This project shows the creation of a php fargate container with all neccesary resources done automatically. This is done with a combination of CloudFormation and the AWS cli. For the purpose of beeing only a showcasethe architecture is overly simplified.
The CloudFormation templates are derived from A reference architecture for deploying containerized microservices with Amazon ECS and AWS CloudFormation (YAML) .
Everything can be created and monitored with a bash console session. Tested on mac os.
With modularized CloudFormation templates you can change the resources which change more often like Security Groups without changing any of the base templates like the vpc in this example.
The VPC is only setup for demonstration purposes. You should not use only public subnet in production. The Load Balancer is left out to keep the example simple.
- set Region in environment: e.g.
export AWS_DEFAULT_REGION=eu-west-1 - install clouds: e.g.
pip install clouds-aws - have AWS credentials installed
- checkout project
- have docker installed and started
- replace "123456789012" in
ecs/tasks/taskdef-php.jsonwith your account number.
To see all steps defined in the Makefile, type make help
Infrastructure
-
make deploy-vpcInstall complete VPC defined in CloudFormation template stacks/vpc/template.yaml with Internet Gateway etc. Takes about 1 min. With Nat Gateways it would be about 5 min. -
make deploy-security-groupsTakes less than 1 min. -
make deploy-iam-ecs-serviceTakes approx. 30 sec. -
make deploy-clusterCreate the Amazon ECS Cluster. Takes approx. 5 min. -
make deploy-ecrCreate the Container Registry ECR. Takes approx. 1 min.
Image, Task and service
-
make deploy-docker- build Docker image
- tag image
- login into the ECR
- push image to ECR Time really depends on the internet connection and the computer power. Between 1 and 30 min.
-
make update-taskUpload the task definition defined in./ecs/task/taskef-php.json. The task fargate-php-demo is created. -
make create-serviceCreate the service with one running container. If you try to create all resources withmake deploy-allit will not work the first time. This is because the security-groups are evaluated whenmakestarts. At starting time the security-group stack is not established yet. So you have to startmake deploy-alltwice.
Now you get the ip adress from the Task Detail page:
.
You should see something like this: 
Now you can test the fargate service with different settings.
Dont forget to clean up like described now in "Deteletion"
- change the
./docker/src/index.php- redeploy container with new version
- add an Load Balancer with console
- convert it to CloudFormation
- Start another service in the other availability zone
- Move the container to a private subnet
- dont forget nat gateways
Delete in reverse order, as shown by make help which shows the necesarry numbers in order.
The Dockerfile is created in ./docker. Its an php image. In ./docker/src/index.php is a very small php file which will run in the fargate container.
This is a small and handy tool to manage multiple CloudFormation templates.
The templates are defined in subdirectories of ./stacks.
Example session:
make deploy-security-groups
clouds -r eu-west-1 update -c --events security-groups
2018-08-09/18:52:16 CREATE_IN_PROGRESS AWS::CloudFormation::Stack security-groups User Initiated
2018-08-09/18:52:18 CREATE_IN_PROGRESS AWS::EC2::SecurityGroup LambdaSG
2018-08-09/18:52:19 CREATE_IN_PROGRESS AWS::EC2::SecurityGroup WebserviceSG
2018-08-09/18:52:19 CREATE_IN_PROGRESS AWS::EC2::SecurityGroup LambdaSG Resource creation Initiated
2018-08-09/18:52:19 CREATE_IN_PROGRESS AWS::EC2::SecurityGroup WebserviceSG Resource creation Initiated
2018-08-09/18:52:21 CREATE_COMPLETE AWS::EC2::SecurityGroup WebserviceSG
2018-08-09/18:52:21 CREATE_COMPLETE AWS::EC2::SecurityGroup LambdaSG
2018-08-09/18:52:23 CREATE_COMPLETE AWS::CloudFormation::Stack security-groups- Author: G.Glawe (gglawe@tecracer.de)