AWS ECS Fargate install guide

Table of contents


Deployment architecture

Prerequisites

  1. AWS CLI installed and access configured

  2. Docker installed locally and has access to Buzzy main and logging app image repositories (reach out Buzzy team for access to image repositories)

  3. Three MonogDB databases including oplog database

  4. AWS S3 buckets - refer section 3 for deployment steps

  5. AWS Application Load Balancer

  6. Domain names and DNS for Buzzy main and logging apps

Container capacity

Minimum capacity for both Apps (Main and Logging) is 0.5 vCPU and 1 GB RAM. However, baseline capacity analysis and autoscaling rules are recommended.

AWS services used

  • Amazon Virtual Private Cloud (VPC).

  • Amazon Elastic Container Service (ECS).

  • AWS Fargate.

  • Amazon Elastic Container Registry (ECR).

  • AWS CLI & ECS CLI - manage AWS services & ECS.

  • Amazon Simple Storage Service (S3).

  • Amazon Route 53 and Application Load Balancer.

S3 storage buckets

As Buzzy application requires two S3 compatible storage buckets, let's create two S3 buckets using AWS S3 service.

Add two S3 buckets with any given names. Configure one S3 bucket for anonymous user read access. To grant an anonymous user read access for the nominated S3 bucket, add the bucket policy as seen below:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::your-bucket-name/*"
        }
    ]
}

Add CORS configuration for both S3 buckets as seen below:

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "GET",
            "PUT",
            "POST",
            "DELETE",
            "HEAD"
        ],
        "AllowedOrigins": [
            "*"
        ],
        "ExposeHeaders": [
            "ETag"
        ]
    }
]

Import Buzzy images into ECR

This deployment uses Amazon Elastic Container Registry (ECR) as the private container registry storing image repositories for Buzzy main and logging apps. It is also possible to directly pull images into ECS tasks by importing your Docker Hub credentials (refer to ECS documentation).

Deploy and Attach Amazon Elastic Container Registry (ECR)

This deployment can be done via the AWS console or AWS CLI.

Using AWS console;

a. Navigate to Amazon ECR and click "Create repository".

b. Follow the wizard to complete the registry creation.

Refer AWS tutorial to create an ECR using AWS CLI.

Import Buzzy images to ECR repositories

Complete this step to import two images from Docker hub's Buzzy image repositories shared with you by Buzzy team.

Run this command using AWS CLI to import Buzzy main app image:

$ aws ecr get-login-password --region region | docker login --username AWS --password-stdin aws_account_id.dkr.ecr.region.amazonaws.com

$ docker pull buzzybuzz/buzzy-main:latest

$ docker tag buzzybuzz/buzzy-main:latest aws_account_id.dkr.ecr.region.amazonaws.com/buzzy-main:latest

$ docker push aws_account_id.dkr.ecr.region.amazonaws.com/buzzy-main:latest

Run this command to import Buzzy logging app image:

$ docker pull buzzybuzz/buzzy-logging:latest

$ docker tag buzzybuzz/buzzy-logging:latest aws_account_id.dkr.ecr.region.amazonaws.com/buzzy-logging:latest

$ docker push aws_account_id.dkr.ecr.region.amazonaws.com/buzzy-logging:latest

Refer to AWS documentation for image import instructions.

Deploy ECS Fargate cluster

Amazon ECS Fargate cluster is deployed using Amazon ECS service. Login to AWS console and navigate to Amazon ECS service. Click "Create Cluster" and then select "Networking only" cluster template powered by AWS Fargate. You will be given options to select the VPC and subnets during the deployment wizard depending on your availability, scalability and capacity requirements. This deployment enables load balancing service by default. Refer to AWS documentation for ECS cluster deployment.

Buzzy main app deployment

You may refer to the sample Buzzy main app task definition below and make changes according to your deployment specifications and ECS cluster configurations. Make sure to change server domain names, URLs and other object/service names according to your own values.

Create a task definition using AWS console or AWS CLI:

Refer to AWS documentation for task definition creation.

Sample Buzzy main app task definition:

