├── .DS_Store
├── architecture.png
├── docker-jupyter-website
    └── Dockerfile
└── readme.md


/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RoyGeagea/aws-ecs-static-website/acf6ba777e9e179ed10b323fef6dab6fc26552b6/.DS_Store


--------------------------------------------------------------------------------
/architecture.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RoyGeagea/aws-ecs-static-website/acf6ba777e9e179ed10b323fef6dab6fc26552b6/architecture.png


--------------------------------------------------------------------------------
/docker-jupyter-website/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM amazonlinux:latest
 2 | 
 3 | # Install dependencies
 4 | RUN yum update -y && \
 5 |     yum install -y httpd && \
 6 |     yum search wget && \
 7 |     yum install wget -y && \
 8 |     yum install unzip -y
 9 | 
10 | # change directory
11 | RUN cd /var/www/html
12 | 
13 | # download webfiles
14 | RUN wget https://github.com/azeezsalu/jupiter/archive/refs/heads/main.zip
15 | 
16 | # unzip folder
17 | RUN unzip main.zip
18 | 
19 | # copy files into html directory
20 | RUN cp -r jupiter-main/* /var/www/html/
21 | 
22 | # remove unwanted folder
23 | RUN rm -rf jupiter-main main.zip
24 | 
25 | # exposes port 80 on the container
26 | EXPOSE 80
27 | 
28 | # set the default application that will start when the container start
29 | ENTRYPOINT ["/usr/sbin/httpd", "-D", "FOREGROUND"]


--------------------------------------------------------------------------------
/readme.md:
--------------------------------------------------------------------------------
  1 | # AWS - Host static website using Elastic Container Service (ECS)
  2 | 
  3 | ## Overview
  4 | In this Lab, we are going to develop a static website and deploy it using AWS Elastic Container Service. The architecture comprises the following components and services to ensure high availability and fault tolerance:
  5 | ![](architecture.png)
  6 | 
  7 | ## Prerequisites
  8 | - Have basic <b>Docker</b> knowledge
  9 | - Have basic <b>AWS</b> knowledge
 10 | 
 11 | ## Get Started
 12 | 
 13 | ### 1- Create and clone Github Repository 
 14 | 1) Go to the GitHub website: https://github.com/ and sign in to your account.
 15 | 2) Click the New repository button in the upper-right corner of the page.
 16 | 3) Give your repository a name and a description.
 17 | 4) Select the visibility of your repository. You can choose to make it public or private.
 18 | 5) Select whether you want to initialize your repository with a README file.
 19 | 6) Click the Create repository button.
 20 | 7) Clone the Repository to Your Local Machine
 21 | 
 22 | ### 2- Create Dockerfile
 23 | 1) In your project directory, create a new file and name it Dockerfile (without any extension). Make sure your text editor doesn't automatically add a .txt extension.
 24 | 2) Add the below to your Dockerfile
 25 |     ```console
 26 |     FROM amazonlinux:latest
 27 | 
 28 |     # Install dependencies
 29 |     RUN yum update -y && \
 30 |         yum install -y httpd && \
 31 |         yum search wget && \
 32 |         yum install wget -y && \
 33 |         yum install unzip -y
 34 | 
 35 |     # change directory
 36 |     RUN cd /var/www/html
 37 | 
 38 |     # download webfiles
 39 |     RUN wget https://github.com/azeezsalu/jupiter/archive/refs/heads/main.zip
 40 | 
 41 |     # unzip folder
 42 |     RUN unzip main.zip
 43 | 
 44 |     # copy files into html directory
 45 |     RUN cp -r jupiter-main/* /var/www/html/
 46 | 
 47 |     # remove unwanted folder
 48 |     RUN rm -rf jupiter-main main.zip
 49 | 
 50 |     # exposes port 80 on the container
 51 |     EXPOSE 80
 52 | 
 53 |     # set the default application that will start when the container start
 54 |     ENTRYPOINT ["/usr/sbin/httpd", "-D", "FOREGROUND"]
 55 |     ```
 56 | 
 57 | ### 3- Build the Docker Image
 58 | 1) Open your CLI, and navigate to the directory containing your Dockerfile using the cd command.
