Deploy Application on AWS
Author: Tran Tuan Quy
Date: Sep 24, 2017
About Me
-
Full Stack JavaScript Developer
-
Technical Manager at NAU Studio
-
I has worked for Pyramid Consulting as Frontend Manager
Contact Me
-
Twitter: #tuanquynet
-
G+: tuanquynet
-
Gmail: tuanquynet@gmail.com
Contents
-
What is AWS
-
Virtual Private Cloud (VPC - Networking Service)
-
EC2 Instance and related components (Compute Service)
-
ECS and related components (Compute Service)
-
Config autoscale (Compute Service)
-
Recap
What is AWS
What is AWS?
- AWS stand for amazon web service
- AWS is an IaaS.
- AWS provide a lot of products (services) to allow to build your own cloud infrastructure
- Services provided by AWS:
- Compute
- Storage
- Networking
- Database
- DNS
Virtual Private Cloud
Default VPC
Virtual Private Cloud
Non-default VPC
Create non-default VPC
Create a VPC
- Select and check current region
- Name tag
-
CIDR (Classless Inter-Domain Routing) IPv4
- VPC CIDR: 172.31.0.0/16
- Subnet 1a: 172.31.0.0/20 (4096 addresses)
- Subnet 1b: 172.31.16.0/20 (4096 addresses)
- CIDR (Classless Inter-Domain Routing) IPv6
Create a VPC - Internet Gateway
| Name | igw-demo-app |
|---|---|
| vpc | vpc-demo-app |
Create a VPC - Subnet
Create subnets 1a
| Name | subnet-demo-app-1a |
|---|---|
| vpc | vpc-demo-app |
| Available zone | ap-southeast-1a |
| CIDR | 172.31.0.0/20 |
| Auto-assign public ip | No/Yes |
Create a VPC - Subnet
Create subnets 1b
| Name | subnet-demo-app-1b |
|---|---|
| vpc | vpc-demo-app |
| Available zone | ap-southeast-1b |
| CIDR | 172.31.16.0/20 |
| Auto-assign public ip | No/Yes |
Create a VPC - Route Table
| Name | route-table-demo-app-name |
|---|---|
| vpc | vpc-demo-app |
| Destination | Target |
|---|---|
| 172.31.0.0/16 | local |
| 0.0.0.0/0 | igw-67ad6c03 |
Create a VPC - Security Group
| Type | Protocol | Port Range | Source |
|---|---|---|---|
| ALL TCP | TCP | All | 172.31.0.0/10 |
Create a security group for internal network
Create a VPC - Security Group
| Type | Protocol | Port Range | Source |
|---|---|---|---|
| HTTP (80) | TCP | All | 0.0.0.0/0 |
Create a security group for public web app server
Create a VPC - Security Group
| Type | Protocol | Port Range | Source |
|---|---|---|---|
| All TCP | TCP | All | 116.102.18.170/32 |
Create a security group for SysAdmin (DevOps)
Take Notes
- EC2 instance inside Non-default VPC is not accessible from Internet by default.
- To make EC2 instance accessible from internet, we need to config NAT gateway. It would be easier with enabled "Auto Assign Public IP" and then restrict access from outside by using Security Group
EC2
EC2 - Key Pair
- It's actually ssh key.
- Use to remote access ec2 instance via ssh
- We must the private key in secret place.
- Don't lose it otherwise it will take time to get controlled
EC2 - Network Interface
When creating ec2 instance we can attach specific network interface with static ip or let it auto generate an ip.
| Subnet | Private IP | Security Group |
|---|---|---|
| subnet-demo-app-1a | 172.31.0.100 or auto assign | public-web-app-server |
| subnet-demo-app-1a | 172.31.16.100 or auto assign | public-web-app-server |
EC2 - EBS Volumes
- EBS Volumes is block-level storage device
- We use it like any other physical hard drive.
- EBS Volumes is flexible and can be expanded
EC2 - EBS Snapshot
- EBS snapshots are incremental backups
- Only the blocks on the device that have changed after your most recent snapshot are saved.
- We create new copy of a EBS volumes via its snapshot
EC2 - EBS Snapshot
EC2 - Elastic IP
- An Elastic IP address is a static IPv4 address designed for dynamic cloud computing.
- An Elastic IP address is a public IPv4 address, which is reachable from the Internet
- We can associate Elastic IP with ec2 instance.
EC2 - Elastic Load Balancer (ELB)
- Elastic Load Balancing distributes incoming application traffic across multiple EC2 instances, in multiple Availability Zones.
- The load balancer serves as a single point of contact for clients, which increases the availability of your application.
EC2 - Elastic Load Balancer (ELB)
Let's Put It All Together
EC2 Container Service
(ECS)
EC2 Container Service
Source: https://www.linkedin.com/pulse/tutorial-deploying-your-first-docker-container-aws-ec2-wootton/
ECS - Cluster
-
Clusters can contain multiple different container instance types.
-
Clusters are region-specific.
-
Container instances can only be a part of one cluster at a time.
-
Define IAM policies to control who can access to cluster
ECS - Container Instance
-
This is actually an EC2 instance running the ECS agent.
-
The recommended option is to use AWS ECS AMI but any AMI can be used as long as you add the ECS agent to it. The ECS agent is also open source
ECS - Container Agent
-
This is the agent that runs on EC2 instances to form the ECS cluster.
-
If you’re using the ECS optimized AMI, you don’t need to do anything as the agent comes with it.
-
But if you want to run your own OS/AMI, you will need to install the agent. The container agent is open source and can be found here:
ECS - Task Definition
-
An application containing one or more containers.
-
This is where you provide the Docker images, the amount of CPU/Memory to use, ports etc.
-
You can also link containers here, similar to a Docker command line.
ECS - Task
-
An instance of a task definition running on a container instance.
ECS - Service
-
A service in ECS allows you to run and maintain a specified number of instances of a task definition.
-
If a task in a service stops, the task is restarted.
-
Services ensure that the desired running tasks are achieved and maintained.
-
Services can also include things like load balancer configuration, IAM roles and placement strategies
Let's put it all together
Recap
-
With VPC, it allow us to define virtual private network quickly and securely.
-
With EC2 instance, it allow to scale system easily & automatically, increase high availability of our system.
-
With ECS which based on container approach, it make deploying on big system simpler.