{
    "family": "buzzy-main-task",
    "networkMode": "awsvpc",
    "requiresCompatibilities": [
        "FARGATE"
    ],
    "cpu": "512",
    "memory": "1024",
    "executionRoleArn": "arn:aws:iam::account-id:role/ecsTaskExecutionRole",
    "containerDefinitions": [
        {
            "name": "buzzy-main-container",
            "image": "account-id.dkr.ecr.region.amazonaws.com/buzzy-main:latest",
            "portMappings": [
                {
                    "containerPort": 8080,
                    "protocol": "tcp"
                }
            ],
            "essential": true,
            "environment": [
                {
                    "name": "PORT",
                    "value": "8080"
                },
                {
                    "name": "ROOT_URL",
                    "value": "https://main-app.buzzy.net"
                },
                {
                    "name": "LOG_TO_STDOUT",
                    "value": "1"
                },
                {
                    "name": "MONGO_URL",
                    "value": "mongodb+srv://username:[email protected]/database?retryWrites=true&w=majority"
                },
                {
                    "name": "MONGO_OPLOG_URL",
                    "value": "mongodb+srv://username:[email protected]/local?retryWrites=true&w=majority"
                },
                {
                    "name": "METEOR_SETTINGS",
                    "value": "{\n  \"jwtSecret\": \"change-to-some-very-long-secret-string\",\n  \"REPORT_ABUSE_EMAILS\": [\"[email protected]\"],\n  \"AWS_BUZZY_FILES\": {\n    \"enabled\": true,\n    \"accessKeyId\": \"your-access-key-id\",\n    \"secretAccessKey\": \"your-secret-access-key\",\n    \"region\": \"us-east-1\"\n  },\n  \"MAIL_URL\": \"smtp://someuser:[email protected]:587\",\n  \"BUZZY_ADMIN_EMAIL\": \"someadminemail\",\n  \"DEFAULT_OAUTH_PROVIDERS\": {\n    \"defaultOrganizationName\": \"Organisation name\",\n    \"providers\": []\n  },\n  \"BUZZY_ADMIN_IDS\": [\"adminuserid\"],\n  \"BUZZY_LOGGING_TOKEN\": \"somelongtoken\",\n  \"BUZZY_ADMIN_TOKEN\": \"somelongtoken\",\n  \"BUZZY_CREATE_DEFAULT_ACCOUNTS\": {\n    \"enabled\": true,\n    \"accounts\": [\n      {\n        \"email\": \"[email protected]\",\n        \"password\": \"somepassword\",\n        \"isAdmin\": true\n      }\n    ]\n  },\n  \"public\": {\n    \"AWS_BUZZY_FILES\": {\n      \"enabled\": true,\n      \"S3FileExpiry\": 604800,\n      \"BUCKET_NAME\": \"buzzy-files\",\n      \"PUBLIC_BUCKET_NAME\": \"buzzy-files-public\",\n      \"s3ForcePathStyle\": false,\n      \"URL_PATTERN\": \"https://buzzy-files.s3.amazonaws.com\"\n    },\n    \"BUZZY_CUSTOM\": {\n      \"NAME\": \"Organization Name\",\n      \"APP_URL_IOS\": \"\",\n      \"APP_URL_ANDROID\": \"\",\n      \"LOGO_MAIN\": \"\",\n      \"LOGO_MAIL\": \"\",\n      \"LOGO_MAIL_WIDTH\": \"60\",\n      \"LOGO_MAIL_HEIGHT\": \"25\",\n      \"EMAIL_FOOTER\": \"\",\n      \"PROMO\": \"\",\n      \"PROMO_URL\": \"\",\n      \"SPLASH_IMAGE\": \"\",\n      \"WELCOME_IMAGE\": \"\"\n    },\n    \"BUZZY_PROVIDERS\": [],\n    \"BUZZY_LOGGING_SERVER\": \"https://logging-app.buzzy.net\",\n    \"BUZZY_TEMPLATE_SERVER\": \"http://a.buzzy.buzz\",\n    \"BUZZY_VERSION\": \"3.0.1\"\n  }\n}"
                }
            ],
            "logConfiguration": {
                "logDriver": "awslogs",
                "options": {
                    "awslogs-group": "/ecs/buzzy-main-task",
                    "awslogs-region": "us-east-1",
                    "awslogs-stream-prefix": "ecs"
                }
            }
        }
    ]
}

Create a service using the task definition:

Refer to AWS documentation for service creation.

Buzzy Logging app deployment

Refer to sample Buzzy logging app task definition below and make changes according to your deployment specifications and ECS cluster configurations. Make sure to change server domain names, URLs and other object/service names according to your own values.

Sample Buzzy logging app task definition:

{
    "family": "buzzy-logging-task",
    "networkMode": "awsvpc",
    "requiresCompatibilities": [
        "FARGATE"
    ],
    "cpu": "256",
    "memory": "512",
    "executionRoleArn": "arn:aws:iam::account-id:role/ecsTaskExecutionRole",
    "containerDefinitions": [
        {
            "name": "buzzy-logging-container",
            "image": "account-id.dkr.ecr.region.amazonaws.com/buzzy-logging:latest",
            "portMappings": [
                {
                    "containerPort": 8080,
                    "protocol": "tcp"
                }
            ],
            "essential": true,
            "environment": [
                {
                    "name": "PORT",
                    "value": "8080"
                },
                {
                    "name": "ROOT_URL",
                    "value": "https://logging-app.buzzy.net"
                },
                {
                    "name": "LOG_TO_STDOUT",
                    "value": "1"
                },
                {
                    "name": "MONGO_URL",
                    "value": "mongodb+srv://username:[email protected]/database?retryWrites=true&w=majority"
                },
                {
                    "name": "MONGO_OPLOG_URL",
                    "value": "mongodb+srv://username:[email protected]/local?retryWrites=true&w=majority"
                },
                {
                    "name": "METEOR_SETTINGS",
                    "value": "{\n  \"BUZZY_LOGGING_TOKEN\": \"somelongtoken\",\n  \"public\": {\n    \"BUZZY_LOGGING_SERVER\": \"https://logging-app.buzzy.net\",\n    \"BUZZY_APP_SERVER\": \"https://main-app.buzzy.net\"\n  }\n}"
                }
            ],
            "logConfiguration": {
                "logDriver": "awslogs",
                "options": {
                    "awslogs-group": "/ecs/buzzy-logging-task",
                    "awslogs-region": "us-east-1",
                    "awslogs-stream-prefix": "ecs"
                }
            }
        }
    ]
}

DNS and HTTPS

DNS management

You can use Amazon Route 53 or any third-party DNS tools to manage DNS records to resolve load balancer IPs for both app services.

Load balancer with HTTPS

Create an Application Load Balancer to distribute incoming traffic across multiple targets. Configure HTTPS listeners with SSL/TLS certificates from AWS Certificate Manager.

Refer to AWS documentation for HTTPS configuration.


Last updated