 59 | 2) Once you're in the correct directory, you can build the Docker image using the docker build command followed by -t and the name (and optionally, a tag) you want to give to your Docker image. Let's name the image `jupiter`. 
 60 |     ```console
 61 |     $ docker build -t jupiter .
 62 |     ```
 63 | To confirm that your Docker image was created successfully, you can list all Docker images on your machine using the `$ docker images` command. You should see your new image listed with the name you assigned it.
 64 | 
 65 | ### 4- Run the Docker Container
 66 | ```console
 67 | docker run -dp 80:80 jupiter
 68 | ```
 69 | 
 70 | ### 5- Test the container
 71 | You can visit the Jupiter website by opening your web browser and navigating to http://localhost:80. 
 72 | This will allow you to access and interact with the Jupiter application deployed within the Docker container.
 73 | 
 74 | ### 6- Create a Repository in ECR
 75 | To create a repository in Amazon Elastic Container Registry (ECR), follow these steps:
 76 | 
 77 | 1) Open the Amazon ECR console at https://console.aws.amazon.com/ecr/.
 78 | 2) In the navigation pane, choose "Repositories"
 79 | 3) Click the "Create repository" button.
 80 | 4) Provide a unique repository name, such as "jupiter" for your ECR repository.
 81 | 5) Optionally, add tags or configure repository settings as needed.
 82 | 6) Click the "Create repository" button to create your ECR repository.
 83 | 
 84 | ### 7- Push the Docker image to ECR
 85 | To push the "jupiter" image to Amazon ECR, follow these steps:
 86 | 1) Create an IAM User with Programmatic Access:
 87 |     - Create an IAM user in the AWS Management Console
 88 |     - Ensure the user has Administrator Access permissions
 89 | 2) Generate an Access Key for the IAM User:
 90 |     - Locate the IAM user for whom you want to generate an  access key and click on their username.
 91 |     - In the "Security credentials" tab, you will see the "Access keys" section. Click on the "Create access key" button.
 92 |     - A dialog box will appear displaying the newly generated access key and secret access key. You can click on the "Show access key" link to view the access key. Note that the secret access key will only be shown once, so make sure to securely store it.
 93 |     - Click on the "Download .csv" button to download a CSV file containing the access key details.
 94 | 3) Configure the AWS CLI to use the access key:
 95 |     - Install the AWS CLI: If you haven't already installed the AWS CLI, you can follow the installation instructions provided by AWS for your operating system. The instructions can be found at: https://aws.amazon.com/cli/
 96 |     - Open a terminal or command prompt on your local machine.
 97 |     - Run the following command to configure the AWS CLI:
 98 |         ```console
 99 |         $ aws configure
100 |         ``````
101 |     - Enter the access key ID when prompted and press Enter.
102 |     - Enter the secret access key when prompted and press Enter.
103 |     - Specify the default region name for your AWS resources. For example, you can enter "us-east-1" for the US East (N. Virginia) region. Press Enter.
104 |     - Specify the default output format. You can choose from options like "json", "text", or "table" Enter your desired option and press Enter.
105 |     - Once you have completed these steps, your AWS CLI is configured to use the access key for authentication. You can now use the AWS CLI commands to interact with your AWS resources.
106 | 4) Push the Docker image to your ECR:
107 |     - Log in to your ECR registry using the AWS CLI by running the following command:
108 |         ```console
109 |         $ aws ecr get-login-password --region <region> | docker login --username AWS --password-stdin <account-id>.dkr.ecr.<region>.amazonaws.com
110 |         ```
111 |         Replace <region> with the AWS region where your ECR repository is located and <account-id> with your AWS account ID. This command retrieves an authentication token and logs you in to the ECR registry.
112 |     - Tag the "jupiter" Docker image with the ECR repository URI. Run the following command:
113 |         ```console
114 |         $ docker tag jupiter:latest <account-id>.dkr.ecr.<region>.amazonaws.com/<repository-name>:latest
115 |         ```
116 |         Replace <account-id> with your AWS account ID, <region> with the AWS region, and <repository-name> with the name of your ECR repository.
