Deploying an Application on AWS ECS with ECR and Docker
π Overview:
This project involves deploying an application using Amazon Elastic Container Service (ECS), Amazon Elastic Container Registry (ECR), and Docker. This combination allows for efficient containerization, storage, and orchestration of applications in the AWS cloud environment.
π§ Problem Statement
The project goal is to implement a robust, scalable, and efficient deployment solution using AWS Elastic Container Service (ECS), Elastic Container Registry (ECR), and Docker. This solution should automate the deployment process, ensure environment consistency, improve resource utilization, enhance security, and provide better monitoring and scaling capabilities.
By successfully implementing this project, we expects to significantly reduce deployment times, minimize downtime, improve application performance, optimize resource usage, and ultimately deliver a better experience to their rapidly growing user base.
π Architecture Diagram
π½ Techonology Stack
The architecture consists of the following three tiers:
Private Repository : AWS ECR
Container: AWS ECS & Docker
Terminal: AWS CLI
Policies and User: AWS IAM
Virtual Machine: AWS EC2
π Project Requirements
Before you get started, make sure you have the following prerequisites in place:
IAM User with access and secrets access keys .
AWS IAM credentials configured in your text editor. In this case we will use VSCODE.
A virtual machine EC2 with Docker install already
Dockerfile and Index.html written
π Table of Contents
I - IAM configuration
Step 1: Create IAM Policy for ECR Access
Step 2: Attach policy to IAM user
Step 3: Configure your AWS Credentials on a running Ubuntu EC2
II - Create an ECR Repository
Step 1: Navigate to Amazon ECR
Step 2: Create a new Repository
Step 3: Configure setting
Step 4: Repository created
III - Push Docker Image to ECR
Step 1: Push commands for my-ecr-repo
Step 2: Creation Image and push to repository
IV - Create ECS
Step 1: Navigate to Amazon ECS
Step 2: Create a new ESC cluster
Step 3: Create Task Definition
Step 4: Create a Container
Step 5: Create ECS Service
Step 6: Create a Container
V - Access the web page
Step 1: Navigate to Configuration
Step 2: Check the result
β¨IAM CONFIGURATION
Here is the place to set up permission and authentication for our user to access the repository
Step 1: Create IAM Policy for ECR Access
First, create an IAM policy that allows necessary permissions for Amazon ECR.
Go to AWS console, search for IAM service. In IAM Dashboard, click on Policies and then click on Create policy
Click on JSON , and Then use the following JSON code for the IAM user policy to provide Amazon ECR permissions for creating repositories and pushing images.
Click on Next and enter the name for your policy. In this case we will call it AWS-ECR-Task_Policy.
Click on Create policy
Step 2: Attach policy to IAM user
This is where we attach the new policy to a user that was created before. Or feel free to create you own user.
Go to the IAM Management console, navigate to user, find the user. under Set permissions, select Attach policies directly and select the policy created
Click on Add permission
Step 3: Configure your AWS Credentials on a running Ubuntu EC2
To perform this action as we said in the requirement you must have an Amazon Ubuntu EC2 running with Docker installed on it. Check my other project to see how to do that.
Configure AWS credentials using the aws configure command.
Provide your AWS Access Key ID, Secret Access Key, AWS Region, and output format as JSON
πΌ Create an ECR Repository
Follow these steps to create an Elastic Container registry:
Step 1: Navigate to Amazon ECR
Use the AWS services search bar and search for ECR
Step 2: Create a new Repository
In the Amazon ECR console , click on Create
You will be prompt to a page where you will have to choose Public or private registry. For this project we will go with the private registry. then click Create repository
Step 3: Configure setting
In General setting give a repository name (my-ecr-repo) , the choose the image mutability. In Encryption setting stay with the standard AES-256.
Step 4: Repository created
The repository has been created successfully
πΌ Push Docker image to ECR
Here we have to create the docker image and the push it to the ECR repository. To complete that we have first the Dockerfile and the index.html files created and save in the virtual machine.
Dockerfile
index.html
Step 1: Push commands for my-ecr-repo
To push go to the Amazon ECR, open the Repository name and click on View push commands
By following below steps, you can successfully push your Docker image to Amazon ECR and make it available for use in ECS
Run the following commands one by one.
Step 2: Creation Image and push to repository
Authenticate Docker to ECR
Build Docker Image
Tag image and push
List Images in ECR Repository:
Click on the refresh button to verify that the Docker image has been uploaded to the ECR repository .
π Create ECS
Step 1: Navigate to Amazon ECS
Go to the AWS Management Console and search for ECS
Step 2: Create a new ESC cluster
in the option, Enter name for your cluster put cluster1
Under the Infrastructure, choose "AWS Fargate". Click on Create
Cluster was created successfully
Step 3: Create Definition Task
Click on Create a new task definition
Under task definition family enter name for your task. Choose FARGATE launch type. For the operating system take Linux/x86_64.
Step 4: Create a container
Fill the option with
Name of container (web-server)
Image URL: Copy the URI from the Repository that we created earlier
Essential Container (Yes)
Port Mapping Container (Port 80), Port Name (httpd)
Then click create and the task will create
Step 5: Create ECS service
Here you have to Go back to the cluster we created. Scroll down and click Create under Services.
Under the Compute options menu. Select Capacity provider strategy. Select FARGATE as the capacity provider.
Under Deployment configuration, choose Task. In Task definition Select the created task definition, (i.e., ECR-httpd)
Under Networking, select your VPC and Subnets.
Click on Create new security group. Select HTTP and open to anywhere.
Click Create the task has been created successfully
β¨Access the web page
Step 1: Navigate to Configuration
Return to the cluster1 open it , click on Tasks and click on the running task
Under Configuration, click on open address. Open the address in a web browser to access the HTTPD page.
Step 2: Check the result
π€ Contributing
Your perspective is valuable! Whether you see potential for improvement or appreciate what's already here, your contributions are welcomed and appreciated. Thank you for considering joining us in making this project even better. Feel free to follow me for updates on this project and others, and to explore opportunities for collaboration. Together, we can create something amazing!
π License
This project is licensed under the JoebahoCloud License