Deploy a container instance in AWS

Step 1: Sign in to AWS account

Sign in to the AWS portal.

If you do not have an AWS account, then register for a new AWS account.

Step 2: Create a virtual private cloud

You can use Amazon Virtual Private Cloud (Amazon VPC) to launch AWS resources into a virtual network that you've defined. We strongly suggest that you launch your container instances in a VPC.

If you have a default VPC, you can skip this section and move to the next task, Create a security group. To determine whether you have a default VPC, see Supported Platforms in the Amazon EC2 Console in the Amazon EC2 User Guide. Otherwise, you can create a nondefault VPC in your account using the steps below.

For information about how to create a VPC, see Create a VPC only in the Amazon VPC User Guide, and use the following table to determine what options to select.

For more information about Amazon VPC, see What is Amazon VPC? in the Amazon VPC User Guide.

Step 3: Create a security group

Security groups act as a firewall for associated container instances, controlling both inbound and outbound traffic at the container instance level. You can add rules to a security group that enable you to connect to your container instance from your IP address using SSH. You can also add rules that allow inbound and outbound HTTP and HTTPS access from anywhere. Add any rules to open ports that are required by your tasks. Container instances require external network access to communicate with the Amazon ECS service endpoint.

For information about how to create a security group, see Create a security group in the Amazon EC2 User Guide and use the following table to determine what options to select.

Step 4: Create a ECS Cluster

On the AWS portal homepage, search "ECS" in the search box and select "Elastic Container Service". Or open the console at https://console.aws.amazon.com/ecs/v2.

Select "Create cluster".

Enter the "Cluster name". Select only "AWS Fargate (serverless)" in Infrastructure section.

Leave the other values as their defaults, then select Create.

Step 5: Create a Task Definition

After the cluster is created, select Task Definitions.

Select "Create new task definition", then select "Create new task definition".

On the Task definition configuration section, enter the value for Task definition family.

On the Infrastructure requirements section, enter the following values for Launch type, CPU, Memory, Task role, and Task execution role.

• Launch type: Only AWS Fargate
• CPU: 1 vCPU
• Memory: 2 GB
• Task role: ecsTaskExecutionRole
• Task execution role: ecsTaskExecutionRole

On the Container - 1 section, enter the following values for Name, Image URI, Container port, Port name, and Environment variables.

• Name: mycontainer
• Image URI: Use ironsoftwareofficial/ironsecuredoc for the latest or specify by tag ironsoftwareofficial/ironsecuredoc:2024.7.1
• Container port: 8080
• Port name: 8080
• Add Environment variables:
  • ENVIRONMENT: Production
  • HTTP_PORTS: 8080
  • IronSecureDoc_LicenseKey: YOUR-LICENSE-KEY

For IronSecureDoc_LicenseKey, it is not recommended to add directly into Environment variables for security. It is recommended to retrieve the environment file from an encrypted Amazon S3 bucket, see Pass sensitive data to an Amazon ECS container.

Leave the other values as their defaults, then select Create.

Step 6: Create a Service

Go back to the Clusters page > Select your cluster (IronSecureDoc).

Select the "Service" tab > then select "Create".

In the Environment section, enter the following values for Compute options and Launch type.

• Compute options: Select Launch type
• Launch type: Select FARGATE

In the Deployment configuration section, enter the following values for Application type, Family, Revision, Service name, and Desired tasks.

• Application type: Select Service
• Task definition:
  • Family: Select the created task definition ironsecuredoc
  • Revision: Select task definition revision 1 (LATEST)
• Service name: myservice
• Desired tasks: 1

Please note that for networking you may need to create a VPC and a Security group if they do not exist.

Leave the other values as their defaults, then select Create.

When the deployment starts, a notification appears that indicates the deployment is in progress. Another notification is displayed when the service has been deployed.

View your service > then open the task.

In Task Configuration, you can use the Public IP to run a curl command to check if the API is working correctly, which should return pong.

curl http://18.118.166.206:8080/v1/document-services/ping

curl http://18.118.166.206:8080/v1/document-services/ping

Congratulations! By configuring just a few settings, you've deployed a publicly accessible application in Amazon Elastic Container Service.