117 |     - Push the Docker image to the ECR repository by executing the following command:
118 |         ```console
119 |         $ docker push <account-id>.dkr.ecr.<region>.amazonaws.com/<repository-name>:latest
120 |         ```
121 |         Again, replace <account-id> with your AWS account ID, <region> with the AWS region, and <repository-name> with the name of your ECR repository.
122 |         Wait for the Docker image to be pushed to the ECR repository. The progress will be displayed in the terminal.
123 |         Once the push is completed, your "jupiter" Docker image will be available in your ECR repository. You can now use it for your AWS deployments.
124 | 
125 | ### 8- Create the VPC:
126 | To accomplish this, please refer to the guide provided in the repository located at https://github.com/RoyGeagea/aws-dynamic-website. Follow the instructions up to Step 9, and disregard the creation of the data layer as it is unnecessary for our project.
127 | 
128 | ### 9- Create the security groups
129 | Properly configuring security groups is crucial to maintain the security and integrity of your AWS VPC. In this section, I will guide you through the steps to create and configure security groups for various components within your infrastructure.
130 | 
131 | 1) Creating an ALB Security Group:
132 |     - Open the AWS Management Console and navigate to the Amazon EC2 service.
133 |     - Click on "Security Groups" in the navigation pane and select "Create Security Group"
134 |     - Provide a name for the security group, such as "ALBSecurityGroup"
135 |     - Add inbound rules to allow HTTP (port 80) and HTTPS (port 443) traffic from anywhere (0.0.0.0/0) for the ALB.
136 |     - Save the changes to create the ALB security group.
137 | 3) Creating a ECS Security Group:
138 |     - Repeat the steps to create another security group named "ECSSecurityGroup"
139 |     - Add inbound rules to allow HTTP (port 80) and HTTPS (port 443) traffic from the ALB security group.
140 |     - Save the changes to create the web server security group.
141 | 
142 | ### 10- Create Application Load Balancer
143 | To create an Application Load Balancer (ALB) and the associated target groups, follow these steps:
144 | 1) Open the Amazon EC2 service.
145 | 2) In the navigation pane, under "Load Balancers", select "Target Groups"
146 | 3) Click the "Create target group" button.
147 | 4) Provide a name for your target group, such as "jupiter-target-group".
148 | 5) Configure the target group settings based on our requirements
149 | 6) Click "Create" to create the target group.
150 | 7) Next, to create the ALB, go back to the EC2 service dashboard and select "Load Balancers" in the navigation pane.
151 | 8) Click the "Create Load Balancer" button.
152 | 9) Select "Application Load Balancer" as the load balancer type.
153 | 10) Configure the ALB settings, such as name, listeners, security groups, and availability zones.
154 | 11) In the "Configure Routing" section, select "Existing target group" and choose the previously created target group ("jupiter-target-group").
155 | 12) Complete the remaining configuration steps, such as tags, and review the settings.
156 | 13) Click "Create" to create the ALB.
157 | 
158 | ### 11- Delete the target group
159 | Perhaps you're wondering why this is necessary? Well, in order to create an Application Load Balancer, it is essential to establish a corresponding target group. However, at present, we have not yet set up our ECS environment to create the correspondent target group. Consequently, we need to remove the existing target group. To accomplish this, please follow the subsequent steps:
160 | 1) Go back to the Load balancers page under EC2 service.
161 | 2) Remove the listener from the ALB that is associated with the target group you want to delete.
162 | 
163 | ### 12- Create Fargate ECS Cluster
164 | To create a Fargate ECS cluster, follow these steps:
165 | 1) Open the Amazon ECS service.
166 | 2) In the navigation pane, under "Clusters", click the "Create Cluster" button.
167 | 3) Provide a name for your cluster, such as "jupiter-cluster".
168 | 4) In networking section, select your VPC and the private app subnets you created before.
169 | 5) Under "Infrastructure" section, select "AWS FARGATE (serverless)".
170 | 6) Review the other cluster configuration options and make adjustments if necessary.
