• Stars
    star
    183
  • Rank 210,154 (Top 5 %)
  • Language
  • Created about 7 years ago
  • Updated about 5 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Simple, production ready CloudFormation templates for launching containers on Amazon ECS and AWS Fargate

Deploy containers using Elastic Container Service and CloudFormation

ECS and Fargate give you a lot of control over how you want to deploy containers, and how you would like them to be networked and accessed. This repository contains CloudFormation templates to help you setup several common architectures across both AWS ECS on EC2 and AWS ECS on AWS Fargate.

To get started use the AWS CLI to execute the following command. This will create a role that enables ECS on your account, so the following reference templates will work properly:

aws iam create-service-linked-role --aws-service-name ecs.amazonaws.com

Next choose one of the following common architecture stacks which many customers use. The templates can be deployed either using the AWS CLI, or in the AWS CloudFormation console.

 

 

Publically networked service, with public load balancer

This is a service with direct access to the internet, and exposed publically to the internet behind a public load balancer so that people can access it. The service has a public IP address so it can initiate direct communication to other things on the internet. This approach is one of the most simple for public facing services.

public subnet public lb EC2 hosted:

  1. Deploy the EC2 Cluster with fully public network
  2. Deploy the external, public ALB ingress
  3. Deploy the public load balanced EC2 service template

Fargate hosted:

  1. Deploy the Fargate cluster with public subnet
  2. Deploy the external, public ALB ingress
  3. Deploy the public load balanced Fargate service template

 

 

Privately networked service, with public load balancer

This is a service protected inside a private subnet, with no direct internet access. Because the service does not have public IP address it must initiate outbound connections through a NAT Gateway, which communicates to the external internet on the service's behalf. However, you may still want to give the public limited access to the service via a load balancer which is public.

private subnet public lb EC2 hosted:

  1. Deploy the EC2 Cluster with fully private network
  2. Deploy the external, public ALB ingress
  3. Deploy the public load balanced EC2 service template

Fargate hosted:

  1. Deploy the Fargate cluster with public subnet
  2. Deploy the external, public ALB ingress
  3. Deploy the private subnet, public load balanced Fargate service template

 

 

Privately networked service, with private load balancer

This is a service which is protected inside a private subnet. Not only does it not have a public IP address, but it also behind a private load balancer which can only be accessed by your own services. This is often used for internal services, where one frontend service communicates to a backend service which the public is not intended to directly access. In the diagram below notice how someone from the public internet initiates the blue connection to the public facing service in the public subnet, but that service can then initiate a green connection the private internal service:

private subnet private lb EC2 hosted:

  1. Deploy the EC2 Cluster with fully private network
  2. Deploy the internal, private ALB ingress
  3. Deploy the public load balanced EC2 service template

Fargate hosted:

  1. Deploy the Fargate cluster with private subnet
  2. Deploy the internal, private ALB ingress
  3. Deploy the private subnet, private load balanced Fargate service template

 

 

Privately networked service, with service discovery

This service type is privately networked, so it only has a private IP address, and can't receive any traffic directly from the internet. Rather than using a load balancer, this service uses a service discovery mechanism to register's its private IP address for others to discover. Another service or user can use DNS based discovery or API based discovery to get the direct IP address of the container and talk directly to it. This approach is fantastic for internal communications between private services in the same private tier of your application.

private subnet private service discovery EC2 hosted:

While this combination is currently possible via the API and console, it is not included here because it is pending full CloudFormation support for bridge mode networking combined with service discovery. Check this example template to see how it will look once support is added.

Fargate hosted:

  1. Deploy the Fargate cluster with private subnet
  2. Deploy the internal service discovery ingress
  3. Deploy the private subnet, private service discovery Fargate service template

 

 

Your ingress address

ALB Ingress:

Once the service stack is deployed check the outputs tab of the ingress stack that you deployed to get the URL to use to access your containers. Note that an external ALB's URL will be accessible to the public from any computer, but an internal ALB's URL will only be accessible if you make the request from an instance inside the VPC, with the appropriate security group. If you want to test spin up a Cloud 9 development environment in the VPC, add its security group to the load balancer's security group and execute a curl command.

