Getting started with Amazon App Mesh and Amazon ECS
Important
End of support notice: On September 30, 2026, Amazon will discontinue support for Amazon App Mesh. After September 30, 2026, you will no longer be able to access the Amazon App Mesh console or Amazon App Mesh resources. For more information, visit this blog post Migrating from Amazon App Mesh to Amazon ECS Service Connect
This topic helps you use Amazon App Mesh with an actual service that is running on Amazon ECS. This tutorial covers basic features of several App Mesh resource types.
Scenario
To illustrate how to use App Mesh, assume that you have an application with the following characteristics:
-
Consists of two services named
serviceA
andserviceB
. -
Both services are registered to a namespace named
apps.local
. -
ServiceA
communicates withserviceB
over HTTP/2, port 80. -
You have already deployed version 2 of
serviceB
and registered it with the nameserviceBv2
in theapps.local
namespace.
You have the following requirements:
-
You want to send 75 percent of the traffic from
serviceA
toserviceB
and 25 percent of the traffic toserviceBv2
first. By only sending 25 percent toserviceBv2
, you can validate that it's bug free before you send 100 percent of the traffic fromserviceA
. -
You want to be able to easily adjust the traffic weighting so that 100 percent of the traffic goes to
serviceBv2
once it is proven to be reliable. Once all traffic is being sent toserviceBv2
, you want to discontinueserviceB
. -
You do not want to have to change any existing application code or service discovery registration for your actual services to meet the previous requirements.
To meet your requirements, you decide to create an App Mesh service mesh with virtual services, virtual nodes, a virtual router, and a route. After implementing your mesh, you update your services to use the Envoy proxy. Once updated, your services communicate with each other through the Envoy proxy rather than directly with each other.
Prerequisites
Important
End of support notice: On September 30, 2026, Amazon will discontinue support for Amazon App Mesh. After September 30, 2026, you will no longer be able to access the Amazon App Mesh console or Amazon App Mesh resources. For more information, visit this blog post Migrating from Amazon App Mesh to Amazon ECS Service Connect
-
An existing understanding of App Mesh concepts. For more information, see What Is Amazon App Mesh?.
-
An existing understanding of Amazon ECSs concepts. For more information, see What is Amazon ECS in the Amazon Elastic Container Service Developer Guide.
-
App Mesh supports Linux services that are registered with DNS, Amazon Cloud Map, or both. To use this getting started guide, we recommend that you have three existing services that are registered with DNS. The procedures in this topic assume that the existing services are named
serviceA
,serviceB
, andserviceBv2
and that all services are discoverable through a namespace namedapps.local
.You can create a service mesh and its resources even if the services don't exist, but you cannot use the mesh until you have deployed actual services. For more information about service discovery on Amazon ECS, see Service Discovery. To create an Amazon ECS service with service discovery, see Tutorial: Creating a Service Using Service Discovery. If you don't already have services running, you can Create an Amazon ECS service with service discovery.
Step 1: Create a mesh and virtual service
A service mesh is a logical boundary for network traffic between the services that reside within it. For more information, see Service Meshes. A virtual service is an abstraction of an actual service. For more information, see Virtual services.
Create the following resources:
-
A mesh named
apps
, since all of the services in the scenario are registered to theapps.local
namespace. -
A virtual service named
serviceb.apps.local
, since the virtual service represents a service that is discoverable with that name, and you don't want to change your code to reference another name. A virtual service namedservicea.apps.local
is added in a later step.
You can use the Amazon Web Services Management Console or the Amazon CLI version 1.18.116 or higher or
2.0.38 or higher to complete the following steps. If using the Amazon CLI,
use the aws --version
command to check your installed Amazon CLI version. If you
don't have version 1.18.116 or higher or 2.0.38 or
higher installed, then you must install
or update the Amazon CLI. Select the tab for the tool that you want to
use.
Step 2: Create a virtual node
A virtual node acts as a logical pointer to an actual service. For more information, see Virtual nodes.
Create a virtual node named serviceB
, since one of the virtual nodes
represents the actual service named serviceB
. The actual service that the
virtual node represents is discoverable through DNS
with a hostname of
serviceb.apps.local
. Alternately, you can discover actual services
using Amazon Cloud Map. The virtual node will listen for traffic using the HTTP/2 protocol on port
80. Other protocols are also supported, as are health checks. You will create virtual
nodes for serviceA
and serviceBv2
in a later step.
Step 3: Create a virtual router and route
Virtual routers route traffic for one or more virtual services within your mesh. For more information, see Virtual routers and Routes.
