Resources covered:
• IAM| ECR | ECS | FARGATE | EC2- APPLICATION LOAD BALANCER
Prerequisites:
• AWS account
• Docker
Step 2: Create Database in RDS
Step 4: Create Backend docker images from Dockerfile and push to ECR repo
Step 5: Create an ECS task definitions for Backend
Step 6: Create an ECS service for Backend and grab load-balancer url
Step 7: Create Frontend docker images (using backend load-balancer url) and push to ECR repo
Step 8: Create an ECS task definitions for Frontend
Step 9: Create an ECS service for Frontend and test the Application using FE load-balancer url
Amazon Elastic Container Service (ECS) – three key components work together to manage containerized applications: clusters, task definitions, and services. Here’s a breakdown of their roles and how they interact:
Cluster: An ECS cluster is a logical grouping of container instances that are used to run containerized applications. It provides the underlying infrastructure for managing and deploying containers. A cluster can encompass multiple EC2 instances, each running the ECS agent, which communicates with the ECS service to receive deployment instructions.
Task Definition: A task definition is a blueprint for an ECS task, specifying the container images, configurations, and resources needed to run the application. It defines the containers within a task, their resource requirements, networking configurations, and other parameters.
Service: An ECS service is responsible for managing the lifecycle of a task definition, ensuring the desired number of task instances are running within the cluster. It monitors the health and status of tasks, and automatically replaces failed or unhealthy tasks. A service can run multiple task instances across multiple EC2 instances within the cluster, ensuring high availability and scalability.
In simpler terms, a cluster is the physical infrastructure, a task definition is the blueprint for the application, and a service is the manager that runs the application based on the task definition.
Here’s an analogy: Imagine a restaurant where the kitchen is the cluster, the recipes are the task definitions, and the chefs are the services. The kitchen provides the space and equipment, the recipes define how to prepare the dishes, and the chefs execute the recipes to serve the customers.
ECS clusters, task definitions, and services work together to provide a comprehensive platform for running, managing, and scaling containerized applications on AWS.
Flow diagram
In this application architecture, user access is initiated through browsing the URL of the frontend load balancer, which efficiently directs traffic to frontend containers operating within the Fargate service of the ECS clusters. Fargate, being a self-managed AWS service, ensures automatic scaling and management of the frontend containers based on demand.
The frontend containers, once activated, make API calls to the backend containers, which are deployed behind a backend Elastic Load Balancer (ELB) and run within ECS Fargate. This architecture combines the serverless deployment capabilities of Fargate for both frontend and backend components. The backend containers are responsible for fetching and storing data in an AWS RDS MySQL database, with the interaction facilitated through the RDS endpoint URL and port 3306. This setup offers a scalable, efficient, and fully managed solution, with Fargate handling the complexities of container orchestration and AWS RDS managing the database interactions seamlessly.
Navigate to Services >> ECS >> Create cluster >> Cluster name — Webappclus >> Infrastructure – AWS Fargate >> Create
Step 2: Create Database in RDS
Click this link to find steps to create database in AWS RDS.
Complete step to push docker image from local machine to ECR can be found at this link.
Navigate to Services >> ECR >> Create a repository
Step 4: Create Backend docker images from Dockerfile and push to ECR repo
Please refer document in this link to create backend docker images from Dockerfile.
Select >> repo created (webappecr) >> View push commands >> follow below command:
—Authenticate your Docker client to your registry—-
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 109019749376.dkr.ecr.us-east-1.amazonaws.com
—- tag your image so you can push the image to this repository: —–
docker tag webapp-be:latest 109019749376.dkr.ecr.us-east-1.amazonaws.com/webappecr:webappbe
—— command to push this image to your newly created AWS repository: ——-
docker push 109019749376.dkr.ecr.us-east-1.amazonaws.com/webappecr:webappbe
Step 5: Create an ECS task definitions for Backend
Navigate to >> Services >> ECS >> Task definitions >> Create new task defn
Step 6: Create an ECS service for Backend and grab load-balancer url
Navigate to >> Clusters >> webappclus >> Services >> Create
While creating ECS service for the backend we are creating new security group, in this security group we will enable port 5000 and 3306 to be accessed from anywhere (in the inbound rules).
Step 7: Create Frontend docker images (using backend load-balancer url) and push to ECR repo
Please refer document in this link to create frontend docker images from Dockerfile.
1) Copy the URL of Backend Load Balancer from
Services >> EC2 >> Load balancers >> be-lb >> copy DNS name
2) Open Dokerfile for Frontend and replace the “localhost” in apiurl with LB URL
—–before—
echo "apiUrl: 'http://localhost:5000/api/v1/'," >> environment.prod.ts && \
—–after—–
echo "apiUrl: 'http://be-lb-257328377.us-east-1.elb.amazonaws.com:5000/api/v1/'," >> environment.prod.ts && \
3) Open terminal from the folder where the updated Dokerfile is present and create Docker image for FE
Run: docker build -t webapp-fe-aws --no-cache .
4) Push the FE docker image created to ECR
Run the below commands in your Terminal
—- tag your image so you can push the image to this repository: —–
docker tag webapp-fe-aws:latest 109019749376.dkr.ecr.us-east-1.amazonaws.com/webappecr:webappfe
—- command to push this image to your newly created AWS repo—
docker push 109019749376.dkr.ecr.us-east-1.amazonaws.com/webappecr:webappfe
Step 8: Create an ECS task definitions for Frontend
Navigate to >> Services >> ECS >> Task definitions >> Create new task defn
Step 9: Create an ECS service for Frontend and test the Application using FE load-balancer url
Navigate to >> Clusters >> webappclus >> Services >> Create
Browse the Application with FE load Balancer URL
Services >> EC2 >> Load balancers >> fe-lb >> copy DNS name
Steps to access a container running in an ECS Cluster
To access a container running in an Amazon Elastic Container Service (ECS) cluster, you generally have two common approaches:
- Accessing Containers Running on ECS Instances Directly (EC2 Launch Type): This approach is typically used when you are running ECS tasks on EC2 instances (EC2 launch type). You can SSH into the EC2 instances and access the containers directly. Here’s how you can do it:
- Identify the EC2 instance where your container is running. You can find this information in the ECS cluster’s task list in the AWS Management Console.
- Use SSH to connect to the EC2 instance. The exact SSH command will depend on your instance’s configuration and security settings. Generally, it will look like:
ssh -i your-key.pem ec2-user@ec2-instance-ip
- Once logged into the EC2 instance, you can access the container using Docker commands. For example:
docker exec -it container-name /bin/bash
Replace
container-namewith the actual name or ID of your container. - Accessing Containers via AWS Fargate (Fargate Launch Type): If you are using the Fargate launch type, you cannot SSH into the underlying infrastructure because AWS manages the infrastructure for you. However, you can use AWS Systems Manager Session Manager to access the container’s shell or use AWS CloudWatch Logs for logging.
- AWS Systems Manager Session Manager: AWS Systems Manager provides a feature called Session Manager that allows you to access the shell of your containers in ECS Fargate. It’s a secure way to access the container without direct SSH access. Make sure you have the necessary IAM permissions to use Session Manager.
- AWS CloudWatch Logs: You can configure your containers to send logs to AWS CloudWatch Logs. This way, you can access container logs and troubleshoot any issues.
The method you choose depends on your specific requirements and whether you are using ECS with the EC2 launch type or the Fargate launch type. In both cases, it’s important to ensure that you have the necessary IAM permissions and that your security groups and network configurations allow the necessary access for connecting to the containers or instances.
Remember to follow AWS best practices for security and access control when accessing containers within your ECS cluster.