Skip to content

Instantly share code, notes, and snippets.

@anarquias

anarquias/Deployment.md

Created November 14, 2019 19:59
Show Gist options
  • Save anarquias/284ad38fee1f1b4f6726647229901c7c to your computer and use it in GitHub Desktop.
Save anarquias/284ad38fee1f1b4f6726647229901c7c to your computer and use it in GitHub Desktop.
Download ZIP
Deployment Commands for School Portal
Raw
Deployment.md

Setting up container deployment to ECS (AWS Fargate) w/ Docker Compose

Ensure to use environment variables as shown in '.envrc.example'

TODO: This stuff below should eventually go into a README as Markdown

Basic Steps:

  1. AWS Account
  2. AWS CLI & configure
  3. AWS IAM
  4. ECS (AWS) CLI & configure
  5. a) Cluster, security group, etc.
  6. b) Compose, ecs-params.yml
  7. ECS UP, PS, LOGS
  8. Service discovery.
  9. Verify service discovery.
  10. Cleanup time!

IAM configuration of the 'ecsTaskExecutionRole', the IAM role that allows us

to run tasks, has already been completed at this point and does not need to be

done again. Check IAM's roles for more information.

This configuration needs to be run on a per-user basis, so that your

CLI knows what resources it needs to interact with. The resources themselves

however do not need to be created since they have already been by this point.

ecs-cli configure --config-name "school-portal" --default-launch-type "FARGATE" --region "us-east-2"

Ensure the cluster you just made is set to the default.

ecs-cli configure default --config-name "school-portal"

Ensure to create the '~/.ecs/credentials' file first. Or maybe you can create it with the CLI?

ecs-cli configure profile default --profile-name "[email protected]"

It is only necessary to run these once as these resources have already been created.

ecs-cli up --cluster-config "school-portal" aws ec2 create-security-group --group-name "school-portal-sg" --description "School portal security group" --vpc-id "vpc-0dd256e574e859708" aws ec2 authorize-security-group-ingress --group-id "sg-0f10b36ffc8967c9a" --protocol "tcp" --port 80 --cidr "0.0.0.0/0"

The following commands will create ECS services/schedulers that run tasks from

task definitions (Docker Compose files) that define containers (services),

which instances (containers) are spawned from. In the process it will also create

loggers, as specified in the Docker Compose file.

ecs-cli compose [options] service up combines create & start:

ecs-cli compose --ecs-params "./docker/ecs-params.yml" service up --enable-service-discovery

If we mess up, how does one "update"?

ecs-cli compose --ecs-params "./docker/ecs-params.yml" service ps

Get some logs for the instances (containers) spawned by the above.

ecs-cli logs --task-id "c565075f-e59f-46dd-ba52-eea194156875" --follow --cluster-config "school-portal"

Service discovery. Run this one time.

Verify service discovery: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/create-service-discovery.html

Clean Up Time!

Clean up stuff. Ensure you're on the right region!

  • TODO: Verify currently configured region for both aws and ecs-cli. Perhaps then can remove region calls.
  • TODO: Verify your work for each step.

Delete Services

Clean up service and its tasks/containers/instances:

ecs-cli compose --ecs-params "./docker/ecs-params.yml" service down

Verify Services Are Deleted

  • TODO: Take these out. This is handled elsewhere automatically.
  • TODO: Use the default cluster.
aws ecs list-services --cluster "school-portal"
aws ecs update-service --cluster default --service service_name --desired-count 0
aws ecs delete-service --cluster default --service service_name

Delete Container Instances

  • TODO: Take these out. This is handled elsewhere automatically.
  • TODO: Use the default cluster.
aws ecs list-container-instances --cluster "school-portal"
aws ecs deregister-container-instance --cluster "school-portal" --container-instance "container_instance_id" --force

Delete EC2 & CF Resources

In general, whenever you use the aws command you run the risk of modifying AWS resources that you don't want to modify. This is because when we're in ecs-cli land everything we do is scoped by region and by cluster, whereas in aws land it is only scoped by region. Be careful out there and triple check your work! You can use the --dry-run parameter for most commands.

Summary

  1. Find Your VPC

  2. Ensure Load Balancers Removed

aws elbv2 describe-load-balancers --region "us-east-2"

aws elbv2 describe-listeners --region "us-east-2" --load-balancer-arn "arn:aws:elasticloadbalancing:us-east-2:667992511323:loadbalancer/app/school-portal-load-balancer/1dc01cdda7ff8f1a"

aws elbv2 describe-target-groups --region "us-east-2" --load-balancer-arn "arn:aws:elasticloadbalancing:us-east-2:667992511323:loadbalancer/app/school-portal-load-balancer/1dc01cdda7ff8f1a"

aws elbv2 delete-listener --region "us-east-2" --listener-arn "arn:aws:elasticloadbalancing:us-east-2:667992511323:listener/app/school-portal-load-balancer/1dc01cdda7ff8f1a/0068d477d5112a50"

aws elbv2 delete-target-group --region "us-east-2" --target-group-arn "arn:aws:elasticloadbalancing:us-east-2:667992511323:targetgroup/school-portal-target-group/9c034adfe959256d"

aws elbv2 delete-load-balancer --region "us-east-2" --load-balancer-arn "arn:aws:elasticloadbalancing:us-east-2:667992511323:loadbalancer/app/school-portal-load-balancer/1dc01cdda7ff8f1a"