Create the following resources:
-
A virtual router named
serviceB
, since theserviceB.apps.local
virtual service does not initiate outbound communication with any other service. Remember that the virtual service that you created previously is an abstraction of your actualserviceb.apps.local
service. The virtual service sends traffic to the virtual router. The virtual router listens for traffic using the HTTP/2 protocol on port 80. Other protocols are also supported. -
A route named
serviceB
. It routes 100 percent of its traffic to theserviceB
virtual node. The weight is in a later step once you add theserviceBv2
virtual node. Though not covered in this guide, you can add additional filter criteria for the route and add a retry policy to cause the Envoy proxy to make multiple attempts to send traffic to a virtual node when it experiences a communication problem.
Step 4: Review and create
Review the settings against the previous instructions.
Step 5: Create additional resources
To complete the scenario, you need to:
-
Create one virtual node named
serviceBv2
and another namedserviceA
. Both virtual nodes listen for requests over HTTP/2 port 80. For theserviceA
virtual node, configure a backend ofserviceb.apps.local
. All outbound traffic from theserviceA
virtual node is sent to the virtual service namedserviceb.apps.local
. Though not covered in this guide, you can also specify a file path to write access logs to for a virtual node. -
Create one additional virtual service named
servicea.apps.local
, which sends all traffic directly to theserviceA
virtual node. -
Update the
serviceB
route that you created in a previous step to send 75 percent of its traffic to theserviceB
virtual node and 25 percent of its traffic to theserviceBv2
virtual node. Over time, you can continue to modify the weights untilserviceBv2
receives 100 percent of the traffic. Once all traffic is sent toserviceBv2
, you can shut down and discontinue theserviceB
virtual node and actual service. As you change weights, your code does not require any modification, because theserviceb.apps.local
virtual and actual service names don't change. Recall that theserviceb.apps.local
virtual service sends traffic to the virtual router, which routes the traffic to the virtual nodes. The service discovery names for the virtual nodes can be changed at any time.
Mesh summary
Before you created the service mesh, you had three actual services named
servicea.apps.local
, serviceb.apps.local
, and
servicebv2.apps.local
. In addition to the actual services, you now
have a service mesh that contains the following resources that represent the actual
services:
-
Two virtual services. The proxy sends all traffic from the
servicea.apps.local
virtual service to theserviceb.apps.local
virtual service through a virtual router. -
Three virtual nodes named
serviceA
,serviceB
, andserviceBv2
. The Envoy proxy uses the service discovery information configured for the virtual nodes to look up the IP addresses of the actual services. -
One virtual router with one route that instructs the Envoy proxy to route 75 percent of inbound traffic to the
serviceB
virtual node and 25 percent of the traffic to theserviceBv2
virtual node.
Step 6: Update services
After creating your mesh, you need to complete the following tasks:
-
Authorize the Envoy proxy that you deploy with each Amazon ECS task to read the configuration of one or more virtual nodes. For more information about how to authorize the proxy, see Proxy authorization.
-
Update each of your existing Amazon ECS task definitions to use the Envoy proxy.
Credentials
The Envoy container requires Amazon Identity and Access Management credentials for signing requests that are sent to the App Mesh service. For Amazon ECS tasks deployed with the Amazon EC2 launch type, the credentials can come from the instance role or from a task IAM role. Amazon ECS tasks deployed with Fargate on Linux containers don't have access to the Amazon EC2 metadata server that supplies instance IAM profile credentials. To supply the credentials, you must attach an IAM task role to any tasks deployed with the Fargate on Linux containers type.
If a task is deployed with the Amazon EC2 launch type and access is blocked to the Amazon EC2 metadata server, as described in the Important annotation in IAM Role for Tasks, then a task IAM role must also be attached to the task. The role that you assign to the instance or task must have an IAM policy attached to it as described in Proxy authorization.
To update your task definition using the Amazon CLI
You use Amazon ECS Amazon CLI command register-task-definition
. The example task definition below shows how
to configure App Mesh for your service.
Note
Configuring App Mesh for Amazon ECS through the console is unavailable.
Proxy configuration
To configure your Amazon ECS service to use App Mesh, your service's task definition must
have the following proxy configuration section. Set the proxy configuration
type
to APPMESH
and the containerName
to
envoy
. Set the following property values accordingly.
