Deploy an ECS cluster using Fargate

To illustrate automated scanning, we will now deploy a sample ECS cluster that scales using Fargate. For the purposes of the lab this will consist of this sample PHP appliction running in a Docker Compose environment - https://hub.docker.com/r/amazon/amazon-ecs-sample.

  1. Create a cluster configuration and create a cluster

    ecs-cli configure --cluster tutorial --default-launch-type FARGATE --config-name tutorial --region us-east-1

ecs-cli up --cluster-config tutorial --ecs-profile tutorial-profile

    The output should show a VPC and two Subnets have been created:-

    INFO[0000] Created cluster                    cluster=tutorial region=us-east-1
INFO[0000] Waiting for your cluster resources to be created...
INFO[0000] Cloudformation stack status       stackStatus=CREATE_IN_PROGRESS
INFO[0060] Cloudformation stack status       stackStatus=CREATE_IN_PROGRESS
VPC created: vpc-046ed77edcd796e19
Subnet created: subnet-045df8f58a51b2291
Subnet created: subnet-0e4623283c4907ea7
Cluster creation succeeded.

  2. We will use a bash script to create our ECS cluster. So first lets instantiate the script by copying and pasting the following commands

    cd /home/ec2-user/environment

curl -s https://gist.githubusercontent.com/johnfitzpatrick/d55097212d9bb4e1442383a5e3339b01/raw/272b0f1a45fa8a54571ebb707b7e7d51e4db0fb5/deploy-amazon-ecs-sample.sh > deploy-amazon-ecs-sample.sh

chmod +x deploy-amazon-ecs-sample.sh

  3. Now run the script deploy-amazon-ecs-sample.sh, copying and pasting the VPC & Subnet values from the above out when prompted

    ./deploy-amazon-ecs-sample.sh

    Note You can subsequently get the VPC and Subnet details requested from the CloudFormation UI

    ECS Cluster

    This script will

    • Retrieve the id of the default security group for the VPC created, and allows inbound access on port 80

    • Create a ecs-params.yml file using the subnets and security group already retrieved. This file should look as follows

      version: 1
task_definition:
    task_execution_role: ecsTaskExecutionRole
    ecs_network_mode: awsvpc
    task_size:
      mem_limit: 0.5GB
      cpu_limit: 256
run_params:
    network_configuration:
      awsvpc_configuration:
        subnets:
          - "subnet-045df8f58a51b2291"
          - "subnet-0e4623283c4907ea7"
        security_groups:
          - "sg-3a1f94b6"
        assign_public_ip: ENABLED

    • Create a docker-compose.yaml to instantiate the image amazon/amazon-ecs-sample. This file looks as follows

      version: '3'
services:
    web:
      image: amazon/amazon-ecs-sample
      ports:
        - "80:80"
      logging:
        driver: awslogs
        options:
          awslogs-group: tutorial
          awslogs-region: us-east-1
          awslogs-stream-prefix: web

      Optionally, for details of this script you can run the following command

      cat ./deploy-amazon-ecs-sample.sh

  4. Once the script has completed you can see details of of the ECS cluster on the Amazon ECS UI

Cluster Tutorial