AWS ECS Fargate install guide
Table of contents
Deployment architecture
Prerequisites
AWS CLI installed and access configured
Docker installed locally and has access to Buzzy main and logging app image repositories (reach out Buzzy team for access to image repositories)
Three MonogDB databases including oplog database
AWS S3 buckets - refer section 3 for deployment steps
AWS Application Load Balancer
Domain names and DNS for Buzzy main and logging apps
Container capacity
Minimum capacity for both Apps (Main and Logging) is 0.5 vCPU and 1 GB RAM. However, baseline capacity analysis and autoscaling rules are recommended.
AWS services used
Amazon Virtual Private Cloud (VPC).
Amazon Elastic Container Service (ECS).
AWS Fargate.
Amazon Elastic Container Registry (ECR).
AWS CLI & ECS CLI - manage AWS services & ECS.
Amazon Simple Storage Service (S3).
Amazon Route 53 and Application Load Balancer.
S3 storage buckets
As Buzzy application requires two S3 compatible storage buckets, let's create two S3 buckets using AWS S3 service.
Add two S3 buckets with any given names. Configure one S3 bucket for anonymous user read access. To grant an anonymous user read access for the nominated S3 bucket, add the bucket policy as seen below:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::your-bucket-name/*"
}
]
}Add CORS configuration for both S3 buckets as seen below:
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"GET",
"PUT",
"POST",
"DELETE",
"HEAD"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": [
"ETag"
]
}
]Import Buzzy images into ECR
This deployment uses Amazon Elastic Container Registry (ECR) as the private container registry storing image repositories for Buzzy main and logging apps. It is also possible to directly pull images into ECS tasks by importing your Docker Hub credentials (refer to ECS documentation).
Deploy and Attach Amazon Elastic Container Registry (ECR)
This deployment can be done via the AWS console or AWS CLI.
Using AWS console;
a. Navigate to Amazon ECR and click "Create repository".
b. Follow the wizard to complete the registry creation.
Refer AWS tutorial to create an ECR using AWS CLI.
Import Buzzy images to ECR repositories
Complete this step to import two images from Docker hub's Buzzy image repositories shared with you by Buzzy team.
Run this command using AWS CLI to import Buzzy main app image:
$ aws ecr get-login-password --region region | docker login --username AWS --password-stdin aws_account_id.dkr.ecr.region.amazonaws.com
$ docker pull buzzybuzz/buzzy-main:latest
$ docker tag buzzybuzz/buzzy-main:latest aws_account_id.dkr.ecr.region.amazonaws.com/buzzy-main:latest
$ docker push aws_account_id.dkr.ecr.region.amazonaws.com/buzzy-main:latestRun this command to import Buzzy logging app image:
$ docker pull buzzybuzz/buzzy-logging:latest
$ docker tag buzzybuzz/buzzy-logging:latest aws_account_id.dkr.ecr.region.amazonaws.com/buzzy-logging:latest
$ docker push aws_account_id.dkr.ecr.region.amazonaws.com/buzzy-logging:latestRefer to AWS documentation for image import instructions.
Deploy ECS Fargate cluster
Amazon ECS Fargate cluster is deployed using Amazon ECS service. Login to AWS console and navigate to Amazon ECS service. Click "Create Cluster" and then select "Networking only" cluster template powered by AWS Fargate. You will be given options to select the VPC and subnets during the deployment wizard depending on your availability, scalability and capacity requirements. This deployment enables load balancing service by default. Refer to AWS documentation for ECS cluster deployment.
Buzzy main app deployment
You may refer to the sample Buzzy main app task definition below and make changes according to your deployment specifications and ECS cluster configurations. Make sure to change server domain names, URLs and other object/service names according to your own values.
Create a task definition using AWS console or AWS CLI:
Refer to AWS documentation for task definition creation.