IgnoredUID
-
The Envoy proxy doesn't route traffic from processes that use this user ID. You can choose any user ID that you want for this property value, but this ID must be the same as the
user
ID for the Envoy container in your task definition. This matching allows Envoy to ignore its own traffic without using the proxy. Our examples use
for historical purposes.1337
ProxyIngressPort
-
This is the inbound port for the Envoy proxy container. Set this value to
15000
. ProxyEgressPort
-
This is the outbound port for the Envoy proxy container. Set this value to
15001
. AppPorts
-
Specify any inbound ports that your application containers listen on. In this example, the application container listens on port
. The port that you specify must match the port configured on the virtual node listener.9080
EgressIgnoredIPs
-
Envoy doesn't proxy traffic to these IP addresses. Set this value to
169.254.170.2,169.254.169.254
, which ignores the Amazon EC2 metadata server and the Amazon ECS task metadata endpoint. The metadata endpoint provides IAM roles for tasks credentials. You can add additional addresses. EgressIgnoredPorts
-
You can add a comma separated list of ports. Envoy doesn't proxy traffic to these ports. Even if you list no ports, port 22 is ignored.
Note
The maximum number of outbound ports that can be ignored is 15.
"proxyConfiguration": { "type": "APPMESH", "containerName": "envoy", "properties": [{ "name": "IgnoredUID", "value": "
1337
" }, { "name": "ProxyIngressPort", "value": "15000" }, { "name": "ProxyEgressPort", "value": "15001" }, { "name": "AppPorts", "value": "9080
" }, { "name": "EgressIgnoredIPs", "value": "169.254.170.2,169.254.169.254" }, { "name": "EgressIgnoredPorts", "value": "22
" } ] }
Application container Envoy dependency
The application containers in your task definitions must wait for the Envoy proxy to
bootstrap and start before they can start. To make sure this happens, you set a
dependsOn
section in each application container definition to wait for the
Envoy container to report as HEALTHY
. The following code shows an application
container definition example with this dependency. All of the properties in the following
example are required. Some of the property values are also required, but some are
replaceable
.
{ "name": "
appName
", "image": "appImage
", "portMappings": [{ "containerPort":9080
, "hostPort":9080
, "protocol": "tcp" }], "essential": true, "dependsOn": [{ "containerName": "envoy", "condition": "HEALTHY" }] }
Envoy container definition
Your Amazon ECS task definitions must contain an App Mesh Envoy container image.
- All supported
Regions other than
me-south-1
,ap-east-1
,ap-southeast-3
,eu-south-1
,il-central-1
, andaf-south-1
. You can replaceRegion-code
with any Region other thanme-south-1
,ap-east-1
,ap-southeast-3
,eu-south-1
,il-central-1
, andaf-south-1
. -
Standard
840364872350.dkr.ecr.
region-code
.amazonaws.com/aws-appmesh-envoy:v1.29.6.1-prodFIPS-compliant
840364872350.dkr.ecr.
region-code
.amazonaws.com/aws-appmesh-envoy:v1.29.6.1-prod-fips me-south-1
-
Standard
772975370895.dkr.ecr.me-south-1.amazonaws.com/aws-appmesh-envoy:v1.29.6.1-prod
FIPS-compliant
772975370895.dkr.ecr.me-south-1.amazonaws.com/aws-appmesh-envoy:v1.29.6.1-prod-fips
ap-east-1
-
Standard
856666278305.dkr.ecr.ap-east-1.amazonaws.com/aws-appmesh-envoy:v1.29.6.1-prod
FIPS-compliant
856666278305.dkr.ecr.ap-east-1.amazonaws.com/aws-appmesh-envoy:v1.29.6.1-prod-fips
ap-southeast-3
-
Standard
909464085924.dkr.ecr.ap-southeast-3.amazonaws.com/aws-appmesh-envoy:v1.29.6.1-prod
FIPS-compliant
909464085924.dkr.ecr.ap-southeast-3.amazonaws.com/aws-appmesh-envoy:v1.29.6.1-prod-fips
eu-south-1
-
Standard
422531588944.dkr.ecr.eu-south-1.amazonaws.com/aws-appmesh-envoy:v1.29.6.1-prod
FIPS-compliant
422531588944.dkr.ecr.eu-south-1.amazonaws.com/aws-appmesh-envoy:v1.29.6.1-prod-fips
il-central-1
-
Standard
564877687649.dkr.ecr.il-central-1.amazonaws.com/aws-appmesh-envoy:v1.29.6.1-prod
FIPS-compliant
564877687649.dkr.ecr.il-central-1.amazonaws.com/aws-appmesh-envoy:v1.29.6.1-prod-fips
