AWS ECS Infrastructure Deployer
AWS ECS infrastructure Deployer is an automation tool created and open-sourced for creating infrastructure for your ECS (Elastic Container Service) needs. Creating ECS infrastructure using this tool will save you from the hassles of creating infrastructure manually from the UI which is error-prone and time-consuming. Built using Ansible and CloudFormation, it can be easily imported as a Git submodule into one of your own IaC repositories.
Once you add the required configuration file, you can even add it to your build pipeline. The usability of AWS ECS Infrastructure Deployer is immense since it is triggered using a shell command that works with almost all CI/CD tools such as Jenkins and Gitlab. Further, you can create multiple infrastructure stacks for different environments using same or different configurations. Since we are using CloudFormation underneath, any changes to the configuration files or repository code will trigger minimum recreation of resources. The infrastructure can be created and deleted on demand making them suitable for testing purposes.
To create an environment using this tool you must have a VPC with public and private subnets ready. As part of best practices, all the ECS instances should be deployed into private subnets. A provision to provide the subnets is available in the configuration file. Security groups can either be created on the fly or existing security groups can be provided as part of the configuration file. The subnets provided for the load balancer must be public. The following diagram indicates the set of resources created for ECS.
A user can use any of the CICD tools to run the playbook as shown in the diagram (e.g Jenkins, Gitlab, Travis CI, etc.). The Playbook is meant to call the defined roles and the roles will then create the CloudFormation stack and run them for ECS resource creation.
WHY CICD?
In DevOps, it is important to automate the build and release in order to make the development more efficient and fast. By using CICD in with this setup you are converting your infrastructure provisioning into one-click automation.
- It can be scheduled
- It can be reused for different regions/environments
- Anyone can run it with proper access
- You have a track of all the executions
By default, the pipeline will use the AWS credentials available in the environment. An AWS IAM Role can be provided in the configuration file to create the resources in another account.
Three stacks are created using this tool:
- An ECS cluster stack (includes ECS cluster along with instances, a launch configuration and Instance Profile)
- A load balancer stack (contains an application load balancer, listeners and target group )
- An ECR stack (contains an Elastic Container Registry)
We can specify different combinations of application-name and environment-name in multiple configuration files for the infrastructure allowing you to manage multiple environments for multiple applications. With a provision for specifying private subnets for the ECS Cluster, AWS ECS deployer ensures that your instances are not accessible directly to the outside world.
We have seen time spent on management of ECS infrastructure go down from hours to minutes and a 95% reduction in error rate. Also, your infrastructure that is deployed is automatically using best practices which keeps your services highly secure.
We hope that this tool helps you create your ECS infrastructure reliably, quickly, securely and gives you one less thing to worry about. The repository can be found here. You can also read full instructions on how to use it in the readme of the repository. If your service requires any other components, the same tool can easily be extended to include other CloudFormation stacks. For example, a CloudFormation stack could be added for AWS Elasticache, AWS RDS or AWS WAF.
We plan on adding other AWS services in the near future and making it configurable and customizable for you to handpick and create AWS services. Please feel free to give your feedback in the comments, or if you like, you can contribute to the repository as well.
