These are the latest supported Weave AMIs for each region:
For more information about Weave AMIs and running them see:
- What’s in the Weave ECS AMIs?
- Deployment Requirements
- Required Open Ports
- Additional IAM Action Permissions
- Requirements for Peer Discovery
- Peer Discovery with Weave Net
- How to Run Weave Scope
- Standalone mode
- In Weave Cloud
- Upgrading Weave Scope and Weave Net
- Creating Your Own Customized Weave ECS AMI
The latest Weave ECS AMIs are based on Amazon’s
ECS-Optimized Amazon Linux AMI,
2017.03.f and also includes:
Weave Net to function properly, ensure that the Amazon ECS container
instances can communicate over these ports: TCP 6783, as well as, UDP 6783 and
In addition to those open ports, launching
Weave Scope in standalone mode,
requires that all instances are able to communicate over TCP port 4040. More information about
this can be found in How to Run Weave Scope.
relevant section of the
Service Discovery and Load Balancing with Weave on Amazon ECS
for an example.
Besides the customary Amazon ECS API actions required by all container instances
AmazonEC2ContainerServiceforEC2Role managed policy), any instances using the Weaveworks ECS AMI must also be allowed to perform the following actions:
These extra actions are needed for discovering instance peers (1,2,3) and
creating the ECS views in Weave Scope
Weaveworks ECS guide),
describes the minimal policy definition.
For more information on IAM policies see IAM Policies for Amazon EC2.
To form a Weave network, the Amazon ECS container instances must either/or:
At boot time, an instance running the ECS Weave AMI will try to join other instances to form a Weave network.
- If the instance has a
weave:peerGroupName, it will join other instances with the same tag key and value. For instance, if the tag key is
weave:peerGroupNameand the value is
fooit will try to join other instances with tag key
weave:peerGroupNameand tag value
foo. Note that for this to work, the instances need to be tagged at creation-time so that the tag is available by the time Weave is launched.
- Otherwise it will join all the other instances in the same Auto Scaling Group.
Weave Scope in Standalone mode, probes discover apps with the same mechanism.
There are two methods for running
Weave Scope within the Weave ECS AMIs:
You can prevent Weave Scope from automatically starting at boot time by removing
This can be done at instance initialization time adding the following line to the User Data of the instance.
Weave Scope in standalone mode is the default mode.
The following occurs on all Amazon ECS container instances:
Weave Scopeprobe is launched that collects instance information.
Weave Scopeapp runs that enables cluster visualization.
Since all instances run an app and show the same information, you don’t have to worry about placing the app, thereby eliminating a Leader election problem.
However, running the app on all instances impacts performance, resulting in
N = N^2 connections in the Auto Scaling Group with N instances (i.e. all (N)
probes talk to all (N) apps in every instances).
To avoid this problem, it is recommended that you run
Weave Scope in Weave Cloud.
Weave Scope app runs a web-based application, which listens on TCP port
4040 where you can connect with your browser.
Weave Scope probes also forward information to the apps on TCP
port 4040. Ensure that your Amazon ECS container instances can talk to each
other on that port before running
Weave Scope in standalone mode (see
Required Open Ports for more details).
In Weave Cloud, you can visualize Amazon ECS containers as well as monitor Tasks
and Services all from within in Weave Cloud at https://cloud.weave.works.
In this case, Amazon ECS container instances run a
Weave Scope probe and reports
data from the container instances to Weave Cloud.
To configure your ECS container instances to communicate with Weave Cloud,
Weave Scope cloud token in the
Weave Scopecloud token can be found in your Weave Cloud account at http://cloud.weave.works.
For example, this command configures the instance to communicate with Weave
Cloud using token
echo SERVICE_TOKEN=3hud3h6ys3jhg9bq66n8xxa4b147dt5z >> /etc/weave/scope.config
The AMIs are updated regularly (~monthly) to include the latest versions of Weave Net and Weave Scope. However, it is possible to upgrade Weave Net and Weave Scope in your running EC2 instances without needing to wait for a new AMI release or by rebuilding your cluster.
In order to upgrade Scope to the latest released version, run the following commands in each of your instances:
sudo curl -L git.io/scope -o /usr/local/bin/scope sudo chmod a+x /usr/local/bin/scope sudo stop scope sudo start scope
Upgrade Weave Net to the latest version by running the following commands in each of your instances:
sudo curl -L git.io/weave -o /usr/local/bin/weave sudo chmod a+x /usr/local/bin/weave sudo stop weave sudo start weave
Clone the integrations repository and then change to the
git clone https://github.com/weaveworks/integrations cd aws/ecs/packer
Download and install Packer version >=0.9 to build the AMI.
./build-all-amis.sh to build the
Weave ECS images for all
regions. This step installs (in the image) AWS-CLI, jq, Weave Net, Weave Scope, init scripts
Weave and it also updates the ECS agent to use the
Weave Docker API Proxy.
Customize the image by modifying
template.json to match your
AWS_ACCSS_KEY_ID=XXXX AWS_SECRET_ACCESS_KEY=YYYY ./build-all-amis.sh
(If your account has MFA enabled you should follow this process
and also set
If building an AMI for a particular region, set the
ONLY_REGION variable to
that region when invoking the script:
ONLY_REGION=us-east-1 AWS_ACCSS_KEY_ID=XXXX AWS_SECRET_ACCESS_KEY=YYYY ./build-all-amis.sh
Read the Service Discovery and Load Balancing with Weave on Amazon ECS guide for more information about the AMIs.