And now we simply configure and build our ECS cluster through the ECS CLI:
$ ecs-cli configure --cluster tutorial-cluster --default-launch-type FARGATE --region eu-central-1 --config-name fgate_ff_config $ ecs-cli up
Take note of the ouput of this command, copying and pasting the result in a sheet of your favourite editor, you’ll need the cluster VPC id to create a security group in it, you’ll need also the subnets. Again, remember to replace the zero filled ids with your own:
$ aws ec2 create-security-group \ --description aws_tutorial_security \ --group-name aws_tutorial_group \ --vpc-id vpc-0000000000000000
Take note of the resulting output, stating the relative GroupId. In case you forget to do it, you can use the following command to retrive it:
$ aws ec2 describe-security-groups \ --filters Name=description,Values=aws_tutorial_security | grep GroupId
Then authorize input traffic to the security group, replacing your own group-id:
$ aws ec2 authorize-security-group-ingress \ --group-id sg-00000000000000000 \ --protocol tcp \ --port 80 \ --cidr 0.0.0.0/0
Cidr is not fake and its zeroes mean all IPs. The next thing is to create our service, first let’s edit the two necessary config files:
$ vi ecs-params.yml
version: 1 task_definition: task_execution_role: ecsTaskExecutionRole ecs_network_mode: awsvpc task_size: mem_limit: 0.5GB cpu_limit: 256 run_params: network_configuration: awsvpc_configuration: subnets: - "subnet-00000000000000000" - "subnet-00000000000000000" security_groups: - "sg-00000000000000000" assign_public_ip: ENABLED
$ vi docker-compose.yml
version: '3' services: lamp: image: 000000000000.dkr.ecr.eu-central-1.amazonaws.com/aws_lamp_tutorial ports: - "80:80" logging: driver: awslogs options: awslogs-group: lamp-tutorial awslogs-region: eu-central-1 awslogs-stream-prefix: lamp
$ ecs-cli compose --project-name tutorial service up --create-log-groups --cluster-config fgate_ff_config
The last thing to do is to get our instance IP address and set a rule inside our default security group which regards our MySQL database, so that the ECS instance can access to it:
$ aws ecs list-tasks --cluster tutorial-cluster
$ aws ecs describe-tasks \ --cluster tutorial-cluster \ --tasks arn:aws:ecs:eu-central-1:000000000000:task/00000000-0000-0000-0000-000000000000 \ | grep eni-
Please replace the task arn with your own. Now let’s find our public IP address, dont’t forget the zeroes:
$ aws ec2 describe-network-interfaces --network-interface-ids eni-e0000000 | grep PublicIp
$ aws ec2 authorize-security-group-ingress \ --group-name default \ --protocol tcp \ --port 3306 \ --cidr 00.000.00.000/00
It should be noted that cidr is fake, it must be replaced with your own IP address, then point your browser at that location. The app should be working.
Once you’re done remember to do the cleaup to stop your instances, even if you have a free tier account, this tutorial is compatible with it. To do that, issue the following commands:
$ ecs-cli compose --project-name tutorial service down --cluster-config fgate_ff_config
$ aws ec2 delete-security-group --group-id sg-00000000000000000
$ ecs-cli down --force --cluster-config tutorial --cluster-config fgate_ff_config $ aws logs delete-log-group --log-group-name lamp-tutorial
Detach our execution policy and delete IAM role:
$ aws iam detach-role-policy --role-name aws_tutorial_role --policy-arn arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolic $ aws iam delete-role --role-name aws_tutorial_role
Delete image and ECR repository, please replace your own imageDigest:
$ aws ecr list-images --repository-name aws_lamp_tutorial | grep imageDigest $ aws ecr batch-delete-image --repository-name aws_lamp_tutorial --image-ids imageDigest=sha256:19665f1e6d1e504117a1743c0a3d3753086354a38375961f2e665416ef4b1b2f
Finally delete your database instance:
$ aws rds delete-db-instance --db-instance-identifier mysql-tutorial-db --skip-final-snapshot
And we’re done. In this session you learned a simple deploying operation with ECS, Docker and RDS.
Should you necessitate the files needed for this project, you can find them in this GitHub repository.
Do not put into production this tutorial, there are security, performance and architecture improvements to make, the example is semi-trivial. In the next episode we will be examining some more in detail some other aspects of AWS, till then, stay tuned and happy coding.
Did you like this post? Please comment here below and share it on your preferred social networks, thank you!
Hi there. My name is Mirko Benedetti, I’m a Software Developer and I founded Benedict Engineers. Excellence is what I consider to be our ultimate goal, and passion for technology constantly drives me to it. I began programming self-taught at a very young age. Since then I learned a lot, and every day I enjoy learning new things. Here is my Linkedin Curriculum, feel free to connect.