You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
consul/website/content/docs/ecs/requirements.mdx

33 lines
3.0 KiB

---
layout: docs
page_title: Requirements - Consul on AWS Elastic Container Service (ECS)
description: >-
Consul has requirements to install and run on Amazon Web Services ECS. Learn about Consul's requirements for Fargate and EC2, including network mode and subnet information, as well as server, routing, and ACL controller considerations to keep in mind.
---
# Requirements for Consul on AWS Elastic Container Service (ECS)
The following requirements must be met in order to install Consul on ECS:
* **Launch Type:** Fargate and EC2 launch types are supported.
* **Network Mode:** Only `awsvpc` mode is supported.
* **Subnets:** ECS Tasks can run in private or public subnets. Tasks must have [network access](https://aws.amazon.com/premiumsupport/knowledge-center/ecs-pull-container-api-error-ecr/) to Amazon ECR or other public container registries to pull images.
* **Consul Servers:** You can use your own Consul servers running on virtual machines or use [HashiCorp Cloud Platform Consul](https://www.hashicorp.com/cloud-platform) to host the servers for you. For development purposes or testing, you may use the `dev-server` [Terraform module](https://github.com/hashicorp/terraform-aws-consul-ecs/tree/main) that runs the Consul server as an ECS task. The `dev-server` does not support persistent storage.
* **ACL Controller:** If you are running a secure Consul installation with ACLs enabled, configure the ACL controller.
* **Admin Partitions:** <EnterpriseAlert inline />Consul on ECS supports [admin partitions](/consul/docs/enterprise/admin-partitions) when ACLs are enabled and the ACL controller is configured.
The ACL controller manages one admin partition and each ECS cluster requires an ACL controller.
Each `mesh-task` must also be configured to use a Consul Enterprise client.
* **Namespaces:** <EnterpriseAlert inline />[Namespaces](/consul/docs/enterprise/namespaces) are supported when ACLs are enabled and the ACL controller is configured.
Each `mesh-task` must also be configured to use a Consul Enterprise client.
* **Sidecar containers:** Consul on ECS requires two sidecar containers to run in each ECS task: a
Consul agent container and a sidecar proxy container. These additional sidecar containers must
be included in the ECS task definition. The [Consul ECS Terraform module](/consul/docs/ecs/terraform/install)
will include these sidecar containers for you. If you do not use Terraform, you can construct
the task definition yourself by following [our documentation](/consul/docs/ecs/manual/install).
* **Routing:** With your application running in tasks as part of the mesh, you must specify the
upstream services that your application calls. You will also need to change the URLs your
application uses to ensure the application is making requests through the service mesh.
* **Bind Address:** Once all communication is flowing through the service mesh, you should change
the address your application is listening on to `127.0.0.1` so that it only receives requests
through the sidecar proxy.