171 | 7) Click the "Create" button to create the ECS cluster.
172 | 
173 | ### 13- Create ECS Task Definition
174 | To create an ECS Task Definition using the "jupiter" ECR URI and the Fargate launch type, follow these steps:
175 | 1) Open the Amazon ECS service.
176 | 2) In the navigation pane, under "Task Definitions", click the "Create new Task Definition" button.
177 | 3) Provide a name such as "jupiter-task-definition".
178 | 4) Provide a name for the container, such as "jupiter-container"
179 | 5) Specify the ECR URI for the "jupiter" Docker image in the "Image" field. 
180 | 6) Configure the other settings, for container port choose 80
181 | 7) When you finish, scroll to the bottom then click next
182 | 8) For App environment, Select the launch type compatibility as "Fargate" and click "Next"
183 | 9) Under "Task execution role", AWS can create one for you, just click the dropdown and select "Create new role". The new role will have the below policy:
184 |     ```json
185 |     {
186 |     	"Version": "2012-10-17",
187 |     	"Statement": [{
188 |     		"Effect": "Allow",
189 |     		"Action": [
190 |     			"ecr:GetAuthorizationToken",
191 |     			"ecr:BatchCheckLayerAvailability",
192 |     			"ecr:GetDownloadUrlForLayer",
193 |     			"ecr:BatchGetImage",
194 |     			"logs:CreateLogStream",
195 |     			"logs:PutLogEvents"
196 |     		],
197 |     		"Resource": "*"
198 |     	}]
199 |     }
200 |     ```
201 | 10) Configure the task definition details as needed, such as CPU and memory requirements, networking, logging, and other container-level configurations.
202 | 11) Review the task definition settings and configurations.
203 | 12) Click the "Create" button to create the ECS task definition.
204 | 
205 | ### 14- Create the ECS Service
206 | To create an ECS Service and start the container using the previously created ALB, follow these steps:
207 | 1) Open the Amazon ECS service.
208 | 2) In the navigation pane, under "Clusters", select the cluster you created.
209 | 3) Click the "Create" button to create a new service.
210 | 4) Select Launch type
211 | 5) In the "Launch type" section, select "Fargate".
212 | 6) Under "Task Definition", select the task definition you created earlier, for Revision select 1
213 | 7) For Service name, use "jupiter-ecs-service"
214 | 8) In the "Cluster VPC" section, select the VPC created before.
215 | 9) In the "Subnets" section, select the private application subnets where your ECS tasks will be deployed.
216 | 10) In the "Security groups" section, select the appropriate security group(ECSSecurityGroup) that allow inbound traffic from the ALB.
217 | 11) In the "Load balancer type" section, choose "Application Load Balancer".
218 | 12) In the "Load balancer name" field, select the ALB you previously created.
219 | 13) Configure the listener and target group settings based on the application's requirements.
220 | 14) Specify any additional service settings like desired task count, deployment settings, and load balancer health check settings.
221 | 15) Review the service configuration and click the "Create" button to create the ECS service.
222 | 
223 | Once created, the ECS service will start running the container using the specified task definition and integrate it with the ALB. It will distribute incoming traffic to the container instances running in the private application subnets.
224 | 
225 | ### 15- Test the service
226 | You can now proceed to test the website by utilizing the DNS name of the Application Load Balancer
227 | 
228 | ## Summary
229 | 
230 | The AWS project involved building and deploying a containerized application using Docker and various AWS services. The project included creating a Docker image, pushing it to an Amazon ECR repository, setting up an Application Load Balancer (ALB) for load balancing, creating an ECS cluster using Fargate, defining an ECS task for the containerized application, and creating an ECS service for managing and scaling the container instances. This setup allowed for efficient deployment, load balancing, and scalability of containerized applications in a secure and scalable manner within the AWS environment
231 | 
232 | 
233 | 
234 | 
235 | 
236 | 
237 | 
238 | 
239 | 
240 | 
241 | 
242 | 
243 | 
244 | 
245 | 
246 | 
247 | 
248 | 
249 | 
250 | 
251 | 
252 | 


--------------------------------------------------------------------------------