console.amazonaws.cn/ecs/v2.

  2. On the Clusters page, choose the cluster that you want to create the service in.

  3. Under Services, choose Create.

  4. After filling in other details depending on your workload, in the Service Connect section, choose Use Service Connect.

  5. For Namespace, enter the full ARN of the shared namespace.

    The ARN format is: arn:aws:servicediscovery:region:account-id:namespace/namespace-id

  6. Configure the remaining Service Connect settings as needed for your service type (client or client-server).

  7. Complete the service creation process.

You can also configure services using the Amazon CLI or Amazon SDKs by specifying the shared namespace ARN in the namespace parameter of the serviceConnectConfiguration.

aws ecs create-service \
    --cluster my-cluster \
    --service-name my-service \
    --task-definition my-task-def \
    --service-connect-configuration '{
        "enabled": true,
        "namespace": "arn:aws:servicediscovery:us-west-2:123456789012:namespace/ns-abcdef1234567890",
        "services": [{
            "portName": "web",
            "discoveryName": "my-service",
            "clientAliases": [{
                "port": 80,
                "dnsName": "my-service"
            }]
        }]
    }'