Deploying web applications on AWS ECS (Elastic Container Service) with a Load Balancer is a powerful way to achieve high availability and scalability for your web projects. In this tutorial, we’ll go step-by-step through the process of containerizing an application with Nginx, pushing it to Amazon ECR (Elastic Container Registry), and deploying it using AWS ECS with a Load Balancer.
Step 1: Setting Up Your Web Application
To get started, we need a simple web application. Let’s create a straightforward HTML file named index.html to serve as the content for our Nginx server. Here’s a basic example:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Hello World</title> <!-- Bootstrap CSS --> <link href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css" rel="stylesheet"> </head> <body> <div class="container text-center"> <div class="row"> <div class="col"> <h1 class="display-4 mt-5">Hello, World from ECS!</h1> <p class="lead">This page is powered by Nginx running on Amazon ECS.</p> </div> </div> </div> <!-- Bootstrap JS and dependencies --> <script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.bundle.min.js"></script> </body> </html> |
This HTML file will be displayed as a “Hello World” page once the deployment is complete.
Step 2: Dockerize the Application
To host this application on ECS, we need to containerize it using Docker. First, create a Dockerfile in your project’s root directory with the following content:
1 2 |
FROM nginx:alpine COPY index.html /usr/share/nginx/html/index.html |
This Dockerfile copies index.html into the default web directory of an Nginx container.
Build and Test the Docker Image Locally
Now, let’s build and test the Docker image locally before pushing it to AWS:
1 |
docker build --platform linux/amd64 -t nginx-hello-world . |
Test locally
1 |
docker run -d -p 8080:80 nginx-hello-world |
Visit http://localhost:8080 in your browser to see if your “Hello, World” page is served correctly.
Step 3: Push the Docker Image to Amazon ECR
With your Docker image tested and ready, the next step is to push it to Amazon ECR. Start by creating a repository in ECR through the AWS Console, and follow these commands to log in and push your image:
At the top of the repository page, you’ll see the View push commands button. Click it to see the steps to push your Docker image to ECR.
Go to the command line and run these commands:
1 |
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 557310840278.dkr.ecr.us-east-1.amazonaws.com |
1 |
docker build --platform linux/amd64 -t nginx-hello-world . |
1 |
docker tag nginx-hello-world:latest 557310840278.dkr.ecr.us-east-1.amazonaws.com/nginx-hello-world:latest |
1 |
docker push 557310840278.dkr.ecr.us-east-1.amazonaws.com/nginx-hello-world:latest |
Step 4: Create an ECS Cluster and Task Definition
Navigate to the ECS section in the AWS Console and create a new cluster. Choose the appropriate settings (such as Fargate or EC2 launch type) based on your requirements.
After creating the cluster, define a new ECS Task Definition. Specify the container details such as container name, image URI from ECR, memory limits, and port mappings (e.g., 80 for Nginx). This task definition will be the blueprint ECS uses to deploy and run the container.
Next up we need to create the task definition.
Add a container:
Next, let’s create a service within that Cluster
For networking, we will create one new security group allowing port 80.
The service will run:
Go to the task and grab the public IP. Paste it in your browser:
Step 6: Deploy and Access the Application
After configuring the ECS Service, deploy it by clicking “Create Service” in the AWS Console. ECS will automatically handle the provisioning of instances, deployment of containers, and routing through the Load Balancer.
Once your service status changes to “Running,” go to the public IP to access your application. You should see your “Hello, World” page hosted on AWS ECS, accessible from anywhere on the internet.
Step 7: Creating the Load Balancer to Work with AWS ECS Service
To improve the setup of our web app hosted on ECS, we’ll replace the direct public IP access with an Application Load Balancer (ALB). This Load Balancer will manage incoming traffic and distribute it across multiple instances, enhancing scalability and security.
We’ll start by creating two security groups:
1.ALB Security Group: Allows inbound traffic on port 80 from any source.
2.Container Security Group: Allows inbound traffic only from the ALB, limiting direct access.
