RMIT Classification: Trusted

Exercise 6 - AWS Elastic Container Service

Objectives

In this exercise, you are expected to learn to

• Create a containerized application using Docker.
• Upload it to AWS Elastic Container Registry (ECR).
• Deploy it in AWS Elastic Container Service (ECS)

Task 1: Create a containerized application using Docker.

Step 1: Clone the Github repository https://github.com/prabathabey/fantastic-waddle.
Once the aforementioned repository is cloned on to your local file system, change the
current directory to fantastic-waddle.

>git clone https://github.com/prabathabey/fantastic-waddle

>cd fantastic-waddle

Step 2: Build a docker image for your app by running the following command.

>docker build -t myflaskapp .

Step 3: We will now try deploying a docker container for your app locally, to make sure
the app is working fine.

>docker run --publish 5000:5000 myflaskapp

1
 RMIT Classification: Trusted

Step 4: If you browse http://localhost:5000 on your browser, you will now be able to see
the app that we just cloned from the aforementioned Github repository.

Task 2: Upload your containerized application to AWS Elastic

Container Registry (AWS ECR)

Amazon Elastic Container Registry is a fully managed registry for the images of your
containerized applications. It provides you the ability to conveniently store, share and
deploy your containerized applications virtually anywhere, not just on top of the AWS
platform. A container registry, which is what AWS ECR is, is a central place to store and
distribute container images. Apart from AWS ECR, the other popular Container Registry
platforms for Docker-based containerized applications include Docker Hub and Github
Container Registry.

Step 1: In this step we are going to create a repository in ECR to store the container
image we created as part of Task 1. We will need the ARN (Amazon Resource Name — a
unique identifier for all AWS resources) of this repository to properly tag and upload our
image later on. You will learn what tagging means in the subsequent sections. To do this,
let’s first go to the ECR Management Console as shown in the image below.

2
 RMIT Classification: Trusted

Step 2: When in ECR Management Console, click “Create repository”.

Step 3: When the “Create repository” page loads, leave the “Visibility settings” set to
“Private”. Then, configure an appropriate name (e.g. [YOUR_STUDENT_ID]-myflaskapp)
for the ECR repository we are now in the middle of creating for our app, as shown below.

3
 RMIT Classification: Trusted

Step 4: Finally, tap the “Create repository” button at the bottom of the page.

Step 5: You will automatically be redirected to the list of repositories available under your
AWS Academy account. From this view, copy the URI associated with the ECR repository
we just created. In the next step, we will need this to tag the image we created in a
previous step.

Tag the container image

Docker allows us to tag an image. The tag in Docker is useful to maintain the version of
the build to push the image to a Container Registry, which in this case is AWS ECR. The
versioning is generally used to deploy any Docker image or to fall back to an older
version.

Step 1: Retrieve an authentication token and authenticate your Docker client to your
registry.

>aws ecr get-login-password --region us-east-1 | docker login --username

AWS --password-stdin [YOUR_REPOSITORY_URI]

E.g.
>aws ecr get-login-password --region us-east-1 | docker login --username
AWS --password-stdin 293764330108.dkr.ecr.us-east-1.amazonaws.com

Step 2: In order for ECR to know which repository we are pushing our image to, we
should tag our image with the URI copied above. Run the following command to do this.

4
 RMIT Classification: Trusted

>docker tag myflaskapp:latest [YOUR_REPOSITORY_URI]

E.g.
>docker tag myflaskapp:latest 293764330108.dkr.ecr.us-east-
1.amazonaws.com/s3693452-myflaskapp:latest

Upload image to ECR

Step 1: Refresh the AWS credentials configured in

C:/Users/[LOGGED_IN_USER]/.aws/credentials (on Windows) or ~/.aws/credentials (on
MacOS/Linux), if you are using AWS Academy. We have done this multiple times in our
previous exercises.

Note: Remember, AWS Academy only provides you with short-lived credentials, which
need to be refreshed after a lab session expires.