af-south-1
-
Standard
924023996002.dkr.ecr.af-south-1.amazonaws.com/aws-appmesh-envoy:v1.29.6.1-prod
FIPS-compliant
924023996002.dkr.ecr.af-south-1.amazonaws.com/aws-appmesh-envoy:v1.29.6.1-prod-fips
cn-north-1
-
Standard
919366029133.dkr.ecr.cn-north-1.amazonaws.com.cn/aws-appmesh-envoy:v1.29.6.1-prod
FIPS-compliant
919366029133.dkr.ecr.cn-north-1.amazonaws.com.cn/aws-appmesh-envoy:v1.29.6.1-prod-fips
cn-northwest-1
-
Standard
919830735681.dkr.ecr.cn-northwest-1.amazonaws.com.cn/aws-appmesh-envoy:v1.29.6.1-prod
FIPS-compliant
919830735681.dkr.ecr.cn-northwest-1.amazonaws.com.cn/aws-appmesh-envoy:v1.29.6.1-prod-fips
Public repository
-
Standard
public.ecr.aws/appmesh/aws-appmesh-envoy:v1.29.6.1-prod
FIPS-compliant
public.ecr.aws/appmesh/aws-appmesh-envoy:v1.29.6.1-prod-fips
Important
Only version v1.9.0.0-prod or later is supported for use with App Mesh.
You must use the App Mesh Envoy container image until the Envoy project team merges changes that support App Mesh. For additional details, see the GitHub roadmap
issue
All of the properties in the following example are required. Some of the property values are
also required, but some are replaceable
.
Note
-
The Envoy container definition must be marked as
essential
. -
We recommend allocating
512
CPU units and at least64
MiB of memory to the Envoy container. On Fargate the lowest you will be able to set is1024
MiB of memory. -
The virtual node name for the Amazon ECS service must be set to the value of the
APPMESH_RESOURCE_ARN
property. This property requires version1.15.0
or later of the Envoy image. For more information, see Envoy image. -
The value for the
user
setting must match theIgnoredUID
value from the task definition proxy configuration. In this example, we use
.1337
-
The health check shown here waits for the Envoy container to bootstrap properly before reporting to Amazon ECS that the Envoy container is healthy and ready for the application containers to start.
-
By default, App Mesh uses the name of the resource you specified in
APPMESH_RESOURCE_ARN
when Envoy is referring to itself in metrics and traces. You can override this behavior by setting theAPPMESH_RESOURCE_CLUSTER
environment variable with your own name. This property requires version1.15.0
or later of the Envoy image. For more information, see Envoy image.
The following code shows an Envoy container definition example.
{ "name": "envoy", "image": "
840364872350
.dkr.ecr.us-west-2
.amazonaws.com/aws-appmesh-envoy:v1.29.6.1-prod", "essential": true, "environment": [{ "name": "APPMESH_RESOURCE_ARN", "value": "arn:aws:appmesh:us-west-2
:111122223333
:mesh/apps
/virtualNode/serviceB
" }], "healthCheck": { "command": [ "CMD-SHELL", "curl -s http://localhost:9901/server_info | grep state | grep -q LIVE" ], "startPeriod":10
, "interval":5
, "timeout":2
, "retries":3
}, "user": "1337
" }
Example task definitions
The following example Amazon ECS task definitions show how to merge the examples from above
into a task definition for taskB
. Examples are provided for creating tasks for
both Amazon ECS launch types with or without using Amazon X-Ray. Change the
replaceable
values, as appropriate, to create task
definitions for the tasks named taskBv2
and taskA
from the
scenario. Substitute your mesh name and virtual node name for the
APPMESH_RESOURCE_ARN
value and a list of ports that your application
listens on for the proxy configuration AppPorts
value. By default, App Mesh uses
the name of the resource you specified in APPMESH_RESOURCE_ARN
when Envoy is
referring to itself in metrics and traces. You can override this behavior by setting the
APPMESH_RESOURCE_CLUSTER
environment variable with your own name. All of
the properties in the following examples are required. Some of the property values are also
required, but some are replaceable
.
If you're running an Amazon ECS task as described in the Credentials section, then you need to add an existing task IAM role, to the examples.
Important
Fargate must use a port value greater than 1024.