Service Discovery Ingress:

For service discovery things are a little different. The service is available at <service name>.<domain> where domain is the domain address you entered when you created the service discovery ingress. Once again if you are using a private, internal servicex discovery endpoint the DNS name will only resolve for hosts inside the VPC. You can test this by adding a Cloud 9 development environment to the VPC and executing a command like:

dig +short nginx.service.production

 

 

Further customizations

Note that these baseline templates have only HTTP listeners (no SSL support) but this can be easily added to the templates once you create or import an SSL certificate into Amazon Certificate Manager. Additionally, you may want to customize the default autoscaling rules that are embedded in the service template.

More Repositories

1

awesome-ecs

A curated list of awesome ECS guides, development tools, and resources
2,797
star
2

clui

Command Line UI toolkit for Node.js
JavaScript
1,661
star
3

aws-cloudformation-fargate

Sample CloudFormation templates for how to run Docker containers in AWS Fargate with various networking configurations
599
star
4

socket.io-chat-fargate

A demo application showing how to deploy a scalable realtime chat application powered by Socket.io, Node.js, Docker, and AWS Fargate. Includes full text search powered by OpenSearch Serverless
JavaScript
419
star
5

s3-upload-stream

A Node.js module for streaming data to Amazon S3 via the multipart upload API
JavaScript
344
star
6

nodejs-aws-workshop

Learn to deploy a Node.js API using Elastic Beanstalk, AWS Lambda, Elastic Container Service, Amazon Fargate, and Kubernetes
JavaScript
184
star
7

exiftool

A Node.js wrapper around exiftool, providing metadata extraction from numerous audio, video, document, and binary filetypes
JavaScript
79
star
8

autohotkey-windows-10-apple-magic-keyboard

AutoHotKey script that allows you to use an Apple Magic Keyboard in Windows 10 with Apple familiar keyboard shortcuts.
AutoHotkey
45
star
9

aws-ecs-deployment-patterns

A visual guide to deployment patterns on Amazon EC2 Container Service
39
star
10

screenshot-service

JavaScript
24
star
11

greeter-app-mesh-cdk

An example of how to use AWS Cloud Development Kit to setup an AWS App Mesh service mesh in AWS Elastic Container Service
JavaScript
22
star
12

greeter-cdk

Example AWS Cloud Development Kit app that deploys the greeter microservice stack
JavaScript
19
star
13

emma-sdk

Node.js client for the Emma API
JavaScript
16
star
14

webkit-html-to-image-phantomjs

A simple Phantom.js webkit HTML to Image conversion service
JavaScript
8
star
15

json-template

A satirical programming language inspired by MongoDB queries.
JavaScript
7
star
16

standard-deviation-stream

A Node.js class for pulling stats from a stream.
JavaScript
6
star
17

ecs-fargate-benchmark-templates

A collection of CloudFormation templates that can be used to test various task launch scenarios of ECS on EC2 and ECS on Fargate
6
star
18

classic-interview-algorithms

Collection of algorithms that are asked as classic interview questions
JavaScript
5
star
19

inlets-on-ecs-anywhere

An AWS Cloud Development Kit architecture for deploying Inlets as an ingress for an ECS Anywhere cluster
TypeScript
5
star
20

aws-cdk-nyan-cat

CSS
4
star
21

deploying-container-to-fargate-using-aws-copilot

Deploying a container to AWS Fargate using AWS Copilot
JavaScript
4
star
22

archer-nyan-cat

CSS
4
star
23

fargate-security-con414

4
star
24

nathanpeck

3
star
25

aws-cdk-advanced-ecs-scheduling

JavaScript
3
star
26

string-reverse

A sample application that just reverses a string, for an AWS Copilot demo
JavaScript
2
star
27

ecs-patterns-vitepress

CSS
1
star
28

Dumatenseb

Version controlled dwarf fortress world
1
star
29

wordladder

A JavaScript code interview snippet
JavaScript
1
star
30

euphoria

A bunch of code I wrote in 2004 in the EUPHORIA language
Eiffel
1
star
31

sumtime

Simple Nodes.js service for high volume data point sums and ranges
JavaScript
1
star
32

cdk-and-copilot

TypeScript
1
star
33

aws-cdk-github-actions

Test repo for experimenting with AWS CDK + Github Actions
TypeScript
1
star
34

liquid-clock

Liquid clock widget for Mac OS X Dashboard
JavaScript
1
star
35

ecs-ami-metadata-endpoint

A CloudFormation template that helps you setup your own endpoint for fetching the ECS AMI metadata
1
star
36

greeter

Sample code for three microservices that construct a greeting
JavaScript
1
star