Thoughts After Playing with Amazon EC2 Container Service

Docker has been getting more and more popular in the past year. Even though with its loves and hates, and with the acomppanying security vunerability. The emergence of immutable micro service seems to be unstoppable. And Docker definitely is one of the pain killers in the market. Amazon launched EC2 container service in the end of the last year, to provides solution similar to open-sourced shipyard to manage docker host cluster. At the very beginning it could only be accessed through API, but now you could get into its own dashboard fro the AWS Console.

However, from a few days of trial experience, I am still quite unsatisifed with it. It is usable but having lots of gotcha getting your nerve. I would list a few of complaints as follows:

  • By default, after you clicking through all of the buttons to “Get Started”, it would go for a complete new settings of AWS Cloudformation, and that would launch a whole new VPC and putting the docker host in the public subnet, which is undesirable in terms of the security, and ignore the possibility that you already have a VPC at your service. You have to find a way to workaround this default settings. That is, launch a Amazon Linux Container Optimized image from the “EC2” dashboard but not “ECS” console, and then lcreate a new cluster in the EC Container service, so that the instances you just launched in your exisiting VPC could be registered to the cluster you created. This is very unintuitive.
  • It still lacks the integration with Opsworks, you are unable to laucnh Amazon Container Optimized Linux image from the Opsworks. This greatly reduce the accessibility of the EC2 container service. After all, you don’t get lots of monitoring provided by Opsworks for free.
  • It is possible to pull the private image from docker hub, or your docker api in the docker image hosting managed by yourself. But you have to logged-in to the instance to change the settings for that. That is a pain if you manage a lot of machines. I hope there should be a tab in the console so that I could change it and automatically be effective.
  • No error message forwarded by the agent in the console so that you know why the docker failed to run. In Opsworks, you would have the log generated by the Chef recipe.

Having to setup your own docker cluster is kind of painful and time consuming. I wish AWS could refine the EC2 container service to be truuly easy to use in the upcoming few months. At this moment, I have to stick with the CLI interface.