Example JSON for Amazon ECS task definition - Fargate on Linux containers
{ "family" : "
taskB
", "memory" : "1024
", "cpu" : "0.5 vCPU
", "proxyConfiguration" : { "containerName" : "envoy", "properties" : [ { "name" : "ProxyIngressPort", "value" : "15000" }, { "name" : "AppPorts", "value" : "9080
" }, { "name" : "EgressIgnoredIPs", "value" : "169.254.170.2,169.254.169.254" }, { "name": "EgressIgnoredPorts", "value": "22
" }, { "name" : "IgnoredUID", "value" : "1337
" }, { "name" : "ProxyEgressPort", "value" : "15001" } ], "type" : "APPMESH" }, "containerDefinitions" : [ { "name" : "appName
", "image" : "appImage
", "portMappings" : [ { "containerPort" :9080
, "protocol" : "tcp" } ], "essential" : true, "dependsOn" : [ { "containerName" : "envoy", "condition" : "HEALTHY" } ] }, { "name" : "envoy", "image" : "840364872350
.dkr.ecr.us-west-2
.amazonaws.com/aws-appmesh-envoy:v1.29.6.1-prod", "essential" : true, "environment" : [ { "name" : "APPMESH_VIRTUAL_NODE_NAME", "value" : "mesh/apps
/virtualNode/serviceB
" } ], "healthCheck" : { "command" : [ "CMD-SHELL", "curl -s http://localhost:9901/server_info | grep state | grep -q LIVE" ], "interval" :5
, "retries" :3
, "startPeriod" :10
, "timeout" :2
}, "memory" :500
, "user" : "1337
" } ], "requiresCompatibilities" : [ "FARGATE" ], "taskRoleArn" : "arn:aws:iam::123456789012
:role/ecsTaskRole
", "executionRoleArn" : "arn:aws:iam::123456789012
:role/ecsTaskExecutionRole
", "networkMode" : "awsvpc" }
Example JSON for Amazon ECS task definition with Amazon X-Ray - Fargate on Linux containers
X-Ray allows you to collect data about requests that an application serves and provides tools that you can use to visualize traffic flow. Using the X-Ray driver for Envoy enables Envoy to report tracing information to X-Ray. You can enable X-Ray tracing using the Envoy configuration. Based on the configuration, Envoy sends tracing data to the X-Ray daemon running as a sidecar container and the daemon forwards the traces to the X-Ray service. Once the traces are published to X-Ray, you can use the X-Ray console to visualize the service call graph and request trace details. The following JSON represents a task definition to enable X-Ray integration.
{ "family" : "
taskB
", "memory" : "1024
", "cpu" : "512
", "proxyConfiguration" : { "containerName" : "envoy", "properties" : [ { "name" : "ProxyIngressPort", "value" : "15000" }, { "name" : "AppPorts", "value" : "9080
" }, { "name" : "EgressIgnoredIPs", "value" : "169.254.170.2,169.254.169.254" }, { "name": "EgressIgnoredPorts", "value": "22
" }, { "name" : "IgnoredUID", "value" : "1337
" }, { "name" : "ProxyEgressPort", "value" : "15001" } ], "type" : "APPMESH" }, "containerDefinitions" : [ { "name" : "appName
", "image" : "appImage
", "portMappings" : [ { "containerPort" :9080
, "protocol" : "tcp" } ], "essential" : true, "dependsOn" : [ { "containerName" : "envoy", "condition" : "HEALTHY" } ] }, { "name" : "envoy", "image" : "840364872350
.dkr.ecr.us-west-2
.amazonaws.com/aws-appmesh-envoy:v1.29.6.1-prod", "essential" : true, "environment" : [ { "name" : "APPMESH_VIRTUAL_NODE_NAME", "value" : "mesh/apps
/virtualNode/serviceB
" }, { "name": "ENABLE_ENVOY_XRAY_TRACING", "value": "1" } ], "healthCheck" : { "command" : [ "CMD-SHELL", "curl -s http://localhost:9901/server_info | grep state | grep -q LIVE" ], "interval" :5
, "retries" :3
, "startPeriod" :10
, "timeout" :2
}, "memory" :500
, "user" : "1337
" }, { "name" : "xray-daemon", "image" : "amazon/aws-xray-daemon", "user" : "1337
", "essential" : true, "cpu" : "32
", "memoryReservation" : "256
", "portMappings" : [ { "containerPort" : 2000, "protocol" : "udp" } ] } ], "requiresCompatibilities" : [ "FARGATE" ], "taskRoleArn" : "arn:aws:iam::123456789012
:role/ecsTaskRole
", "executionRoleArn" : "arn:aws:iam::123456789012
:role/ecsTaskExecutionRole
