# Amazon Elastic Container Service on Amazon Outposts
Amazon Outposts enables native Amazon services, infrastructure, and operating models in on-premises facilities. In Amazon Outposts environments, you can use the same Amazon APIs, tools, and infrastructure that you use in the Amazon Web Services Cloud.
Amazon ECS on Amazon Outposts is ideal for low-latency workloads that need to be run in close proximity to on-premises data and applications.
For more information about Amazon Outposts, see the [https://docs.amazonaws.cn/outposts/latest/userguide/what-is-outposts.html](https://docs.amazonaws.cn/outposts/latest/userguide/what-is-outposts.html).
## Considerations
The following are considerations of using Amazon ECS on Amazon Outposts:
+ Amazon Elastic Container Registry, Amazon Identity and Access Management, and Network Load Balancer run in the Amazon Region, not on Amazon Outposts. This will increase latencies between these services and the containers.
+ Amazon Fargate is not available on Amazon Outposts.
The following are network connectivity considerations for Amazon Outposts:
+ If network connectivity between your Amazon Outposts and its Amazon Region is lost, your clusters will continue to run. However, you cannot create new clusters or take new actions on existing clusters until connectivity is restored. In case of instance failures, the instance will not be automatically replaced. The CloudWatch Logs agent will be unable to update logs and event data.
+ We recommend that you provide reliable, highly available, and low latency connectivity between your Amazon Outposts and its Amazon Region.
## Prerequisites
The following are prerequisites for using Amazon ECS on Amazon Outposts:
+ You must have installed and configured an Outpost in your on-premises data center.
+ You must have a reliable network connection between your Outpost and its Amazon Region.
## Overview of cluster creation on Amazon Outposts
The following is an overview of the configuration:
1. Create a role and policy with rights on Amazon Outposts.
1. Create an IAM instance profile with rights on Amazon Outposts.
1. Create a VPC, or use an existing one that is in the same Region as your Amazon Outposts.
1. Create a subnet or use an existing one that is associated with the Amazon Outposts.
This is the subnet where the container instances run.
1. Create a security group for the container instances in your cluster.
1. Create an Amazon ECS cluster.
1. Define the Amazon ECS container agent environment variables to launch the instance into the cluster.
1. Run a container.
For detailed information about how to integrate Amazon ECS with Amazon Outposts, see [Extend Amazon ECS across two Amazon Outposts racks](https://community.aws/content/2k5wK9P1oSC9I4ZzuSLWynsiJaa/extend-amazon-ecs-across-two-outposts-racks).
The following example creates an Amazon ECS cluster on an Amazon Outposts.
1. Create a role and policy with rights on Amazon Outposts.
The `role-policy.json` file is the policy document that contains the effect and actions for resources. For information about the file format, see [PutRolePolicy](https://docs.amazonaws.cn/IAM/latest/APIReference/API_PutRolePolicy.html) in the *IAM API Reference*
```
aws iam create-role –-role-name ecsRole \
--assume-role-policy-document file://ecs-policy.json
aws iam put-role-policy --role-name ecsRole --policy-name ecsRolePolicy \
--policy-document file://role-policy.json
```
1. Create an IAM instance profile with rights on Amazon Outposts.
```
aws iam create-instance-profile --instance-profile-name outpost
aws iam add-role-to-instance-profile --instance-profile-name outpost \
--role-name ecsRole
```
1. Create a VPC.
```
aws ec2 create-vpc --cidr-block 10.0.0.0/16
```
1. Create a subnet associated with your Amazon Outposts.
```
aws ec2 create-subnet \
--cidr-block 10.0.3.0/24 \
--vpc-id vpc-xxxxxxxx \
--outpost-arn arn:aws:outposts:us-west-2:123456789012:outpost/op-xxxxxxxxxxxxxxxx \
--availability-zone-id usw2-az1
```
1. Create a security group for the container instances, specifying the proper CIDR range for the Amazon Outposts. (This step is different for Amazon Outposts.)
```
aws ec2 create-security-group --group-name MyOutpostSG
aws ec2 authorize-security-group-ingress --group-name MyOutpostSG --protocol tcp \
--port 22 --cidr 10.0.3.0/24
aws ec2 authorize-security-group-ingress --group-name MyOutpostSG --protocol tcp \
--port 80 --cidr 10.0.3.0/24
```
1. Create the Cluster.
1. Define the Amazon ECS container agent environment variables to launch the instance into the cluster created in the previous step and define any tags you want to add to help identify the cluster (for example, `Outpost` to indicate that the cluster is for an Outpost).
```
#! /bin/bash
cat << ‘EOF’ >> /etc/ecs/ecs.config
ECS_CLUSTER=MyCluster
ECS_IMAGE_PULL_BEHAVIOR=prefer-cached
ECS_CONTAINER_INSTANCE_TAGS={“environment”: ”Outpost”}
EOF
```
**Note**
In order to avoid delays caused by pulling container images from Amazon ECR in the Region, use image caches. To do this, each time a task is run, configure the Amazon ECS agent to default to using the cached image on the instance itself by setting `ECS_IMAGE_PULL_BEHAVIOR` to `prefer-cached`.
1. Create the container instance, specifying the VPC and subnet for the Amazon Outposts where this instance should run and an instance type that is available on the Amazon Outposts. (This step is different for Amazon Outposts.)
The `userdata.txt` file contains the user data the instance can use to perform common automated configuration tasks and even run scripts after the instance starts. For information about the file for API calls, see [Run commands on your Linux instance at launch](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/user-data.html) in the *Amazon EC2 User Guide*.
```
aws ec2 run-instances --count 1 --image-id ami-xxxxxxxx --instance-type c5.large \
--key-name aws-outpost-key –-subnet-id subnet-xxxxxxxxxxxxxxxxx \
--iam-instance-profile Name outpost --security-group-id sg-xxxxxx \
--associate-public-ip-address --user-data file://userdata.txt
```
**Note**
This command is also used when adding additional instances to the cluster. Any containers deployed in the cluster will be placed on that specific Amazon Outposts.