How to deploy a Flask application using NGINX on AWS ECS — Part 2

7 min readDec 8, 2022

In the previous part, we built our images successfully. Now you’re ready to move on to the next level — pushing the images to AWS ECR and creating our AWS Architecture.

Steps:

Create and publish our images on AWS ECR
Configure AWS CLI
Push images to AWS ECR
Create VPC and Subnets
Create Internet Gateway
Create NAT Gateway
Create Route Tables and configure subnet associations
Configure Routes
Create an Application Load Balancer

1. Create and Publish our images on AWS ECR

Create two repositories in ECR by clicking the “Create repository” button and providing a name for the repository. In this case, it will be nginx and project.

2. Configure AWS CLI

Install the AWS CLI on your local machine if you haven’t done it already. You can do this by following the instructions in the AWS documentation: https://docs.aws.amazon.com/AmazonECR/latest/userguide/getting-started-cli.html

Configure the AWS CLI by running aws configure and providing your AWS access key ID and secret access key.

Use the aws ecr get-login command to obtain an authentication token for pushing images to your ECR repository.

Run the authentication token command that was returned by the aws ecr get-login command to authenticate your local Docker client with your ECR repository.

3. Push images to AWS ECR

If you run the command docker image ls you should see our built images:

REPOSITORY  TAG   IMAGE ID       CREATED        SIZE
nginx     latest  52193a0b99b7   2 hours ago    135MB
project   latest  7eb7314e8e5e   2 hours ago    142MB

Open your AWS ECR service page again and get the URI for each repository created:

AWS ECR page where all the repositories are being displayed

Now, back to the terminal, run the following commands replacing the URI that corresponds to each image:

docker tag nginx:latest XXXXXXXX.dkr.ecr.eu-central-1.amazonaws.com/nginx
docker tag project:latest XXXXXXXX.dkr.ecr.eu-central-1.amazonaws.com/project

docker push XXXXXXXX.dkr.ecr.eu-central-1.amazonaws.com/nginx
docker push XXXXXXXX.dkr.ecr.eu-central-1.amazonaws.com/project

If you open the repositories on the AWS ECR service page, you should see the image tag inside:

4. Create VPC and Subnets

Navigate to the VPC page in AWS Management Console and click on Create VPC, and name it project-vpc with the following IPv4 CIDR block: 10.0.0.0/21

Now, on the VPC page, click on Subnets and then click on Create subnet.

Create one public subnet and one private subnet in the same availability zone (eu-central-1a) and one public subnet and one private in the same availability zone (eu-central-1b) with different IPv4 CIDR blocks as displayed below and then click on Create subnet.

5. Create an Internet Gateway

Navigate to the VPC page in AWS Management Console, go to Internet Gateways, and click Create Internet Gateway. Name it project-igw.

Then, attach the Internet Gateway to our VPC:

6. Create NAT Gateway

Navigate to the VPC page in AWS Management Console, go to NAT gateways, and click on Create NAT gateway.

The NAT Gateway should be named project-nat-gw-1 and project-nat-gw-2 and be in the respective public subnet as displayed below:

Click on Allocate Elastic IP and finalize by clicking on Create NAT gateway for each NAT Gateway.

7. Create Route Tables and configure subnet associations

Navigate to the VPC page in AWS Management Console, go to Route tables, and click Create Route table.

You should create three route tables named: project-public-rt and project-private-rt-a, and project-private-rt-b.

Now, you should associate each route table created with the specific subnet.

In the route tables page, click on project-public-rt, then open Subnet associations and click on Edit subnet associations.

You should now select the public subnets and click on Save associations:

Repeat the process for the route table project-private-rt-a and associate the project-subnet-private-a.

Do the same for project-private-rt-b and associate the project-subnet-private-b.

8. Configure Routes

Still in the project-public-rt, in the Routes tab, click on Edit routes:

Let’s add a new route now. Enter 0.0.0.0/0 as the destination, and select the Internet Gateway as the target (which we created in step 5).

For project-private-rt-a, create a new route and enter 0.0.0.0/0 as the destination, and then, select project-nat-gw-1 as the target (from the NAT Gateway we created in step 6).

Repeat the process for project-private-rt-b and select project-nat-gw-2.

9. Create Application Load Balancer

Navigate to the EC2 page in AWS Management Console, go to Load Balancers, and click Create load balancer.

Select the Application Load Balancer as your Load Balancer Type and name it project-alb. The scheme should be Internet Facing, and the load balancer should be in the VPC we created with the mapping for our public subnet named project-subnet-public.

On the Security Groups stage, click on Create new security group:

Name it project-alb-sg. Make sure you select the project-vpc as VPC.

In the Inbound rules, you should add one HTTP type of rule with the source Anywhere-IPv4. This basically will allow all HTTP traffic from the internet to your Load Balancer.

Click on Create Security Group.

Go back to the Load Balancer creation page and click on the refresh button on the Security Groups stage and click on the Security Group you just created.

Security Group stage on Load Balancer creation page

On the Listeners and routing stage, click on Create target group:

Listeners and Routing on Load Balancer creation page

Choose IP addresses as target type, name the target group project-alb-tg and click Next. On the next page, click on Create target group:

Go back to the Load Balancer creation page. On the Listeners and routing stage, click on the refresh button. Then, click on the Target Group you just created.