ECS (Fargate) with ALB Deployment Using Terraform — Part 1
Today I will walk you through an in-depth demonstration on how to create a robust pattern consisting of a highly secured ECS container running a Flask application with connections to a DynamoDB database. To ensure seamless traffic and high availability, an Application Load Balancer will be used to serve traffic to the secured containers.
Amazon Web Services (AWS) provides many amazing services especially in the world of ‘serverless’. However, adopting Cloud is not necessarily the easiest task. Fortunately, there are millions of tutorials on the net allowing you to leverage the power of the cloud just like this one.
These are a few services and tools that will be used in this project:
1. Firstly AWS, of course
2. ECS — Containerization service in AWS
3. DynamoDB — NoSQL database service in AWS
4. ECR — A Container repository containing docker images
5. ALB — Application Load Balancer
6. Terraform — IaC(Infrastructure as Code) tool
7. Docker — Containerization platform
8. Flask — Web application framework
The complete source for this application can be found here.
Now that appetizers are done
Here are the main steps for this projects. Skip at your own peril
Contents:
Step 1: Assumptions
Step 2: The architecture
Step 3: Terraform
Step 4: Deployment
Step 5: Accessing the app
Given the extensive scope and depth of this project, I’ve divided it into three distinct parts.
Part 1 will encompass the first two steps, offering a comprehensive introduction and detailed exploration of the project’s architecture.
Step 3, focusing on Terraform implementation, will be divided across Part 2 and Part 3. In Part 2, we’ll delve into container resources, while Part 3 will cover the intricacies of supporting resources and also cover Step 4 and 5.
Step 1: Assumptions
I will assume you already have the following setup, if not, I will attach a link as to how you can set it up:
- Your own AWS account
- Docker on your machine
- Terraform
- AWS CLI
- A sample application(Optional. My sample flask application can be used)
Step 2: The architecture
So before getting into the code part of the project, it’s a good idea to visualize what is actually being built and understand where the different components fit.
The diagram below was drawn using draw.io. It depicts a high-level architecture of our project.
An explanation of the main components:
All resources in this project will be deployed in the Ireland region (eu-west-1). You can choose any other available AWS region you’d like.
The resources will also be deployed in a VPC (Virtual Private Cloud). This ensures an isolated network environment, which acts as a security barrier for our application. Traffic to and from our VPC can be controlled with Security Groups, NACLs (Network Access Control lists) and subnets.
As shown in the diagram, the ECS container will be deployed in private subnets. Private subnets are totally isolated from the public internet.
It is a good security measure to ensure that when users access the application, they don’t directly access the container. And this is why we have the ALB (Application Load Balancer). The ALB will receive traffic from the internet and distribute the traffic to the ECS tasks.
The Flask application that is part of this project is structured to connect to a DynamoDB database. DynamoDB is a NoSQL database provided by AWS. The endpoint is used to ensure that the application, when connecting to DynamoDB, does not need to traverse the public internet. Traffic via an endpoint flows through the AWS network, further increasing the security standpoint of the application.
Internet gateways facilitate traffic between the VPC and the public internet. It allows users to access whatever resources are made available to the internet, in this case it is the ALB.
NAT gateways are egress-only gateways. This means it only has the capabilities for outbound connections to the internet and cannot receive traffic from the internet.
Now that we know what we are building, lets move on to Part 2 to get messy with terraform.