This configuration will help manage and secure traffic more effectively.
Creating the First Security Group for the ALB
1.Open the AWS Console and go to the Security Groups section under EC2.
2.Click Create Security Group.
3.Set the Security Group Name to alb-security-group (or any name that helps identify its purpose).
4.Under Inbound Rules, add a rule to allow HTTP traffic:
Type: HTTP
Protocol: TCP
Port Range: 80
Source: Anywhere (0.0.0.0/0) to allow global access.
Save the security group.
This security group will now allow the Load Balancer to accept incoming traffic on port 80 from any IP address.
Creating the Second Security Group for ECS Containers
Now, let’s create the Container Security Group. This security group will control access to the ECS containers, allowing only inbound traffic coming from the ALB.
1.Go to Security Groups in the AWS Console and click Create Security Group.
2.Set the Security Group Name to container-from-alb-sg (or a descriptive name of your choice).
3.Add a description, such as Inbound traffic from the application load balancer security group.
4.Select the appropriate VPC where your ECS cluster is running.
5.Under Inbound Rules, configure the following:
Type: All TCP
Protocol: TCP
Port Range: 0 – 65535 (to allow all ports, or specify specific ports as needed)
Source: Select the ALB Security Group created in the previous step to allow traffic only from the ALB.
6.Save the security group.
This security group will ensure that your ECS containers only accept traffic routed through the ALB, adding a layer of security to your setup.
Creating a New ECS Service with the ALB
Now that we have our security groups and ALB set up, we can create a new ECS service to deploy our application and link it to the ALB for traffic management.
1.Go to the ECS section in the AWS Console and select your cluster.
2.Click Create in the Services tab to set up a new service.
3.In the Deployment configuration section, specify the following:
•Application type: Select Service since we’re deploying a long-running application (such as a web application) that needs to be highly available.
4.Choose the Task Definition you created for your containerized application (e.g., nginx-hello-world-task) and select the latest revision.
5.Assign a Service name to identify this service in your cluster.
Configuring Networking Settings
In this section, we’ll configure the networking settings for the ECS service, ensuring that traffic to the service is managed securely through the Application Load Balancer (ALB).
1.Select VPC: Choose the VPC where your ECS cluster and ALB are configured.
2.Choose Subnets: Select multiple subnets across different Availability Zones to allow high availability. This will enable the service to be accessible even if one Availability Zone becomes unavailable.
3.Security Group:
Choose Use an existing security group.
Select the container-from-alb-sg security group (created in the previous step) to restrict inbound traffic to only traffic coming from the ALB.
This setup will ensure that only the ALB can communicate directly with your ECS containers, enhancing the security of your application.
Configuring the Load Balancer
1.Load Balancer Type:
•In the Load balancing section of the ECS service setup, choose Application Load Balancer under Load balancer type.
2.Create or Select ALB:
If you already have an ALB, you can select it from the list. Otherwise, create a new ALB by following these steps:
Choose Create a new load balancer.
Assign a name to your ALB, select the appropriate VPC, and ensure that the ALB is configured to allow HTTP (port 80) traffic.
3.Listener Configuration:
Configure a listener on port 80 to route HTTP traffic. This listener will forward requests from the ALB to the ECS tasks running your application.
This configuration allows your ECS service to distribute incoming traffic evenly across your application instances using the ALB, providing scalability and improved traffic management.
Create a new load balancer:
Create new target group:
Click Create the Service button.
Go to the Load Balancer section, wait until the state is active.
Go to the security tab and change the default security groups, change it using the one that allows inbound from anywhere.
Copy the DNS name and paste it into your browser:
Once your service status changes to “Running,” go to the Load Balancer’s DNS name or public IP to access your application. You should see your “Hello, World” page hosted on AWS ECS, accessible from anywhere on the internet.
You’ve now deployed a scalable web application on AWS ECS using Nginx and an Application Load Balancer! This setup is robust and production-ready, enabling you to serve web applications efficiently while taking advantage of AWS’s scalable infrastructure.