Deploy a container instance in AWS
Amazon Elastic Container Service (Amazon ECS) is a highly scalable, fast, container management service that makes it easy to run, stop, and manage your containers. You can host your containers on a serverless infrastructure that is managed by Amazon ECS by launching your services or tasks on AWS Fargate. For more information on Fargate, see AWS Fargate for Amazon ECS.
Step 1: Sign in to AWS account
Sign in to the AWS portal.
If you do not have an AWS account, then register for a new AWS account.
Step 2: Create a virtual private cloud
You can use Amazon Virtual Private Cloud (Amazon VPC) to launch AWS resources into a virtual network that you've defined. We strongly suggest that you launch your container instances in a VPC.
If you have a default VPC, you can skip this section and move to the next task, Create a security group. To determine whether you have a default VPC, see Supported Platforms in the Amazon EC2 Console in the Amazon EC2 User Guide. Otherwise, you can create a nondefault VPC in your account using the steps below.
For information about how to create a VPC, see Create a VPC only in the Amazon VPC User Guide, and use the following table to determine what options to select.
| Option | Value |
|---|---|
| Resources to create | VPC only |
| Name | Optionally provide a name for your VPC |
| IPv4 CIDR block | IPv4 CIDR manual input The CIDR block size must have a size between /16 and /28 |
| IPv6 CIDR block | No IPv6 CIDR block |
| Tenancy | Default |
For more information about Amazon VPC, see What is Amazon VPC? in the Amazon VPC User Guide.
Step 3: Create a security group
Security groups act as a firewall for associated container instances, controlling both inbound and outbound traffic at the container instance level. You can add rules to a security group that enable you to connect to your container instance from your IP address using SSH. You can also add rules that allow inbound and outbound HTTP and HTTPS access from anywhere. Add any rules to open ports that are required by your tasks. Container instances require external network access to communicate with the Amazon ECS service endpoint.
For information about how to create a security group, see Create a security group in the Amazon EC2 User Guide and use the following table to determine what options to select.
| Option | Value |
|---|---|
| Region | The same Region in which you created your key pair |
| Name | A name that is easy for you to remember, such as ecs-instances-default-cluster |
| VPC | The default VPC (marked with "(default)" Note If your account supports Amazon EC2 Classic, select the VPC that you created in the previous task |
Step 4: Create a ECS Cluster
On the AWS portal homepage, search "ECS" in the search box and select "Elastic Container Service". Or open the console at https://console.aws.amazon.com/ecs/v2.
Select "Create cluster".
Enter the "Cluster name". Select only "AWS Fargate (serverless)" in Infrastructure section.
Leave the other values as their defaults, then select Create.
Step 5: Create a Task Definition
After the cluster is created, select Task Definitions.
Select "Create new task definition", then select "Create new task definition".
On the Task definition configuration section, enter the value for Task definition family.
On the Infrastructure requirements section, enter the following values for Launch type, CPU, Memory, Task role, and Task execution role.
- Launch type: Only
AWS Fargate - CPU:
1 vCPU - Memory:
2 GB - Task role:
ecsTaskExecutionRole - Task execution role:
ecsTaskExecutionRole
On the Container - 1 section, enter the following values for Name, Image URI, Container port, Port name, and Environment variables.
- Name:
mycontainer - Image URI: Use
ironsoftwareofficial/ironsecuredocfor the latest or specify by tagironsoftwareofficial/ironsecuredoc:2024.7.1 - Container port:
8080 - Port name:
8080 - Add Environment variables:
- ENVIRONMENT:
Production - HTTP_PORTS:
8080 - IronSecureDoc_LicenseKey:
YOUR-LICENSE-KEY
- ENVIRONMENT:
For IronSecureDoc_LicenseKey, it is not recommended to add directly into Environment variables for security. It is recommended to retrieve the environment file from an encrypted Amazon S3 bucket, see Pass sensitive data to an Amazon ECS container.
Leave the other values as their defaults, then select Create.
Step 6: Create a Service
Go back to the Clusters page > Select your cluster (IronSecureDoc).
Select the "Service" tab > then select "Create".
In the Environment section, enter the following values for Compute options and Launch type.
- Compute options: Select
Launch type - Launch type: Select
FARGATE
In the Deployment configuration section, enter the following values for Application type, Family, Revision, Service name, and Desired tasks.
- Application type: Select
Service - Task definition:
- Family: Select the created task definition
ironsecuredoc - Revision: Select task definition revision
1 (LATEST)
- Family: Select the created task definition
- Service name:
myservice - Desired tasks:
1
Please note that for networking you may need to create a VPC and a Security group if they do not exist.
Leave the other values as their defaults, then select Create.
When the deployment starts, a notification appears that indicates the deployment is in progress. Another notification is displayed when the service has been deployed.
View your service > then open the task.
In Task Configuration, you can use the Public IP to run a curl command to check if the API is working correctly, which should return pong.
curl http://18.118.166.206:8080/v1/document-services/pingcurl http://18.118.166.206:8080/v1/document-services/ping
Congratulations! By configuring just a few settings, you've deployed a publicly accessible application in Amazon Elastic Container Service.
Frequently Asked Questions
What is Amazon Elastic Container Service (Amazon ECS)?
Amazon ECS is a highly scalable, fast, container management service that makes it easy to run, stop, and manage your containers on a serverless infrastructure managed by AWS.
How do I sign in to my AWS account for deployment?
To sign in, access the AWS portal with your credentials. If you do not have an account, you can register for a new AWS account.
What is Amazon VPC and why do I need it?
Amazon Virtual Private Cloud (Amazon VPC) allows you to launch AWS resources into a virtual network that you've defined, providing control over your virtual networking environment.
How do I create a security group in AWS?
Security groups can be created in the Amazon EC2 Console. They control inbound and outbound traffic to your container instances, acting as a virtual firewall.
What steps are involved in creating an ECS cluster?
To create an ECS cluster, search for 'ECS' in the AWS portal, select 'Elastic Container Service', click 'Create cluster', and choose 'AWS Fargate (serverless)' in the Infrastructure section.
What is a Task Definition in Amazon ECS?
A Task Definition is an application blueprint in Amazon ECS, where you specify parameters like launch type, CPU, memory, task roles, container definitions, and more.
How do I ensure document security on AWS?
To ensure document security, integrate IronSecureDoc within your ECS setup and manage environment variables securely, preferably retrieving sensitive data from encrypted Amazon S3 buckets.
What is AWS Fargate and why is it used?
AWS Fargate is a serverless compute engine for containers that works with both Amazon ECS and EKS. It eliminates the need to manage servers, allowing you to specify and pay for resources per application.
How can I verify if my ECS service is running correctly?
You can verify your ECS service by using the Public IP to run a curl command. For example, executing 'curl http://
Is it necessary to create a VPC and Security Group for every deployment?
If a default VPC and Security Group do not exist, you need to create them to ensure proper networking and security configurations for your ECS deployments.