Step 2: Using the Docker CLI, we will now push our app image to the ECR repository
created previously.

>docker push [YOUR_REPOSITORY_URI]/myflaskapp:latest

E.g.
>docker push 293764330108.dkr.ecr.us-east-
1.amazonaws.com/s3693452-myflaskapp:latest

Task 3: Deploy Docker Containers on AWS Elastic Container

Service (AWS ECS)
Amazon Elastic Container Service (AWS ECS) is the Amazon Web Service you use
to run Docker applications on a scalable cluster of compute resources. In this
exercise, you will learn how to run a Docker-enabled sample application on an
AWS ECS cluster behind a load balancer, test the sample application, and delete

5
 RMIT Classification: Trusted

your resources to avoid charges.

Everything done in this exercise is free tier eligible.

Step 1: Select AWS Elastic Container Service from the list of services available in your
AWS Management Console under.

Your Amazon ECS tasks run on a cluster, which is the set of container instances (I.e EC2
instances) running the Amazon ECS container agent. In this step, we create a Fargate cluster,
which is a fully managed service offerred by AWS. In Fargate, your containers run without you
managing and configuring individual Amazon EC2 instances.

First, from the left-side menu on the Getting started page, click Clusters. Then, tap the “Create
Cluster” button to load the cluster creation wizard, as below. Create cluster wizard will guide
you through the process of creating a compute resource cluster to launch our application.

6
 RMIT Classification: Trusted

Step 2: When the cluster creation wizard loads, select “Networking only” as the cluster
template. Then, tap “Next step”. We don’t need EC2 instances in our cluster because
Fargate will take care of scaling up compute resources when the demand grows towards
our app and scaling them down when the demand diminishes.

Step 3: In this step, we will configure our cluster. The only parameter we will configure in
this particular exercise is the name of our cluster. Add a unique name for your cluster (e.g.
s3693452-mycluster) as the “Cluster name”. Then, tap “Create”.

7
 RMIT Classification: Trusted

Step 4: You will now see the following notice if your cluster has successfully been
created. Tap “View cluster” to view the cluster you have created in the previous step.

Create a container and task definitions

A container definition is used in task definitions to describe the different containers
that are launched as part of a task.

A task definition, meanwhile, is like a blueprint for your application. In this step, you
will select a container definition and task definition, so Amazon ECS knows which
Docker image to use for containers, how many containers to use in the task, and the
resource allocation for each container.

The task definition comes pre-loaded with default configuration values.

• Review the default values and select Next Step.

8
 RMIT Classification: Trusted

If you prefer to modify the configurations or would like to learn more, see Task
Definition Parameters.

Important note: If you are using an AWS Academy account for this exercise,
remember to choose LabRole as your Task execution role.

Step 1: To create a task definition, select Task Definitions menu-item in the

left-side menu, and then tap “Create new Task Definition”. This will lead you
to the task definition creation wizard. When the task definition creation wizard
loads, select “Fargate” as the “Launch type”, as below. Then, tap “Next step”.

Step 2: In this step, we will configure the task and container definitions. To start with,
add an appropriate name as the “Task definition name” (e.g. myflaskapp).

Next, from the drop-down box available next to the parameter “Task role”, select
“LabRole”. Also select the same role (i.e. LabRole) as the “Task execution role”, as
well.

9
 RMIT Classification: Trusted

Step 3: We will now configure the “Task size” section. Let’s add 0.5GB as “Task memory
(GB)” and 0.25vCPU as “Task CPU (vCPU)”.

Note: The application we are working with has a smaller memory and compute footprint.
Therefore, allocating the minimum amount of memory and CPU, in this case, is
acceptable. However, when you run applications for production workloads, we need to
think capacity planning for our containers more stringently.

10
 RMIT Classification: Trusted

Step 4: Now, in the “Container definitions” section, click “Add container” to configure the
details of our app image previously uploaded into ECR. Let’s start by adding an
appropriate name as “Container name” (e.g. myflaskapp).

