Deploy Application on AWS

Author: Tran Tuan Quy

Date: Sep 24, 2017

About Me

  • Full Stack JavaScript Developer

  • Technical Manager at NAU Studio

  • I has worked for Pyramid Consulting as Frontend Manager

 

Contact Me

  • Twitter: #tuanquynet                              

  • G+: tuanquynet

  • Gmail: tuanquynet@gmail.com

Contents

  • What is AWS

  • Virtual Private Cloud (VPC - Networking Service)

  • EC2 Instance and related components (Compute Service)

  • ECS and related components (Compute Service)

  • Config autoscale (Compute Service)

  • Recap

What is AWS

What is AWS?

  • AWS stand for amazon web service
  • AWS is an IaaS.
  • AWS provide a lot of products (services) to allow to build your own cloud infrastructure
  • Services provided by AWS:
    • Compute
    • Storage
    • Networking
    • Database
    • DNS

Virtual Private Cloud

Default VPC

Virtual Private Cloud

Non-default VPC

Create non-default VPC

Create a VPC

  • Select and check current region
  • Name tag
  • CIDR (Classless Inter-Domain Routing) IPv4
    • VPC CIDR: 172.31.0.0/16
    • Subnet 1a: 172.31.0.0/20 (4096 addresses)
    • Subnet 1b: 172.31.16.0/20 (4096 addresses)
  • CIDR (Classless Inter-Domain Routing) IPv6

Create a VPC - Internet Gateway

Name igw-demo-app
vpc vpc-demo-app

Create a VPC - Subnet

Create subnets 1a

Name subnet-demo-app-1a
vpc vpc-demo-app
Available zone ap-southeast-1a
CIDR 172.31.0.0/20
Auto-assign public ip No/Yes

Create a VPC - Subnet

Create subnets 1b

Name subnet-demo-app-1b
vpc vpc-demo-app
Available zone ap-southeast-1b
CIDR 172.31.16.0/20
Auto-assign public ip No/Yes

Create a VPC - Route Table

Name route-table-demo-app-name
vpc vpc-demo-app
Destination Target
172.31.0.0/16 local
0.0.0.0/0 igw-67ad6c03

Create a VPC - Security Group

Type Protocol Port Range Source
ALL TCP TCP All 172.31.0.0/10

Create a security group for internal network

Create a VPC - Security Group

Type Protocol Port Range Source
HTTP (80) TCP All 0.0.0.0/0

Create a security group for public web app server

Create a VPC - Security Group

Type Protocol Port Range Source
All TCP TCP All 116.102.18.170/32

Create a security group for SysAdmin (DevOps)

Take Notes

  • EC2 instance inside Non-default VPC is not accessible from Internet by default.
  • To make EC2 instance accessible from internet, we need to config NAT gateway. It would be easier with enabled "Auto Assign Public IP" and then restrict access from outside by using Security Group

EC2

EC2 - Key Pair

  • It's actually ssh key.
  • Use to remote access ec2 instance via ssh
  • We must the private key in secret place.
  • Don't lose it otherwise it will take time to get controlled

EC2 - Network Interface

When creating ec2 instance we can attach specific network interface with static ip or let it auto generate an ip.

Subnet Private IP Security Group
subnet-demo-app-1a 172.31.0.100 or auto assign public-web-app-server
subnet-demo-app-1a 172.31.16.100 or auto assign public-web-app-server

EC2 - EBS Volumes

  • EBS Volumes is block-level storage device
  • We use it like any other physical hard drive.
  • EBS Volumes is flexible and can be expanded

EC2 - EBS Snapshot

  • EBS snapshots are incremental backups
  • Only the blocks on the device that have changed after your most recent snapshot are saved.
  • We create new copy of a EBS volumes via its snapshot

EC2 - EBS Snapshot

EC2 - Elastic IP

  • An Elastic IP address is a static IPv4 address designed for dynamic cloud computing.
  • An Elastic IP address is a public IPv4 address, which is reachable from the Internet
  • We can associate Elastic IP with ec2 instance.

EC2 - Elastic Load Balancer (ELB)

  • Elastic Load Balancing distributes incoming application traffic across multiple EC2 instances, in multiple Availability Zones.
  • The load balancer serves as a single point of contact for clients, which increases the availability of your application.

EC2 - Elastic Load Balancer (ELB)

Let's Put It All Together

EC2 Container Service
(ECS)

EC2 Container Service

Source: https://www.linkedin.com/pulse/tutorial-deploying-your-first-docker-container-aws-ec2-wootton/

ECS - Cluster

  • Clusters can contain multiple different container instance types.

  • Clusters are region-specific.

  • Container instances can only be a part of one cluster at a time.

  • Define IAM policies to control who can access to cluster

ECS - Container Instance

  • This is actually an EC2 instance running the ECS agent.

  • The recommended option is to use AWS ECS AMI but any AMI can be used as long as you add the ECS agent to it. The ECS agent is also open source

ECS - Container Agent

  • This is the agent that runs on EC2 instances to form the ECS cluster.

  • If you’re using the ECS optimized AMI, you don’t need to do anything as the agent comes with it.

  • But if you want to run your own OS/AMI, you will need to install the agent. The container agent is open source and can be found here:

    https://github.com/aws/amazon-ecs-agen

ECS - Task Definition

  • An application containing one or more containers.

  • This is where you provide the Docker images, the amount of CPU/Memory to use, ports etc.

  • You can also link containers here, similar to a Docker command line.

     

ECS - Task

  • An instance of a task definition running on a container instance.

ECS - Service

  • A service in ECS allows you to run and maintain a specified number of instances of a task definition.

  • If a task in a service stops, the task is restarted.

  • Services ensure that the desired running tasks are achieved and maintained.

  • Services can also include things like load balancer configuration, IAM roles and placement strategies

Let's put it all together

Recap

  • With VPC, it allow us to define virtual private network quickly and securely.

  • With EC2 instance, it allow to scale system easily & automatically, increase high availability of our system.

  • With ECS which based on container approach, it make deploying on big system simpler.

Resource

Question & Answer

Thank for Your Attention

Made with Slides.com