Deploy a container instance in AWS

Amazon Elastic Container Service (Amazon ECS) is a highly scalable, fast, container management service that makes it easy to run, stop, and manage your containers. You can host your containers on a serverless infrastructure that is managed by Amazon ECS by launching your services or tasks on AWS Fargate. For more information on Fargate, see AWS Fargate for Amazon ECS.

Step 1: Sign in to AWS account

Sign in to the AWS portal.

If you do not have an AWS account, then register for a new AWS account.

Step 2: Create a virtual private cloud

You can use Amazon Virtual Private Cloud (Amazon VPC) to launch AWS resources into a virtual network that you've defined. We strongly suggest that you launch your container instances in a VPC.

If you have a default VPC, you can skip this section and move to the next task, Create a security group. To determine whether you have a default VPC, see Supported Platforms in the Amazon EC2 Console in the Amazon EC2 User Guide. Otherwise, you can create a nondefault VPC in your account using the steps below.

For information about how to create a VPC, see Create a VPC only in the Amazon VPC User Guide, and use the following table to determine what options to select.

OptionValue
Resources to createVPC only
NameOptionally provide a name for your VPC
IPv4 CIDR blockIPv4 CIDR manual input
The CIDR block size must have a size between /16 and /28
IPv6 CIDR blockNo IPv6 CIDR block
TenancyDefault

For more information about Amazon VPC, see What is Amazon VPC? in the Amazon VPC User Guide.

Step 3: Create a security group

Security groups act as a firewall for associated container instances, controlling both inbound and outbound traffic at the container instance level. You can add rules to a security group that enable you to connect to your container instance from your IP address using SSH. You can also add rules that allow inbound and outbound HTTP and HTTPS access from anywhere. Add any rules to open ports that are required by your tasks. Container instances require external network access to communicate with the Amazon ECS service endpoint.

For information about how to create a security group, see Create a security group in the Amazon EC2 User Guide and use the following table to determine what options to select.

OptionValue
RegionThe same Region in which you created your key pair
NameA name that is easy for you to remember, such as ecs-instances-default-cluster
VPCThe default VPC (marked with "(default)"
Note
If your account supports Amazon EC2 Classic, select the VPC that you created in the previous task

Step 4: Create a ECS Cluster

On the AWS portal homepage, search "ECS" in the search box and select "Elastic Container Service". Or open the console at https://console.aws.amazon.com/ecs/v2.

Search ECS

Select "Create cluster".

Create cluster

Enter the "Cluster name". Select only "AWS Fargate (serverless)" in Infrastructure section.

Create cluster values

Leave the other values as their defaults, then select Create.

Step 5: Create a Task Definition

After the cluster is created, select Task Definitions.

Create task definition

Select "Create new task definition", then select "Create new task definition".

Create new task definition

On the Task definition configuration section, enter the value for Task definition family.

Task definition configuration section

On the Infrastructure requirements section, enter the following values for Launch type, CPU, Memory, Task role, and Task execution role.

  • Launch type: Only AWS Fargate
  • CPU: 1 vCPU
  • Memory: 2 GB
  • Task role: ecsTaskExecutionRole
  • Task execution role: ecsTaskExecutionRole

Infrastructure requirements

On the Container - 1 section, enter the following values for Name, Image URI, Container port, Port name, and Environment variables.

  • Name: mycontainer
  • Image URI: Use ironsoftwareofficial/ironsecuredoc for the latest or specify by tag ironsoftwareofficial/ironsecuredoc:2024.7.1
  • Container port: 8080
  • Port name: 8080
  • Add Environment variables:
    • ENVIRONMENT: Production
    • HTTP_PORTS: 8080
    • IronSecureDoc_LicenseKey: YOUR-LICENSE-KEY

For IronSecureDoc_LicenseKey, it is not recommended to add directly into Environment variables for security. It is recommended to retrieve the environment file from an encrypted Amazon S3 bucket, see Pass sensitive data to an Amazon ECS container.

Container section

Leave the other values as their defaults, then select Create.

Step 6: Create a Service

Go back to the Clusters page > Select your cluster (IronSecureDoc).

Select your cluster

Select the "Service" tab > then select "Create".

Create service

In the Environment section, enter the following values for Compute options and Launch type.

  • Compute options: Select Launch type
  • Launch type: Select FARGATE

Service environment

In the Deployment configuration section, enter the following values for Application type, Family, Revision, Service name, and Desired tasks.

  • Application type: Select Service
  • Task definition:
    • Family: Select the created task definition ironsecuredoc
    • Revision: Select task definition revision 1 (LATEST)
  • Service name: myservice
  • Desired tasks: 1

Service deployment configuration

Please note that for networking you may need to create a VPC and a Security group if they do not exist.

Leave the other values as their defaults, then select Create.

When the deployment starts, a notification appears that indicates the deployment is in progress. Another notification is displayed when the service has been deployed.

View your service > then open the task.

Open created task

In Task Configuration, you can use the Public IP to run a curl command to check if the API is working correctly, which should return pong.

curl http://18.118.166.206:8080/v1/document-services/ping
curl http://18.118.166.206:8080/v1/document-services/ping
SHELL

Public IP

Congratulations! By configuring just a few settings, you've deployed a publicly accessible application in Amazon Elastic Container Service.

Frequently Asked Questions

What is Amazon Elastic Container Service (Amazon ECS)?

Amazon ECS is a highly scalable, fast, container management service that makes it easy to run, stop, and manage your containers on a serverless infrastructure managed by AWS.

How do I sign in to my AWS account for deployment?

To sign in, access the AWS portal with your credentials. If you do not have an account, you can register for a new AWS account.

What is Amazon VPC and why do I need it?

Amazon Virtual Private Cloud (Amazon VPC) allows you to launch AWS resources into a virtual network that you've defined, providing control over your virtual networking environment.

How do I create a security group in AWS?

Security groups can be created in the Amazon EC2 Console. They control inbound and outbound traffic to your container instances, acting as a virtual firewall.

What steps are involved in creating an ECS cluster?

To create an ECS cluster, search for 'ECS' in the AWS portal, select 'Elastic Container Service', click 'Create cluster', and choose 'AWS Fargate (serverless)' in the Infrastructure section.

What is a Task Definition in Amazon ECS?

A Task Definition is an application blueprint in Amazon ECS, where you specify parameters like launch type, CPU, memory, task roles, container definitions, and more.

How do I ensure document security on AWS?

To ensure document security, integrate IronSecureDoc within your ECS setup and manage environment variables securely, preferably retrieving sensitive data from encrypted Amazon S3 buckets.

What is AWS Fargate and why is it used?

AWS Fargate is a serverless compute engine for containers that works with both Amazon ECS and EKS. It eliminates the need to manage servers, allowing you to specify and pay for resources per application.

How can I verify if my ECS service is running correctly?

You can verify your ECS service by using the Public IP to run a curl command. For example, executing 'curl http://:8080/v1/document-services/ping' should return 'pong' if the service is running correctly.

Is it necessary to create a VPC and Security Group for every deployment?

If a default VPC and Security Group do not exist, you need to create them to ensure proper networking and security configurations for your ECS deployments.

Chaknith Bin
Software Engineer
Chaknith works on IronXL and IronBarcode. He has deep expertise in C# and .NET, helping improve the software and support customers. His insights from user interactions contribute to better products, documentation, and overall experience.