", "networkMode" : "awsvpc" }
Example JSON for Amazon ECS task definition - EC2 launch type
{ "family": "
taskB
", "memory": "256
", "proxyConfiguration": { "type": "APPMESH", "containerName": "envoy", "properties": [ { "name": "IgnoredUID", "value": "1337
" }, { "name": "ProxyIngressPort", "value": "15000" }, { "name": "ProxyEgressPort", "value": "15001" }, { "name": "AppPorts", "value": "9080
" }, { "name": "EgressIgnoredIPs", "value": "169.254.170.2,169.254.169.254" }, { "name": "EgressIgnoredPorts", "value": "22
" } ] }, "containerDefinitions": [ { "name": "appName
", "image": "appImage
", "portMappings": [ { "containerPort":9080
, "hostPort":9080
, "protocol": "tcp" } ], "essential": true, "dependsOn": [ { "containerName": "envoy", "condition": "HEALTHY" } ] }, { "name": "envoy", "image": "840364872350
.dkr.ecr.us-west-2
.amazonaws.com/aws-appmesh-envoy:v1.29.6.1-prod", "essential": true, "environment": [ { "name": "APPMESH_VIRTUAL_NODE_NAME", "value": "mesh/apps
/virtualNode/serviceB
" } ], "healthCheck": { "command": [ "CMD-SHELL", "curl -s http://localhost:9901/server_info | grep state | grep -q LIVE" ], "startPeriod":10
, "interval":5
, "timeout":2
, "retries":3
}, "user": "1337
" } ], "requiresCompatibilities" : [ "EC2" ], "taskRoleArn" : "arn:aws:iam::123456789012
:role/ecsTaskRole
", "executionRoleArn" : "arn:aws:iam::123456789012
:role/ecsTaskExecutionRole
", "networkMode": "awsvpc" }
Example JSON for Amazon ECS task definition with Amazon X-Ray - EC2 launch type
{ "family": "
taskB
", "memory": "256
", "cpu" : "1024
", "proxyConfiguration": { "type": "APPMESH", "containerName": "envoy", "properties": [ { "name": "IgnoredUID", "value": "1337
" }, { "name": "ProxyIngressPort", "value": "15000" }, { "name": "ProxyEgressPort", "value": "15001" }, { "name": "AppPorts", "value": "9080
" }, { "name": "EgressIgnoredIPs", "value": "169.254.170.2,169.254.169.254" }, { "name": "EgressIgnoredPorts", "value": "22
" } ] }, "containerDefinitions": [ { "name": "appName
", "image": "appImage
", "portMappings": [ { "containerPort":9080
, "hostPort":9080
, "protocol": "tcp" } ], "essential": true, "dependsOn": [ { "containerName": "envoy", "condition": "HEALTHY" } ] }, { "name": "envoy", "image": "840364872350
.dkr.ecr.us-west-2
.amazonaws.com/aws-appmesh-envoy:v1.29.6.1-prod", "essential": true, "environment": [ { "name": "APPMESH_VIRTUAL_NODE_NAME", "value": "mesh/apps
/virtualNode/serviceB
" }, { "name": "ENABLE_ENVOY_XRAY_TRACING", "value": "1" } ], "healthCheck": { "command": [ "CMD-SHELL", "curl -s http://localhost:9901/server_info | grep state | grep -q LIVE" ], "startPeriod":10
, "interval":5
, "timeout":2
, "retries":3
}, "user": "1337
" }, { "name": "xray-daemon", "image": "amazon/aws-xray-daemon", "user": "1337
", "essential": true, "cpu": 32, "memoryReservation": 256, "portMappings": [ { "containerPort": 2000, "protocol": "udp" } ] } ], "requiresCompatibilities" : [ "EC2" ], "taskRoleArn" : "arn:aws:iam::123456789012
:role/ecsTaskRole
", "executionRoleArn" : "arn:aws:iam::123456789012
:role/ecsTaskExecutionRole
", "networkMode": "awsvpc" }
Advanced topics
Canary deployments using App Mesh
Canary deployments and releases help you switch traffic between an old version of an application and a newly deployed version. It also monitors the health of the newly deployed version. If there are any problems with the new version, the canary deployment can automatically switch traffic back to the old version. Canary deployments give you the ability to switch traffic between application versions with more control.
For more information about how to implement canary deployments for Amazon ECS using App Mesh, see Create a pipeline with canary deployments for Amazon ECS using App Mesh
Note
For more examples and walkthroughs for App Mesh, see the App Mesh examples repository