Then, to configure the “Image”, we first need to grab the URI associated with the image
previously uploaded into ECR. For this, let’s first go to the ECR Management Console on
another browser tab. And then click the repository you have previously created. This will
now show all the tagged images you have uploaded into your ECR repository, as below.

Tap the copy icon to the left of the “Copy URI” text listed under the “Image URI”
parameter.

We will now go back to the “Add container” configuration in the ECS Management
Console and configure the “Image” parameter with the URI copied above. Finally, we will
configure a port mapping for the TCP port 5000. This is the port through which your Flask
application will be exposed.
Once you are done with the aforementioned configurations, your “Add container” page will
look like what is shown below.

11
 RMIT Classification: Trusted

Now, tap the “Add” button at the bottom of the page. This will take you back to the “Create
new Task Definition” wizard.

Step 5: Let’s now tap “Create” to complete creating our task definition. If this step is
completed successfully, you will see the following notice on your browser. Then, click
“View task definition” and observe the details of the task definition you have just created.

Create a load balancer instance

There are elastic load balancing capabilities available on the AWS Cloud platform. Elastic
12
 RMIT Classification: Trusted

load balancing allows automatically distributing application traffic across multiple targets
(e.g. EC2 instances, ECS containers, etc.) in one or more availability zones.

Often, your containerized applications require elastic load balancing in order to cope up
with the demands of these applications. Afterall, one of the reasons why we, as cloud
developers, adapt the concept of containerization is to be able to easily scale our
applications. Elastic load balancing, in such a setting, plays a critical part in allowing us to
achieve the aforementioned objective.

Aligned with the above goal, we need to create an Application Load Balancer (ALB)
instance on the AWS platform. We will later configure this with an AWS ECS “Service”.
For now, we will skip the details about what an AWS ECS service does.

Step 1: Go to EC2 Management Console on another browser tab/window. Then, from the
left-side menu, find and browse the “Security Groups” section.
Next, create a security group with an appropriate name (e.g. sgMyFlaskApp) with the
following inbound rule to allow incoming traffic on port 5000, as shown below. Remember,
our containerized application has been configured to listen on port 5000.

Step 2: Go back to the left-side menu on the EC2 Management Console. This time, find

13
 RMIT Classification: Trusted

and browse the “Load Balancers” section as below.

Step 2: Now, to configure an “Application Load Balancer” instance for our app, tap the
“Create Load Balancer” button.

Then, from the load balancer creation wizard, select “Application Load Balancer” option,
as below. Next, click “Create” button associated with the aforementioned category.

Step 3: From the resulting page, configure an appropriate name as the “Load balancer
14
 RMIT Classification: Trusted

name” (e.g. myflaskapp-alb) within the “Basic configuration” sub-section.

Step 4: In the “Network mapping” section, select any two availability zones from the
options listed (e.g. us-east-1a and us-east-1b).

Step 5: Next, in the “Security Groups” section, find and configure the security group we
created previously (e.g. sgMyFlaskApp), as below.

Step 6: After that, in the “Listeners and routing” section, configure “Port” as 5000. Next,
tap “Create target group” link. Within the “Create target group” wizard, select “Target type”
as “IP Addresses”, and also provide an appropriate name for the target group (e.g.
myflaskapp-alb-target-group). Leave the other fields (including the port) unchanged. Click
“Next”.

15
 RMIT Classification: Trusted

Finally, on the next page, tap “Create target group”.

Step 7: Go back to the “Listeners and routing” section of the load balancer configuration
and select the target group created above as “Default action”. If your target group has not
yet come up in the drop-down box next to the “Default action” property, click the “Refresh”
button available below the aforementioned property.

Step 8: To conclude creating our load balancer, tap “Create load balancer”. Find the ALB
instance we just created with the name myflaskapp-alb in the list of load balancers, and
copy the DNS name associated with it. We will later need it to browse our containerized
application.

