...
...
ECS Fargate:
AWS ECS (Elastic Container Service) Fargate is a serverless compute engine offered by Amazon Web Services (AWS) for deploying and managing containerized applications. It simplifies the process of running containers at scale without the need to manage the underlying infrastructure. With ECS Fargate, you can focus on your application logic and let AWS handle the provisioning, scaling, and maintenance of the compute resources.
To use ECS Fargate, you create task definitions that specify the containers, their configurations, and resource requirements. These task definitions are then used to launch tasks, which represent running instances of your containers. You can also define services to ensure high availability and manage the lifecycle of tasks.
All AWS services required to run PSknowhow in ECS:
1- Infrastructure:
VPC (Virtual Private Cloud): A logically isolated section of the AWS cloud where you can launch AWS resources. It allows you to define your own network configuration, including IP address ranges, subnets, and route tables.
Subnets: These are subdivisions of a VPC, used to segment and isolate resources. Two subnets are often created in different Availability Zones for high availability.
Internet Gateway: A VPC component that allows communication between instances in the VPC and the Internet. It serves as a gateway for traffic entering or leaving the VPC.
Route Table: A set of rules that determine where network traffic is directed within the VPC. It specifies how traffic is routed between subnets, the Internet Gateway, and other destinations.
Route Table Association: Associates a subnet with a route table, enabling the subnet to use the routes defined in that table.
2- Platform:
ECS Cluster: A logical grouping of container instances that you can manage as a single unit. It allows you to organize and manage containers effectively.
ALB (Application Load Balancer): A load balancer that distributes incoming application traffic across multiple targets (such as EC2 instances, containers, IP addresses) in multiple Availability Zones. It operates at the application layer (Layer 7) of the OSI model.
NLB (Network Load Balancer): A load balancer that routes traffic based on IP protocol data. It is ideal for handling TCP/UDP traffic and performs at the transport layer (Layer 4) of the OSI model.
ALB Listener: A listener is a process that checks for connection requests and forwards them to the appropriate target groups based on rules you define.
ALB Listener Rules: Rules that define how traffic should be routed based on conditions such as URL paths or hostnames. They help control the flow of incoming requests.
Target Group: A group of resources, such as EC2 instances or containers, that serve traffic together. It is associated with a listener and routes traffic to the registered targets based on the listener rules.
Security Group: A virtual firewall that controls inbound and outbound traffic for your resources. It acts as a barrier that specifies allowed communication based on defined rules.
3- Application:
ECS Task Definition: A Task Definition is a blueprint for your containers. It defines various parameters like which Docker images to use, CPU and memory requirements, networking settings, and container relationships. You would create separate task definitions for each component of your application (Customapi, UI, Jira, devops-processor, and MongoDB).
ECS Service: An ECS Service is responsible for maintaining a specified number of running instances of a task definition. For each component of your application, you would create an ECS service to ensure that the desired number of containers/tasks are always running.
CloudWatch: Amazon CloudWatch is a monitoring and observability service that collects and tracks metrics, logs, and events from various AWS resources.You would configure CloudWatch to monitor the performance and health of your ECS tasks, services, and other resources.
NFS (Network File System):NFS is a distributed file system protocol that allows you to share files and directories between servers over a network.You might use NFS to provide a persistent storage solution for your MongoDB data, enabling data to be retained even if containers are restarted or scaled.
IAM Role & Policy:An IAM Role is an AWS identity that you can assign to AWS resources. It grants permissions to access and interact with other AWS resources.
An IAM Policy defines permissions that determine what actions are allowed or denied for specific resources.You would create IAM roles and policies to grant necessary permissions to your ECS tasks and services, enabling them to access other AWS resources securely.
By setting up these components in the application layer, you establish a comprehensive environment for your containerized application. The ECS Task Definitions and Services define how your application's containers are configured and deployed. CloudWatch monitors the performance, and NFS provides persistent storage for your database. Finally, IAM Roles and Policies ensure that your application components can interact with other AWS services securely and efficiently.
How do we run terraform script to install knowhow on ECS from scratch:
Terraform Script Repo URL:https://pscode.lioncloud.net/psinnersource/monitor-measure-metrics/speedy-product/-
| View file | ||
|---|---|---|
|
|
Step 1 - Clone the Terraform Repo And Run below command for 1-Infrastructure
| Code Block |
|---|
git clone https://pscode.lioncloud.net/psinnersource/monitor-measure-metrics/speedy-product/knowhow-terraform-scripts.git
cd ecs_fargate/1-Infrastructure
terraform init
terraform apply -auto-approve |
...
| Code Block |
|---|
cd ../2-Platform ##Replace your SSL_certificate_arn at line 122 in 2-Platform/variable.tf file ##Replace with your actual IP address at line no. 118 terraform init terraform apply -auto-approve |
Refer README.MD from repo folder to know more about steps to upload SSL certificate.
...
| Code Block |
|---|
terraform import aws_aws_vpc.example_vpc example-vpc |
...