Published on 2024-02-24
WebTechServer-less solution (sort of)... we are paying for cloud service but we don't need to maintain our own server for scaling, security, etc. Popular cloud service providers are Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), DigitalOcean, Heroku and many more.
After getting our image into a Docker Hub Registry, we are now in the position to deploy the image to Amazon Cloud Service. In this write-up, we will see how we can create an ECS Fargate application. An ECS Fargate application is basically a cluster which is a logical grouping of tasks and services. There are many ways to deploy a web application to AWS. We are going with ECS as it is easy to setup without any overheads such as maintaining a server instance (EC2).
⚠️ Important: AWS Fargate does NOT come with the free-tier option! You will incur charges if you continue with the rest of the implementation. For pricing, see https://aws.amazon.com/fargate/pricing/.
Alright, let’s get started. First and foremost, Login to your Amazon Console. Once you are in AWS Console, head to Amazon ECS (Elastic Container Service). Click on Get Started. First, we need to define the container and task.
Cluster: The infrastructure in a Fargate cluster is fully managed by AWS. Your containers run without you managing and configuring individual Amazon EC2 instances. |-- Service: Network level servicing (ports access, Load Balancer, etc.) |----- Task Definition: Resource Management for your container image |-------- Container Definition: this is where we tell AWS where to get our Container Image
As you can see, ECS is a nested box. We will start with configuring the inner most box which is Container Definition. There are some templates AWS provided. For our Flask application image, we have to choose “Custom” and define the parameters manually.
Container Definition: this is where you tell AWS where to get our Container Image
Container Name: give a name for ECS container. Image: {dockerHub-username}/{image-name} Private Repository authentication: unchecked by default. (For now, we will leave it unchecked) Memory Limit: Soft limit: 512 MB Port Mappings: Port 8000, Protocol: TCP (We are exposing 8000 port from our image container, remember?)
Task Definition: Resource Management for our container image
Task Definition Name: give a name or leave it with default name Network mode: awsvpc Task Execution role: create new Compatibilities: FARGATE Task Memory: 0.5 GB (512 MB) (adjust as needed) Task CPU: 0.25 vCPU (adjust as needed)
Service: Network level servicing (ports access, LB, etc.) Service Name: give a name or leave it with default name Number of desired tasks: 1 Network Access: Security Group (automatically create new) ⚠️ we will come back to this later! Elastic Load Balancing: Choose None if you do not intent to proceed to next part: domain name registration and tying it to the Containerized Web App in Cloud. Otherwise, choose Application Load Balancer
⚠️ Important: The use of AWS Load Balancer incur charges.
Cluster: (outermost box) Cluster Name*: give a name or leave it with default name VPC ID: Automatically create new Subnets: Automatically create new
And that’s it!
Don’t get too excited yet. Let's make sure all the components of ECS we have created are working well. Let's check, shall we?
Cluster: this should be working. Aside from the name, all the other fields are pre-configured. |-- Service: Network level servicing (ports access, LB, etc.): Click on Cluster-name to navigate to Services. We should see the Load Balancer Configuration (if you have opted for it), Security groups. Have a look at Metrics (CPU Utilization, Memory Utilization) and Logs. If there is no data, something is wrong, look at the logs to troubleshoot. |----- Task Definition: Resource Management for our container image: Click on Task in Service to navigate to Task Details. Make sure everything is running. Have look at Logs. |-------- Container Definition: this is where we tell AWS where to get our Container Image. It is available under Task with the section 'Containers for task'. We should see it running with our Image URI {dockerHub-username}/{image-name}.
Okay, all the components are working. How do we access our web application from internet browser? Hint: For any web pages, it needs an IP address for users to access through the browser.
Remember, service component is where we define the network configuration? Let’s go to service. Under Task details, you will see Network Section, and there are Private IP and Public IP. Public IP is what we want, private IP is used for internal communication in AWS Ecosystem. Copy the public IP and paste it into URL of the browser. However, it won’t work. Why? Because we still need to define the port.
As per the Internet Protocol (IP), Web pages are served with port 80 for HTTP and port 443 for HTTPS (secured website). When we created the image, we are only exposing port 8000. So, only port 8000 is working for now. Therefore, we will have to access the web application with public_IP_Address:8000.
What can we do to rectify this issue? Well, we can redirect anyone accessing the public IP with port 80 to port 8000. Simple.
Now, if we are using the load balancer, there is a DNS (domain name system) Name associated with that load balancer. Load Balancer is a front-runner of our website. We can copy and paste the DNS name to URL of the browser. Remember to include the port 8000. What is a DNS? See this post.
Load Balancer manages the resources. As user base for our application grows, we would want to scale up our application, there are two approaches: we can either do horizontal scaling (adding more nodes, that is, adding more servers) or vertical scaling (increasing CPU/GPU, RAM, etc.). Also, we would want to consider for fault-tolerance, for example, when our primary server goes down, we would want to have a secondary server for continuous service to our server. We can use Load Balancer to manage these necessary resources, scaling up or down based on the work load.
⚠️ Note: This is not a deployment complete. In reality, we would want to secure our website with domain name and certificate. But it is good enough to showcase our work over the internet.
In next post, we will look at how we can register for domain name, setup the routing and secure the website with certificate. See you!