Q-Bits: Testing Amazon ECS Network Resilience with AWS FIS
This article demonstrates how Amazon Q Developer can help quickly ramp-up on features of AWS services through an example of Amazon ECS tasks and AWS FIS.
Sunil Govindankutty
Amazon Employee
Published Feb 20, 2025
Last Modified Feb 24, 2025
Welcome to another installment of Q-Bits, our regular series showcasing cool ways Amazon employees are leveraging Amazon Q Developer. Today, we're diving into how Q Developer can help create Amazon ECS Task Definitions for fault injection.
As a resilience technical community member focused on Chaos Engineering , I wanted to explore Amazon ECS's new network fault injection features on AWS Fargate. It had been a minute since I had worked with ECS tasks and wanted to dive into testing the feature. Amazon Q Developer has been helping me on builder activities including README document generation, unit test creation and code generation for common use cases. So I decided to give it a try to quickly ramp up on the new features starting with the setup of ECS task definitions.
I started with following prompt to create an ECS Fargate task definition for the fault injection feature :
Help me create an ECS fargate task definition that implements network fault injection endpoints for testing resilience.Generated task definition:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
{
"family": "fault-injection-task",
"networkMode": "awsvpc",
"requiresCompatibilities": ["FARGATE"],
"cpu": "256",
"memory": "512",
"enableFaultInjection": true,
"containerDefinitions": [
{
"name": "app-container",
"image": "your-app-image:latest",
"essential": true,
"portMappings": [
{
"containerPort": 80,
"hostPort": 80,
"protocol": "tcp"
}
]
}
]
}This new
enableFaultInjection property caught my attention, so I asked Q Developer to explain its purpose.Tell me more about the enableFaultInjection property.Q Developer went on to explain that the property enables fault injection capabilities: When set to
true, it allows fault injection requests to be accepted from the task's containers. Now I wanted to understand more about the prerequisites for the ability inject network faults and asked Q Developer to help with this.What are the prerequisites for using the fault injection feature?I understood to ensure the
With the task definition configured to support fault injection, the next step was to create an experiment that would actually test our application's resilience using AWS Fault Injection Service (FIS).
networkMode is set to awsvpc( which is the default for Fargate) and setpidModeto task if you plan to use certain fault injection actions like process killing or network manipulation.With the task definition configured to support fault injection, the next step was to create an experiment that would actually test our application's resilience using AWS Fault Injection Service (FIS).
AWS Fault Injection Service (FIS) enables controlled chaos engineering experiments on AWS resources. I asked Q Developer create an AWS FIS experiment template to test the new faults on ECS. I needed to know any requirements first.
Tell me about the requirements for using AWS Fault Injection Service (FIS) with Amazon ECS tasks.Q Developer called out that I need to add a container with an AWS Systems Manager (SSM) Agent to your ECS task definition for FIS fault actions to work. I asked Q to provide the definition to add to the SSM agent container .
Add the SSM agent container mentioned to the ECS task definition json provided earlier.Q responded with a container definition and instructed me to add this to the original task definition. Next step was to create an FIS experiment template to test one of network faults.
Create an FIS experiment template in yaml for the ECS fargate network latency fault action.I was provided the below experiment template definition that could be used to test the functionality against an ECS cluster.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
description: "ECS Fargate Network Latency Fault Injection Experiment"
stopConditions:
- source: "aws:cloudwatch:alarm"
value: "arn:aws:cloudwatch:us-east-1:123456789012:alarm:MyAlarm"
targets:
ecsTarget:
resourceType: "aws:ecs:task"
selectionMode: "ALL"
resourceTags:
Application: "MyApp"
Environment: "Production"
actions:
injectNetworkLatency:
actionId: "aws:ecs:task-network-latency"
description: "Inject network latency into ECS Fargate tasks"
parameters:
duration: "PT5M"
delayMilliseconds: "100"
jitterMilliseconds: "50"
useEcsFaultInjectionEndpoints: "true"
targets:
Tasks: "ecsTarget"
roleArn: "arn:aws:iam::123456789012:role/FISExperimentRole"
tags:
Project: "Resilience-Testing"
Owner: "DevOps-Team"
After successfully setting up both the task definition and FIS experiment template, I now had a framework for testing network resilience in the ECS applications.
Amazon Q Developer accelerated my learning of ECS network fault injection features. It provided a task definition, explained the
enableFaultInjection property, and generated the FIS experiment template. The interactive Q&A format reduced the research time to minutes. Q Developer guided me through the configuration steps needed and explained the prerequisites. This experience demonstrated Q Developer's value as a learning tool for AWS services and features.Any opinions in this post are those of the individual author and may not reflect the opinions of AWS.
Comments
Log in to comment