Viacheslav Vasilyev avoidik

How to install & configure ECR credentials helper

Download

$ sudo curl -fsSL https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.5.0/linux-amd64/docker-credential-ecr-login -o /usr/local/bin/docker-credential-ecr-login
$ sudo chmod +x /usr/local/bin/docker-credential-ecr-login

Configure

ECS Best Practices

Understand and check Service Quota of ECS/Fargate and other related services
Cluster
- Use IaC for setting up resources eg. CloudFormation, AWS CDK, Terraform
  - Use copilot for simple setup
  - CloudFormation reference architecture template
    - https://github.com/nathanpeck/ecs-cloudformation
    - https://github.com/awslabs/aws-cloudformation-templates/tree/master/aws/services/ECS
CDK for ECS: blog

Please check https://aws.github.io/aws-eks-best-practices/ for more comprehensive EKS best practice!

Architecture

Think about multi-tenancy, isolation for different environment or different workload
- Isolation at account level using AWS organization
- Isolation at the network layer ie. different VPC & different cluster
- Use different Nodes Group (Node pool) for different purpose/category e.g. create dedicated node groups for Operational tools such as CI/CD tool, Monitoring tool, Centralize logging system.
- Separate namespace for different workload

Reliability | Principles

How to deploy Functionbeat on AWS

These notes are supplementing my another guide about Minimal Elastic monitoring stack

Forward Kibana port

We need session-manager plugin and AWS CLI packages installed:

Minimal Elastic monitoring stack

You may use t3.medium AWS EC2 instance to run this stack.

Install docker runtime

$ sudo curl -fsSL https://get.docker.com -o get-docker.sh
$ sudo sh get-docker.sh
$ sudo usermod -a -G docker $USER

Introduction

This is how you would create a livable FreeBSD instance on EC2 by hand. The smart thing to do is to automate most of these actions. But I do it this way so you can see and understand all the different techniques. I want to create FreeBSD instances in EC2 and I want some of the management benefits that come from native AWS technologies like CloudWatch. It can be done, but it takes a bit of extra work because FreeBSD isn't Linux, and AWS doesn't directly support FreeBSD.

Prepping in AWS land

Before we go far, we will want some things setup in AWS IAM and VPC. I assume you have already created a VPC, decided what network numbers you're going to use, created a subnet and so on. If you haven't done those basic things, you need to go do them. I also assume you've created an ssh key and uploaded it to your AWS account.

	DEFAULT_BOX = 'ubuntu/focal64'
	WORKER_NODES = 2

	Vagrant.configure(2) do \|config\|
	config.vm.define 'master' do \|master\|
	master.vm.box = DEFAULT_BOX
	master.vm.hostname = 'master'
	master.vm.synced_folder '.', '/vagrant', type: 'virtualbox'
	master.vm.network 'private_network', ip: '192.168.0.200'
	master.vm.provider 'virtualbox' do \|v\|

	# Generic, basic /usr/local/etc/telegraf.conf file for FreeBSD
	# Gathers some basic metrics and transmits them to cloudwatch
	# Be sure to set the region below

	[agent]
	interval = "10s"
	round_interval = true
	metric_batch_size = 1000
	metric_buffer_limit = 10000
	collection_jitter = "0s"

	- name: CALICO_IPV4POOL_CIDR
	value: "172.16.0.0/16"
	- name: IP_AUTODETECTION_METHOD
	value: "interface=eth1"

	[Transport]
	PingInterval=3
	PingTimeout=10
	CompressionLimit=384
	EasyFindId=xxx
	EasyFindPin=zzz
	[General]
	MainFrameWidth=640
	MainFrameHeight=480
	SSLClientCert=