We have now created an ALB instance to configure with your AWS ECS service!

Create an AWS ECS service

Now that you have created a container and task definition, as well as a load balancer
instance, you will next configure an Amazon ECS service. A service launches and
maintains copies of the task definition in your cluster. For example, by running an
application as a service, Amazon ECS will auto-recover any stopped tasks and maintain
the number of copies you specify.

Step 1: To create a service, go back to the cluster you have previously created (e.g.
s3693452-mycluster) in AWS ECS. Select the “Services” tab and tap “Create”.
16
 RMIT Classification: Trusted

Step 2: From the “Create service” wizard, select “Fargate” as the “Launch type”.
Configure an appropriate name for the service (e.g. myflaskapp-service). Also set the
“Number of tasks” as 1. This corresponds to the number of tasks that the service will aim
to maintain for your app.

If you carefully inspect the other parameters, you will see that the task definition we
created previously with the name “myflaskapp” is now listed as the selected “Task
Definition”, by default. Leave it as is. A snapshot of what your configuration should be is
shown below.

17
 RMIT Classification: Trusted

Now, tap “Next step”.

Step 3: You will now be asked to “Configure network”. Configure the following
parameters to complete this step.

• “Cluster VPC” selects a VPC from the list of VPCs shown in the drop-down box
next to it. If you are building a custom app this should be the VPC assigned to
any other AWS services you will need to access from your instance. For our
app, any will do.

• Add at least one subnet from the values listed in the drop-down box next to
18
 RMIT Classification: Trusted

“Subnets” (e.g. us-east-1a and us-east-1b).

• In the Security Groups section, select the security group you previously created
(i.e. sgMyFlaskApp).

Step 4: Next, in the “Load Balancing” configuration, select “Application Load

Balancer”, and configure Load balancer name to point to the one we created
previously (i.e. myflaskapp-alb).

This will, now, enable the “Health check grace period” parameter, which was
previously disabled in the “Health check grace period” section. Set it to 60. With
this configuration, the ALB will wait for 60 seconds to start health checks against
our container instances.

19
 RMIT Classification: Trusted

Step 5: In the “Container to load balance” section, tap “Add to load balancer”
button. Then, select 5000:HTTP as the “Production listener port” from the
associated drop-down box. Also, select myflaskapp-alb-target-group we created
previously as the “Target group name”, as below. Once done, tap “Next”.

20
 RMIT Classification: Trusted

Step 6: In the next step, we will configure auto scaling for our application. This step is
desirable, yet optional. If you wish to enable auto-scaling, select “Configure auto scaling to
adjust your service’s desired count”. In this example, however, we will opt against it for
simplicity. Next, tap “Next step”.

Step 7: Now, review all the details you have configured in your service definition, and
tap “Create service” to create your service. If this step is completed successfully, you
will see a confirmation notice similar to what is shown below. Now, click “View service”.

21
 RMIT Classification: Trusted

Wait till the service “Status” to turn to “ACTIVE”, and in the “Tasks” tab, your
task’s “Last status” to turn to “RUNNING”.

Step 8: Finally, paste the ALB DNS name we copied earlier on a new browser
window/tab with port 5000, as below. You will now be able to see your
containerized Flask application loading on the browser over HTTP!

Note: Don’t worry if you forgot to copy the ALB DNS name. You can easily locate

22
 RMIT Classification: Trusted

it by browsing the “Load Balancers” section of the EC2 Management Console.

Congratulations!
Congratulations! You have learned how to configure, deploy, and delete your
Docker-enabled application to Amazon Elastic Container Service (Amazon ECS).
Amazon ECS is a highly scalable, high performance container management service
that supports Docker containers and allows you to easily run applications on a
managed cluster of Amazon EC2 instances.

Additional References:

• Docker Desktop overview. https://docs.docker.com/desktop/

• A Docker Tutorial for Beginners. https://docker-curriculum.com/

23