Deploy a container instance in AWS
Amazon Elastic Container Service (Amazon ECS) is a highly scalable, fast, container management service that makes it easy to run, stop, and manage your containers. You can host your containers on a serverless infrastructure that is managed by Amazon ECS by launching your services or tasks on AWS Fargate. For more information on Fargate, see AWS Fargate for Amazon ECS.
Step 1: Sign in to AWS account
Sign in to the AWS portal.
If you do not have an AWS account, then register for a new AWS account.
Step 2: Create a virtual private cloud
You can use Amazon Virtual Private Cloud (Amazon VPC) to launch AWS resources into a virtual network that you've defined. We strongly suggest that you launch your container instances in a VPC.
If you have a default VPC, you can skip this section and move to the next task, Create a security group. To determine whether you have a default VPC, see Supported Platforms in the Amazon EC2 Console in the Amazon EC2 User Guide. Otherwise, you can create a nondefault VPC in your account using the steps below.
For information about how to create a VPC, see Create a VPC only in the Amazon VPC User Guide, and use the following table to determine what options to select.
| Option | Value |
|---|---|
| Resources to create | VPC only |
| Name | Optionally provide a name for your VPC |
| IPv4 CIDR block | IPv4 CIDR manual input The CIDR block size must have a size between /16 and /28 |
| IPv6 CIDR block | No IPv6 CIDR block |
| Tenancy | Default |
For more information about Amazon VPC, see What is Amazon VPC? in the Amazon VPC User Guide.
Step 3: Create a security group
Security groups act as a firewall for associated container instances, controlling both inbound and outbound traffic at the container instance level. You can add rules to a security group that enable you to connect to your container instance from your IP address using SSH. You can also add rules that allow inbound and outbound HTTP and HTTPS access from anywhere. Add any rules to open ports that are required by your tasks. Container instances require external network access to communicate with the Amazon ECS service endpoint.
For information about how to create a security group, see Create a security group in the Amazon EC2 User Guide and use the following table to determine what options to select.
| Option | Value |
|---|---|
| Region | The same Region in which you created your key pair |
| Name | A name that is easy for you to remember, such as ecs-instances-default-cluster |
| VPC | The default VPC (marked with "(default)" Note If your account supports Amazon EC2 Classic, select the VPC that you created in the previous task |
Step 4: Create a ECS Cluster
On the AWS portal homepage, search "ECS" in the search box and select "Elastic Container Service". Or open the console at https://console.aws.amazon.com/ecs/v2.
Select "Create cluster".
Enter the "Cluster name". Select only "AWS Fargate (serverless)" in Infrastructure section.
Leave the other values as their defaults, then select Create.
Step 5: Create a Task Definition
After the cluster is created, select Task Definitions.
Select "Create new task definition", then select "Create new task definition".
On the Task definition configuration section, enter the value for Task definition family.
On the Infrastructure requirements section, enter the following values for Launch type, CPU, Memory, Task role, and Task execution role.
- Launch type: Only
AWS Fargate - CPU:
1 vCPU - Memory:
2 GB - Task role:
ecsTaskExecutionRole - Task execution role:
ecsTaskExecutionRole
On the Container - 1 section, enter the following values for Name, Image URI, Container port, Port name, and Environment variables.
- Name:
mycontainer - Image URI: Use
ironsoftwareofficial/ironsecuredocfor the latest or specify by tagironsoftwareofficial/ironsecuredoc:2024.7.1 - Container port:
8080 - Port name:
8080 - Add Environment variables:
- ENVIRONMENT:
Production - HTTP_PORTS:
8080 - IronSecureDoc_LicenseKey:
YOUR-LICENSE-KEY
- ENVIRONMENT:
For IronSecureDoc_LicenseKey, it is not recommended to add directly into Environment variables for security. It is recommended to retrieve the environment file from an encrypted Amazon S3 bucket, see Pass sensitive data to an Amazon ECS container.
Leave the other values as their defaults, then select Create.
Step 6: Create a Service
Go back to the Clusters page > Select your cluster (IronSecureDoc).
Select the "Service" tab > then select "Create".
In the Environment section, enter the following values for Compute options and Launch type.
- Compute options: Select
Launch type - Launch type: Select
FARGATE
In the Deployment configuration section, enter the following values for Application type, Family, Revision, Service name, and Desired tasks.
- Application type: Select
Service - Task definition:
- Family: Select the created task definition
ironsecuredoc - Revision: Select task definition revision
1 (LATEST)
- Family: Select the created task definition
- Service name:
myservice - Desired tasks:
1
Please note that for networking you may need to create a VPC and a Security group if they do not exist.
Leave the other values as their defaults, then select Create.
When the deployment starts, a notification appears that indicates the deployment is in progress. Another notification is displayed when the service has been deployed.
View your service > then open the task.
In Task Configuration, you can use the Public IP to run a curl command to check if the API is working correctly, which should return pong.
curl http://18.118.166.206:8080/v1/document-services/pingcurl http://18.118.166.206:8080/v1/document-services/ping
Congratulations! By configuring just a few settings, you've deployed a publicly accessible application in Amazon Elastic Container Service.
Frequently Asked Questions
How can I set up AWS for document security?
To set up AWS for document security, you can deploy container instances via Amazon ECS. This involves creating a Virtual Private Cloud (VPC), setting up a security group, and using AWS Fargate for serverless infrastructure. IronSecureDoc can be integrated to ensure secure document management.
What is the purpose of creating a Virtual Private Cloud (VPC) in AWS?
Creating a VPC in AWS allows you to launch AWS resources in a logically isolated virtual network. This setup provides control over your networking environment and is crucial for managing document security through services like IronSecureDoc.
Why is it important to set up a security group for ECS deployments?
Setting up a security group is vital for controlling inbound and outbound traffic to your ECS container instances. It acts as a virtual firewall, ensuring that only authorized traffic reaches IronSecureDoc services deployed on AWS.
How do I deploy a container instance using AWS Fargate?
To deploy a container instance using AWS Fargate, you must first create an ECS cluster. Then, define a task definition specifying the requirements like CPU, memory, and container settings. Finally, create a service within the ECS Cluster to manage the deployment of IronSecureDoc.
What role does a Task Definition play in Amazon ECS?
In Amazon ECS, a Task Definition serves as an application blueprint. It outlines the requirements for running your containers, such as launch type, CPU, memory, and container definitions. This is crucial for deploying applications like IronSecureDoc.
How can I manage environment variables securely in AWS?
You can manage environment variables securely in AWS by retrieving sensitive data, such as the IronSecureDoc license key, from encrypted Amazon S3 buckets. This approach helps protect sensitive information from unauthorized access.
How can I verify the successful deployment of my ECS service?
You can verify the deployment of your ECS service by using the Public IP to run a curl command. For example, executing curl http:// should return 'pong', indicating that the IronSecureDoc service is running correctly.
Do I need to create a new VPC and Security Group for each deployment?
If a default VPC and Security Group do not exist, you must create them to ensure proper networking and security configurations for your ECS deployments. This setup is essential for the secure functioning of applications like IronSecureDoc.
