Deploy 3-Tier Web App on AWS ECS using EC2 & ECR

In this application architecture, user access is initiated by browsing the URL of the frontend load balancer, which efficiently distributes traffic to frontend containers deployed across EC2 instances within ECS clusters. The Auto Scaling Groups (ASG) dynamically manage the number of EC2 instances and containers, adjusting in response to fluctuations in traffic and load to ensure optimal performance. The frontend containers, once activated, make API calls to backend containers running on EC2 instances within another ECS cluster.

Similar to the frontend, ASG manages the scaling of backend EC2 instances and containers based on varying traffic and load conditions. The backend container, responsible for data processing, interacts with an AWS RDS MySQL database. This interaction is facilitated through the RDS endpoint URL and port 3306, allowing the backend container to efficiently fetch and store data in the RDS database. Overall, this architecture is designed for scalability and responsiveness, with ASG dynamically adjusting resources to maintain an optimal balance between user demand and system capacity.

Step 1: Create IAM user with ECS role and configure it thorough AWS CLI

Please refer to this link to create IAM role.

Step 2: VPC creation

Please refer to this link to create VPC

Step 3: Create repo in ECR

Please refer to this link to create repo in ECR.

Step 4: Create Backend docker image from Dockerfile and push to ECR repo

Please refer this link to create backend docker images from Dockerfile and push docker image to ECR repo.

Step 5: Create an ECS cluster

Navigate to Services >> ECS >> Create cluster >> Cluster name — Webappclus >> Infrastructure – EC2 instances >> Create ASG >> OS – Amazon Linux 2 >> instance type – t2large >> SSH Key pair add >>

Click on create and your ECS cluster will be provisioned.

Please Note while creating cluster:

The instances created in the cluster have a “default security group” of the VPC attached, so that default sg should have all required ports opened.
while creating the cluster enable SSH i.e generate ppk file .. so that SSH to ec2 of cluster and SSH to containers from instances of the cluster can be achieved

Step 6: Create a backend target group, and backend load-balancer, and then attach the backend load balancer to above created ASG (created by cluster)

1) Create Backend TG

Services >> EC2 >> Target groups >> Create

2) Create Backend Load Balancer

Services >> EC2 >> Load Balancer >> Create ALB

Load balancer name — be-lb >> Scheme — Internet-facing >> IP address type — IPv4 >> VPC — select your vpc — choose public subnets >> choose Security group (Create a new security group with inbound rules to allow port 5000 and 3306 from anywhere)

– Select above created target group for backend.

– Create two listeners, one for port 5000 and one for port 3306.

Point to note : Load balancers can have multiple listeners, each associated with a specific port, and these listeners can route incoming traffic to different target groups, which in turn can direct traffic to different machines or instances.

3) Attach created load balancer having target group to ASG created by the cluster, so that when new instances are created by ASG… they automatically get registered with the target group.

EC2 >> Auto Scaling groups >> Select one created by clus

Step 7: Create task definition and service for backend

1) Create task definition using Elastic container Service

Create task definition >> ec2-instance type >> Network-mode – bridge >> leave value blank for the hard values of the container.

2) Create service in ECS cluster using above created task-definition.

Amazon Elastic Container Service >> Clusters >> Cluster-name >> Services >> create

After creating service, we need to grab the backend loadbalancer URL And update the frontend dockerfile and then create frontend docker image.

Step 8: Create Frontend docker image from Dockerfile and push to ECR repo

Grab the backend load balancer url and update frontend dockerfile, create docker image and push to ecr

<<Click this link for Ref>>

Step 9: Create a Frontend target group, and Frontend load-balancer, and then attach the Frontend load balancer to above created ASG (created by cluster)

1) Create Frontend TG

Create frontend target group with target type as ec2 and http-port-protocol as 80 with default VPC and SG

Services >> EC2 >> Target groups >> Create

2) Create Frontend Load Balancer

Services >> EC2 >> Load Balancer >> Create LB >> ALB >>

Load balancer name — fe-lb >> Scheme — Internet-facing >> IP address type — IPv4 >> VPC — select your vpc — choose public subnets >> choose Security group (Create a new security group with inbound rules to allow port 80 from anywhere)

– Select above created target group for backend.

– Create one listeners for port 80

3) Attach created load balancer having target group to ASG created by the cluster, so that when new instances are created by ASG… they automatically get registered with the target group.

EC2 >> Auto Scaling groups >> Select one created by clus

Step 10: Create task definition and service for Frontend

1) Elastic container Service >> Task definitions

Create task definition >> ec2-instance type >> Network-mode – bridge >> leave value blank for the hard values of the container.

2) Elastic container Service >> cluster >> create service

Amazon Elastic Container Service >> Clusters >> webappclus >> Services >> create

Step 11: Access the Application

Browser >> Hit LB url

Steps to access a container running in an ECS Cluster

To access a container running in an Amazon Elastic Container Service (ECS) cluster, you generally have two common approaches:

Accessing Containers Running on ECS Instances Directly (EC2 Launch Type): This approach is typically used when you are running ECS tasks on EC2 instances (EC2 launch type). You can SSH into the EC2 instances and access the containers directly. Here’s how you can do it:
- Identify the EC2 instance where your container is running. You can find this information in the ECS cluster’s task list in the AWS Management Console.
- Use SSH to connect to the EC2 instance. The exact SSH command will depend on your instance’s configuration and security settings. Generally, it will look like:
  
  ssh -i your-key.pem ec2-user@ec2-instance-ip
- Once logged into the EC2 instance, you can access the container using Docker commands. For example:
  
  docker exec -it container-name /bin/bash
Replace container-name with the actual name or ID of your container.
Accessing Containers via AWS Fargate (Fargate Launch Type): If you are using the Fargate launch type, you cannot SSH into the underlying infrastructure because AWS manages the infrastructure for you. However, you can use AWS Systems Manager Session Manager to access the container’s shell or use AWS CloudWatch Logs for logging.
- AWS Systems Manager Session Manager: AWS Systems Manager provides a feature called Session Manager that allows you to access the shell of your containers in ECS Fargate. It’s a secure way to access the container without direct SSH access. Make sure you have the necessary IAM permissions to use Session Manager.
- AWS CloudWatch Logs: You can configure your containers to send logs to AWS CloudWatch Logs. This way, you can access container logs and troubleshoot any issues.
The method you choose depends on your specific requirements and whether you are using ECS with the EC2 launch type or the Fargate launch type. In both cases, it’s important to ensure that you have the necessary IAM permissions and that your security groups and network configurations allow the necessary access for connecting to the containers or instances.

Remember to follow AWS best practices for security and access control when accessing containers within your ECS cluster.

Thanks for going through the document, please comment or contact-us in case of any queries.

Deployment of 3-Tier Web Application on AWS ECS using EC2 and ECR

Flow Diagram

Steps to access a container running in an ECS Cluster

Leave a Reply Cancel reply