Sample Buzzy main app task definition:
{
"family": "buzzy-main-task",
"networkMode": "awsvpc",
"requiresCompatibilities": [
"FARGATE"
],
"cpu": "512",
"memory": "1024",
"executionRoleArn": "arn:aws:iam::account-id:role/ecsTaskExecutionRole",
"containerDefinitions": [
{
"name": "buzzy-main-container",
"image": "account-id.dkr.ecr.region.amazonaws.com/buzzy-main:latest",
"portMappings": [
{
"containerPort": 8080,
"protocol": "tcp"
}
],
"essential": true,
"environment": [
{
"name": "PORT",
"value": "8080"
},
{
"name": "ROOT_URL",
"value": "https://main-app.buzzy.net"
},
{
"name": "LOG_TO_STDOUT",
"value": "1"
},
{
"name": "MONGO_URL",
"value": "mongodb+srv://username:[email protected]/database?retryWrites=true&w=majority"
},
{
"name": "MONGO_OPLOG_URL",
"value": "mongodb+srv://username:[email protected]/local?retryWrites=true&w=majority"
},
{
"name": "METEOR_SETTINGS",
"value": "{\n \"jwtSecret\": \"change-to-some-very-long-secret-string\",\n \"REPORT_ABUSE_EMAILS\": [\"[email protected]\"],\n \"AWS_BUZZY_FILES\": {\n \"enabled\": true,\n \"accessKeyId\": \"your-access-key-id\",\n \"secretAccessKey\": \"your-secret-access-key\",\n \"region\": \"us-east-1\"\n },\n \"MAIL_URL\": \"smtp://someuser:[email protected]:587\",\n \"BUZZY_ADMIN_EMAIL\": \"someadminemail\",\n \"DEFAULT_OAUTH_PROVIDERS\": {\n \"defaultOrganizationName\": \"Organisation name\",\n \"providers\": []\n },\n \"BUZZY_ADMIN_IDS\": [\"adminuserid\"],\n \"BUZZY_LOGGING_TOKEN\": \"somelongtoken\",\n \"BUZZY_ADMIN_TOKEN\": \"somelongtoken\",\n \"BUZZY_CREATE_DEFAULT_ACCOUNTS\": {\n \"enabled\": true,\n \"accounts\": [\n {\n \"email\": \"[email protected]\",\n \"password\": \"somepassword\",\n \"isAdmin\": true\n }\n ]\n },\n \"public\": {\n \"AWS_BUZZY_FILES\": {\n \"enabled\": true,\n \"S3FileExpiry\": 604800,\n \"BUCKET_NAME\": \"buzzy-files\",\n \"PUBLIC_BUCKET_NAME\": \"buzzy-files-public\",\n \"s3ForcePathStyle\": false,\n \"URL_PATTERN\": \"https://buzzy-files.s3.amazonaws.com\"\n },\n \"BUZZY_CUSTOM\": {\n \"NAME\": \"Organization Name\",\n \"APP_URL_IOS\": \"\",\n \"APP_URL_ANDROID\": \"\",\n \"LOGO_MAIN\": \"\",\n \"LOGO_MAIL\": \"\",\n \"LOGO_MAIL_WIDTH\": \"60\",\n \"LOGO_MAIL_HEIGHT\": \"25\",\n \"EMAIL_FOOTER\": \"\",\n \"PROMO\": \"\",\n \"PROMO_URL\": \"\",\n \"SPLASH_IMAGE\": \"\",\n \"WELCOME_IMAGE\": \"\"\n },\n \"BUZZY_PROVIDERS\": [],\n \"BUZZY_LOGGING_SERVER\": \"https://logging-app.buzzy.net\",\n \"BUZZY_TEMPLATE_SERVER\": \"http://a.buzzy.buzz\",\n \"BUZZY_VERSION\": \"3.0.1\"\n }\n}"
}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/buzzy-main-task",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "ecs"
}
}
}
]
}Create a service using the task definition:
Refer to AWS documentation for service creation.
Buzzy Logging app deployment
Refer to sample Buzzy logging app task definition below and make changes according to your deployment specifications and ECS cluster configurations. Make sure to change server domain names, URLs and other object/service names according to your own values.
Sample Buzzy logging app task definition:
{
"family": "buzzy-logging-task",
"networkMode": "awsvpc",
"requiresCompatibilities": [
"FARGATE"
],
"cpu": "256",
"memory": "512",
"executionRoleArn": "arn:aws:iam::account-id:role/ecsTaskExecutionRole",
"containerDefinitions": [
{
"name": "buzzy-logging-container",
"image": "account-id.dkr.ecr.region.amazonaws.com/buzzy-logging:latest",
"portMappings": [
{
"containerPort": 8080,
"protocol": "tcp"
}
],
"essential": true,
"environment": [
{
"name": "PORT",
"value": "8080"
},
{
"name": "ROOT_URL",
"value": "https://logging-app.buzzy.net"
},
{
"name": "LOG_TO_STDOUT",
"value": "1"
},
{
"name": "MONGO_URL",
"value": "mongodb+srv://username:[email protected]/database?retryWrites=true&w=majority"
},
{
"name": "MONGO_OPLOG_URL",
"value": "mongodb+srv://username:[email protected]/local?retryWrites=true&w=majority"
},
{
"name": "METEOR_SETTINGS",
"value": "{\n \"BUZZY_LOGGING_TOKEN\": \"somelongtoken\",\n \"public\": {\n \"BUZZY_LOGGING_SERVER\": \"https://logging-app.buzzy.net\",\n \"BUZZY_APP_SERVER\": \"https://main-app.buzzy.net\"\n }\n}"
}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/buzzy-logging-task",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "ecs"
}
}
}
]
}DNS and HTTPS
DNS management
You can use Amazon Route 53 or any third-party DNS tools to manage DNS records to resolve load balancer IPs for both app services.
Load balancer with HTTPS
Create an Application Load Balancer to distribute incoming traffic across multiple targets. Configure HTTPS listeners with SSL/TLS certificates from AWS Certificate Manager.
Refer to AWS documentation for HTTPS configuration.
Last updated