Verify your work:

aws elbv2 describe-load-balancers --region "us-east-2" --load-balancer-arns "arn:aws:elasticloadbalancing:us-east-2:667992511323:loadbalancer/app/school-portal-load-balancer/1dc01cdda7ff8f1a"

aws elbv2 describe-listeners --region "us-east-2" --listener-arns "arn:aws:elasticloadbalancing:us-east-2:667992511323:listener/app/school-portal-load-balancer/1dc01cdda7ff8f1a/0068d477d5112a50"

aws elbv2 describe-target-groups --region "us-east-2" --target-group-arns "arn:aws:elasticloadbalancing:us-east-2:667992511323:targetgroup/school-portal-target-group/9c034adfe959256d"
  1. Ensure Network Interfaces Removed
aws ec2 describe-network-interfaces --region "us-east-2" --filters "Name=vpc-id,Values=vpc-0ceccef5d5b346c43"

aws ec2 delete-network-interface --region "us-east-2" --network-interface-id "eni-0b84eff647d382b0a"

Verify your work:

aws ec2 describe-network-interfaces --region "us-east-2" --filters "Name=network-interface-id,Values=eni-0b84eff647d382b0a"

  1. Ensure Security Groups Removed
aws ec2 describe-security-groups --region "us-east-2" --filters "Name=vpc-id,Values=vpc-0ceccef5d5b346c43"

# Grab the "non-default" security group and ensure there are no more dependencies to take care of before deleting it.
aws ec2 describe-network-interfaces --region "us-east-2" --filters "Name=group-id,Values=sg-0412383b9bd11c926"

aws ec2 delete-security-group --region "us-east-2" --group-id "sg-0412383b9bd11c926"
  1. Ensure Subnets Removed
aws ec2 describe-subnets --region "us-east-2" --filters "Name=vpc-id,Values=vpc-0ceccef5d5b346c43"

aws ec2 delete-subnet --region "us-east-2" --subnet-id "subnet-05559ac4e10f034f3"

aws ec2 delete-subnet --region "us-east-2" --subnet-id "subnet-0138b00f4955c7874"
  1. Ensure Internet Gateways Are Removed
aws ec2 describe-internet-gateways --region "us-east-2" --filters "Name=attachment.vpc-id,Values=vpc-0ceccef5d5b346c43"

aws ec2 detach-internet-gateway --region "us-east-2" --vpc-id "vpc-0ceccef5d5b346c43" --internet-gateway-id "igw-03e4fbcbd25924304"

aws ec2 delete-internet-gateway --region "us-east-2" --internet-gateway-id "igw-03e4fbcbd25924304"
  1. Ensure VPCs Are Removed
aws ec2 describe-vpcs --region "us-east-2" --vpc-ids "vpc-0ceccef5d5b346c43"

aws ec2 delete-vpc --region "us-east-2" --vpc-id "vpc-0ceccef5d5b346c43"
  1. Ensure CloudFormation Resources Removed
  • NOTE: Needs to happen before removal of clusters. Doesn't seem to happen via ecs-cli compose service down.

aws cloudformation list-stacks --region "us-east-2"

Then, note all stacks not in DELETE_COMPLETE status, and for each, run:

aws cloudformation delete-stack --region "us-east-2" --stack-name "amazon-ecs-cli-setup-school-portal"

Delete Clusters

  • This will delete the cluster & CloudFormation stack (stuff needed for cluster).
  • TODO: Remove? This hung after issuing ecs-cli compose service down.
  • ERROR: "The subnet 'subnet-0138b00f4955c7874' has dependencies and cannot be deleted...
  • ERROR: "The internetGateway 'igw-03e4fbcbd25924304' has dependencies and cannot be deleted.

ecs-cli down --force

  • At this point, can delete cluster:
  • (delete cluster; should be handled by 'ecs down')
aws ecs list-clusters
aws ecs delete-cluster --cluster tutorial

Service Discovery:

Delete servicediscovery stuff:

aws servicediscovery list-services --region us-east-2 aws servicediscovery list-instances --service-id [] --region us-east-2 aws servicediscovery deregister-instance --service-id [] --instance-id [] --region us-east-2 aws servicediscovery get-operation --operation-id [] --region us-east-2

aws servicediscovery delete-service --id [] --region us-east-2

aws servicediscovery list-namespaces --region us-east-2 aws servicediscovery delete-namespace --id [] --region us-east-2 aws servicediscovery get-operation --operation-id [] --region us-east-2

Put this somewhere else:

aws elbv2 create-target-group --name school-portal-target-group --protocol HTTP --port 80 --vpc-id "vpc-0ceccef5d5b346c43" --target-type "ip" aws elbv2 create-listener --load-balancer "arn:aws:elasticloadbalancing:us-east-2:667992511323:loadbalancer/app/school-portal-load-balancer/1dc01cdda7ff8f1a" --protocol HTTP --port 80 --default-actions Type=forward,TargetGroupArn="arn:aws:elasticloadbalancing:us-east-2:667992511323:targetgroup/school-portal-target-group/9c034adfe959256d"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment