Monitor and manage ECS resources by using ECS application groups - Elastic Compute Service

Elastic Compute Service (ECS) Application Management integrates features such as resource management, security, monitoring, event management, O&M, and publishing. You can use ECS Application Management to operate, maintain, and manage Alibaba Cloud resources in a centralized and efficient manner. For example, you can use Application Management to create or use existing virtual private clouds (VPCs) and vSwitches to create ECS instances. Then, you can monitor and manage the created ECS instances and their related resources by group. This topic describes how to use ECS Application Management.

Introduction

ECS Application Management allows you to manage applications that are deployed in ECS and Docker and supports Alibaba Cloud Container Service for Kubernetes (ACK) clusters.

A resource group (project) can contain multiple applications, and each application can consist of multiple application groups. The following figure shows the relationships between the components related to ECS Application Management. The following table describes the components.

Component	Description
Resource group (project)	A resource group is the smallest unit for permission control and financial management. You can use resource groups to sort resources in your Alibaba Cloud account. For more information, see the relevant documentation or Terms.
Application	An application is the smallest unit of a resource group and the smallest unit for resource management.
Application group	An application group is an environment that is deployed in an application. Multiple application groups in an application can be deployed in different regions, have different configurations, and be associated with different Server Load Balancer (SLB) instances. ECS instances in an application group may be associated with different ApsaraDB RDS instances or SLB instances based on business environments or business scenarios. Examples: In the staging or production environment, ECS instances in an application group are associated with the same RDS instance but different SLB instances. In the canary release or production environment, ECS instances in an application group are associated with the same RDS instance and SLB instance. ECS instances in application groups that are deployed in different regions cannot be associated with the same RDS or SLB instance.

Scenarios and procedure

Scenarios

Assume that you use a variety of cloud services, such as ECS, ApsaraDB RDS, and SLB, and you have multiple resources of each cloud service, such as instances, block storage devices, disks, and snapshots in ECS. The resources are used by multiple business users who are granted different permissions based on their business requirements, such as requirements for resource grouping, permission management, and cost allocation. The following table describes business users (roles) by category.

Role	Description
System administrator	System administrators have the permissions to manage the basic information, tags, and resource groups of applications.
Application manager	Application managers have the permissions to create resources, allocate application users, modify application configurations and resources in applications, perform O&M on resources, and approve applications.
Application user	The permissions include but are not limited to nondestructive operations such as monitoring applications, viewing logs, checking status, and troubleshooting issues. However, the permissions explicitly exclude operations that may cause data changes or service interruptions, such as creating or deleting resources or modifying core configurations.

Procedure

The following figure shows the procedure for using ECS Application Management. The following table describes the details of the procedure.

Step	Description
Create an application	You can configure the application manager, application contact (recipient of notifications), and application users in advance. You can create applications for different resources and configure application groups based on the permissions of business users (roles). For example, after you select a region, you can import existing resources or create ECS resources based on scenarios. For more information, see Step 3.
Monitor and manage resources by group	Application users and application managers can go to the My Applications page to view the list of applications on which they have permissions. On the application details page, application users and application managers can view resource information, security risks, monitoring data, alerts, and events and can use Apsara DevOps or CloudOps Orchestration Service to perform O&M operations. For more information, see Step 5.
(Optional) Modify and delete an application	You can modify information about an application, such as the description. The tags and resource groups of applications cannot be modified. If an application does not meet your business requirements, you must create another application. For more information, see Step 6.

Procedure

Go to ECS console - Application Management.
Create an application and manage existing resources by group.
For more information, see Create an application group to manage resources.
On the My Applications page, find the application that you want to manage and click the application name to go to the details page of the application.

On the application details page, monitor and manage resources in the application by group.

The following table describes the tabs of the application details page.

Tab	Description
Overview	You can view the billing details of application groups. For more information, see View the cost analysis of an application group.
Resources	You can import resources, such as ECS instances, and manage the imported resources. For example, you can remove instances, connect to instances, run commands on instances, and change instance configurations. For more information, see Create an application group to manage resources.
O&M	You can use OOS to perform automated O&M operations on resources in application groups. For example, you can send remote commands, download files, and create custom tasks. For more information, see Perform automated O&M on resources in application groups.
Security Risks	You can view the check results of cloud platform configurations and the security information of resources. For example, you can view the pending alerts, pending vulnerabilities, and baseline issues.
O&M Items	Create a service in Compute Nest. You can create O&M items and categorize and manage the items. You can view the details of O&M items in different states, including unfinished O&M items, O&M items in progress, and pending O&M items.
Monitoring and Alerting	You can configure alert rules for resources. For more information, see Configure resource monitoring and alerting rules.
Events	You can view the triggered system events. If you subscribe to system event notifications, you can view the information of instance migration events that were triggered due to upgrades at underlying layer, scheduled O&M events, unexpected O&M events, instance billing events, and instance security events. For more information, see Overview of ECS system events and Subscribe to ECS system event notifications.
Publications	You can use Apsara DevOps pipeline integration to perform operations from code compilation and building to application deployment. For more information, see Create an Apsara DevOps pipeline to deploy applications.
Cost Analysis	You can view the cost analysis of each application group, the consumption details of ECS instances, and the average usage of ECS instances, elastic IP addresses, and SLB instances. This tab helps you better understand and control the costs of the application in the cloud. To view the costs of the application, go to the Cost Analysis page.

(Optional) On the application details page, you can modify or delete applications based on your business requirements.

Modify an application

If you want to modify the description and remarks of an application, perform the following steps:

On the application details page, click Modify Application.
1. In the dialog box that appears, modify the application description.
2. Click OK.

Delete an application

If you no longer require an application, perform the following steps to delete the application. Take note that the delete operation triggers a series of irreversible actions.

On the application details page, choose More > Delete Application.
1. In the dialog box that appears, check and confirm the information.
2. Click OK.

You can also go to the My Applications tab, find the application that you want to delete, and then click Delete in the Actions column to delete the application.

Important

Resource disassociation and release: When an application is deleted, the system automatically disassociates all resources imported to the application from the application and releases scenario-specific resources that were created for the application. The resources include but are not limited to ECS instances, associated storage resources such as cloud disks, network configurations such as security group rules, and service components such as Server Load Balancer (SLB) instances. Before you delete an application, you must back up important data or configurations.
Irreversibility: After you delete an application, all data and configurations associated with the application cannot be restored. Proceed with caution.

References

You can use the following methods to classify and manage your ECS resources:

You can group your cloud resources based on the usage, permissions, and ownership of the resources. For more information, see What is Resource Group? or Resource groups.
If your account has multiple ECS resource types and different resource types are associated with each other, you can add tags to the ECS resources to facilitate the classification and fine-grained management. For information about tags, see Tags.